Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! My Computer have Virus.


  • This topic is locked This topic is locked
5 replies to this topic

#1 tienchien

tienchien

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 03 March 2017 - 02:46 AM

My Computer not run aswmbr, Blue screen when running aswmbr, mod help. Thanks!!!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by No (administrator) on DESKTOP-LC56PPK (03-03-2017 14:36:33)
Running from C:\Users\No\Desktop
Loaded Profiles: No (Available Profiles: defaultuser0 & No)
Platform: Windows 10 Pro Version 1607 (X64) Language: Tiếng Anh (Mỹ)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GridinSoft LLC) C:\Program Files\GridinSoft Anti-Malware\gsam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(BitTorrent Inc.) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-16] (Realtek Semiconductor)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-08-29] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13760208 2017-01-27] (Corsair Components, Inc.)
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-03-02] (Electronic Arts)
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4005944 2017-02-14] (Tonec Inc.)
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\Run: [uTorrent] => C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe [2400960 2017-03-03] (BitTorrent Inc.)
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\MountPoints2: {4840ad68-00a0-11e7-8e54-806e6f6e6963} - "F:\DVDSetup.exe" 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-03-02]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{231a4bc2-cfd0-4567-afde-001d027f4b27}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
 
FireFox:
========
FF HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\No\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\No\AppData\Roaming\IDM\idmmzcc5 [2017-03-03] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-02] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\No\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Trang trình bày) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-03]
CHR Extension: (Google Tài liệu) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-03]
CHR Extension: (YouTube) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-03]
CHR Extension: (IDM Integration Module) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-03-03]
CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-03]
CHR Extension: (Gmail) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]
 
Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-03-03]
OPR Extension: (sailormax) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2017-03-02]
OPR Extension: (Dịch) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2017-03-03]
OPR Extension: (Google™ Translator (web-extension)) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgnebchahhepphmokjeohhoebakpfggp [2017-03-03]
OPR Extension: (IDM Integration Module) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-03-03]
OPR Extension: (AVIM - Bộ Gõ Tiếng Việt) - C:\Users\No\AppData\Roaming\Opera Software\Opera Stable\Extensions\njonppmkekgeojpcoaojecmpebebmelm [2017-03-03]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-03-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-03-02] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-17] (Rivet Networks, LLC.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [43000 2017-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [27640 2017-01-20] (Corsair)
R3 KillerEth; C:\Windows\System32\drivers\e24w10x64.sys [158264 2015-09-11] (Qualcomm Atheros, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-05] (NVIDIA Corporation)
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [128480 2016-10-13] (Samsung Electronics Co., Ltd)
R3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [29456 2017-03-03] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-04 13:19 - 2017-03-04 13:19 - 00524804 _____ C:\Windows\Minidump\030417-3968-01.dmp
2017-03-04 13:19 - 2017-03-04 13:19 - 00381732 _____ C:\Windows\Minidump\030417-8484-01.dmp
2017-03-04 13:19 - 2017-03-03 14:28 - 668779921 _____ C:\Windows\MEMORY.DMP
2017-03-04 13:19 - 2017-03-03 14:28 - 00000000 ____D C:\Windows\Minidump
2017-03-04 13:18 - 2017-03-02 22:50 - 00000000 ____D C:\ProgramData\Norton
2017-03-04 13:18 - 2017-03-02 21:21 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-03-04 13:17 - 2017-03-04 13:19 - 00000000 ____D C:\Users\No\AppData\Local\Google
2017-03-04 13:17 - 2017-03-04 13:17 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-03-04 13:17 - 2017-03-04 13:17 - 00000000 ____D C:\ProgramData\Intel
2017-03-04 13:17 - 2017-03-04 13:17 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-04 13:17 - 2017-03-04 13:17 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-04 13:17 - 2017-03-04 13:17 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2017-03-04 13:17 - 2017-03-02 13:36 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-04 13:17 - 2017-03-02 13:36 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-04 13:17 - 2017-03-02 13:30 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-04 13:17 - 2017-03-02 13:30 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-04 13:16 - 2017-03-04 13:16 - 00003222 _____ C:\Windows\System32\Tasks\NahimicMSIUILauncherRun
2017-03-04 13:16 - 2017-03-04 13:16 - 00002188 _____ C:\Users\Public\Desktop\Nahimic for MSI.lnk
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\Windows\system32\DAX2
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\Users\No\Intel
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\Program Files\Realtek
2017-03-04 13:16 - 2017-03-04 13:16 - 00000000 ____D C:\Program Files\Nahimic
2017-03-04 13:15 - 2015-10-16 08:01 - 72203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-03-04 13:15 - 2015-10-16 08:01 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-03-04 13:15 - 2015-10-16 08:01 - 05774632 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 04628736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-03-04 13:15 - 2015-10-16 08:01 - 04005405 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-03-04 13:15 - 2015-10-16 08:01 - 03299832 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 03154607 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2017-03-04 13:15 - 2015-10-16 08:01 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 02965120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-03-04 13:15 - 2015-10-16 08:01 - 02610208 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 02110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 02028664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 01435152 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 01351992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 01121864 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00961848 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00933640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00888480 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00749000 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00716104 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00596120 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00589072 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2017-03-04 13:15 - 2015-10-16 08:01 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00467160 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00448584 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00341152 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00341152 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00258504 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00224264 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00172584 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-03-04 13:15 - 2015-10-16 08:01 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 13120760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 12986520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 09997848 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 05338936 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 05289952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 03278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 02823280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 02437136 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01395760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01211832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01186160 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00952984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00923752 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00357528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00340648 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-03-04 13:14 - 2015-10-16 08:01 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-03-04 13:13 - 2017-03-04 13:16 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-04 13:13 - 2017-03-04 13:13 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2017-03-04 13:13 - 2017-03-04 13:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-04 13:13 - 2017-03-04 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2017-03-04 13:13 - 2017-03-04 13:13 - 00000000 ____D C:\Program Files\Killer Networking
2017-03-04 13:13 - 2017-03-04 13:13 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-03-04 13:13 - 2017-03-03 00:11 - 00000000 ____D C:\ProgramData\Killer
2017-03-04 13:13 - 2015-10-16 08:01 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 01601944 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00118600 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-03-04 13:13 - 2015-10-16 08:01 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-03-04 13:13 - 2015-06-08 15:13 - 02825944 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-03-04 13:12 - 2017-03-04 13:17 - 00000000 ____D C:\Program Files\Intel
2017-03-04 13:12 - 2017-03-04 13:12 - 00000000 ____D C:\ProgramData\Downloaded Installations
2017-03-04 13:12 - 2017-03-03 11:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-04 13:10 - 2017-03-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-04 13:10 - 2017-03-03 00:15 - 00002414 _____ C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-04 13:10 - 2017-03-03 00:15 - 00000000 ___RD C:\Users\No\OneDrive
2017-03-04 13:09 - 2017-03-04 13:09 - 00000020 ___SH C:\Users\No\ntuser.ini
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 _SHDL C:\Users\No\My Documents
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 _SHDL C:\Users\No\Documents\My Videos
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 _SHDL C:\Users\No\Documents\My Pictures
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 _SHDL C:\Users\No\Documents\My Music
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 ____D C:\Users\No\AppData\Roaming\Adobe
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 ____D C:\Users\No\AppData\Local\VirtualStore
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 ____D C:\Users\No\AppData\Local\TileDataLayer
2017-03-04 13:09 - 2017-03-04 13:09 - 00000000 ____D C:\Users\No\AppData\Local\Publishers
2017-03-04 13:09 - 2017-03-03 14:34 - 01159330 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-04 13:09 - 2017-03-02 22:41 - 00000000 ____D C:\Users\No\AppData\Local\Packages
2017-03-04 13:09 - 2017-03-02 20:55 - 00000000 ____D C:\Users\No\AppData\Local\ConnectedDevicesPlatform
2017-03-04 13:08 - 2017-03-04 13:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-03-04 13:08 - 2017-03-04 13:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-03-04 13:08 - 2017-03-04 13:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-03-04 13:08 - 2017-03-04 13:08 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-03-04 13:08 - 2017-03-03 14:27 - 00000000 ____D C:\Users\No
2017-03-04 13:06 - 2017-03-04 13:06 - 00000000 ____D C:\Windows\CSC
2017-03-04 13:06 - 2016-07-16 18:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-03-04 13:05 - 2017-03-04 13:05 - 00000000 ____D C:\ProgramData\USOShared
2017-03-04 13:04 - 2017-03-04 13:04 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 _SHDL C:\Documents and Settings
2017-03-04 13:04 - 2017-03-04 13:04 - 00000000 ____D C:\Users\defaultuser0
2017-03-04 13:03 - 2017-03-04 13:04 - 00000000 ____D C:\Windows\Panther
2017-03-04 13:03 - 2017-03-04 13:03 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-04 13:03 - 2017-03-04 13:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-04 13:03 - 2017-03-04 13:03 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-04 13:03 - 2017-03-03 14:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 13:03 - 2017-03-03 14:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-03 14:36 - 2017-03-03 14:36 - 00015181 _____ C:\Users\No\Desktop\FRST.txt
2017-03-03 14:34 - 2017-03-03 14:36 - 00000000 ____D C:\FRST
2017-03-03 14:34 - 2017-03-03 14:34 - 02423808 _____ (Farbar) C:\Users\No\Desktop\FRST64.exe
2017-03-03 14:28 - 2017-03-03 14:28 - 00540572 _____ C:\Windows\Minidump\030317-4734-01.dmp
2017-03-03 14:27 - 2017-03-03 14:27 - 00000000 _____ C:\Users\No\defogger_reenable
2017-03-03 14:26 - 2017-03-03 14:26 - 00050477 _____ C:\Users\No\Desktop\Defogger.exe
2017-03-03 14:18 - 2017-03-03 14:18 - 00513308 _____ C:\Windows\Minidump\030317-4828-01.dmp
2017-03-03 14:17 - 2017-03-03 14:17 - 05200384 _____ (AVAST Software) C:\Users\No\Desktop\aswmbr.exe
2017-03-03 13:34 - 2017-03-03 14:29 - 00000000 ____D C:\Users\No\AppData\LocalLow\uTorrent
2017-03-03 13:28 - 2017-03-03 14:35 - 00000000 ____D C:\Users\No\AppData\Roaming\uTorrent
2017-03-03 13:28 - 2017-03-03 13:29 - 00077066 _____ C:\Users\No\Downloads\[torviet.com].Fantastic.Beasts.and.Where.to.Find.Them.2016.1080p.BluRay.x264-DON.torrent
2017-03-03 13:28 - 2017-03-03 13:28 - 00002669 _____ C:\Users\No\Desktop\µTorrent.lnk
2017-03-03 13:28 - 2017-03-03 13:28 - 00002669 _____ C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-03-03 12:23 - 2017-03-03 12:23 - 00000000 ____D C:\Users\No\Documents\Battlefield 1
2017-03-03 12:23 - 2017-03-03 12:23 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-03-03 11:53 - 2017-03-03 11:53 - 00001247 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-03-03 11:53 - 2017-03-03 11:53 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller
2017-03-03 11:53 - 2017-03-03 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
2017-03-03 01:18 - 2017-03-03 01:19 - 00000000 ____D C:\Users\No\AppData\Roaming\MPC-BE
2017-03-03 01:18 - 2017-03-03 01:19 - 00000000 ____D C:\Program Files (x86)\MPC-BE
2017-03-03 01:18 - 2017-03-03 01:18 - 00001154 _____ C:\Users\No\Desktop\MPC-BE.lnk
2017-03-03 01:18 - 2017-03-03 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-BE
2017-03-03 01:05 - 2017-03-03 01:05 - 00000000 ____D C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-03 01:05 - 2017-03-03 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-03 00:26 - 2017-03-03 00:51 - 00000000 ____D C:\Users\No\AppData\LocalLow\Mozilla
2017-03-03 00:26 - 2017-03-03 00:26 - 00000000 ____D C:\Users\No\Desktop\CyberfoxPortable
2017-03-03 00:26 - 2017-03-03 00:26 - 00000000 ____D C:\Users\No\AppData\Roaming\Mozilla
2017-03-03 00:26 - 2017-03-03 00:26 - 00000000 ____D C:\Users\No\AppData\Roaming\8pecxstudios
2017-03-03 00:26 - 2017-03-03 00:26 - 00000000 ____D C:\Users\No\AppData\Local\8pecxstudios
2017-03-03 00:19 - 2017-03-03 00:19 - 00003226 _____ C:\Windows\System32\Tasks\klcp_update
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-03-03 00:13 - 2017-03-03 00:15 - 00003284 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-03 00:13 - 2017-03-03 00:13 - 00000000 ____D C:\Users\No\AppData\Roaming\Skype
2017-03-02 23:45 - 2017-03-02 23:45 - 00000000 ____D C:\Users\No\Doctor Web
2017-03-02 23:37 - 2017-03-02 23:37 - 00003210 _____ C:\Windows\System32\Tasks\NahimicMSIsvc64Run
2017-03-02 23:37 - 2017-03-02 23:37 - 00003202 _____ C:\Windows\System32\Tasks\NahimicMSIsvc32Run
2017-03-02 23:36 - 2017-03-03 00:07 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-03-02 23:32 - 2017-03-03 00:08 - 00000000 ____D C:\ProgramData\RegRun
2017-03-02 23:31 - 2017-03-03 00:08 - 00000000 ____D C:\Users\No\Documents\RegRun2
2017-03-02 23:31 - 2017-03-02 23:31 - 00000002 RSHOT C:\Windows\winstart.bat
2017-03-02 23:31 - 2017-03-02 23:31 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-03-02 23:31 - 2017-03-02 23:31 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-03-02 23:28 - 2017-03-02 23:28 - 00309320 _____ (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2017-03-02 23:25 - 2017-03-02 23:25 - 00000000 ____D C:\KVRT_Data
2017-03-02 23:14 - 2017-03-02 23:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-02 23:11 - 2017-03-02 23:11 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-02 23:07 - 2017-03-02 23:58 - 00000000 ____D C:\Windows\CryptoGuard
2017-03-02 23:06 - 2017-03-03 00:03 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-03-02 23:01 - 2017-03-02 23:01 - 00001091 _____ C:\Users\No\Desktop\RevoUPort.lnk
2017-03-02 22:59 - 2017-03-02 23:07 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-02 22:56 - 2017-03-02 22:56 - 00000000 ____D C:\Program Files\Samsung
2017-03-02 22:51 - 2017-03-02 22:51 - 00000418 _____ C:\DelFix.txt
2017-03-02 22:50 - 2017-03-02 22:50 - 00000000 ____D C:\SWSetup
2017-03-02 22:46 - 2017-03-03 02:04 - 2129848320 _____ C:\Users\No\Downloads\[Fullcrackpc.com] cpy-bf1.iso
2017-03-02 22:37 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-03-02 22:19 - 2017-03-03 11:48 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-03-02 22:18 - 2017-03-03 14:34 - 00000000 ____D C:\Users\No\AppData\Roaming\Origin
2017-03-02 22:18 - 2017-03-02 22:18 - 00001066 _____ C:\Users\Public\Desktop\Origin.lnk
2017-03-02 22:18 - 2017-03-02 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-03-02 22:18 - 2017-03-02 22:18 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-02 22:17 - 2017-03-03 14:28 - 00003368 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2017-03-02 22:17 - 2017-03-03 12:27 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2017-03-02 22:17 - 2017-03-02 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2017-03-02 22:17 - 2017-03-02 22:17 - 00000000 ____D C:\ProgramData\GridinSoft
2017-03-02 22:12 - 2017-03-02 22:12 - 00000000 ____D C:\Users\No\AppData\Local\PeerDistRepub
2017-03-02 22:10 - 2017-03-02 22:10 - 00000000 ____D C:\Users\No\AppData\Roaming\AVG
2017-03-02 22:06 - 2017-03-03 14:29 - 00000000 ____D C:\Users\No\AppData\Local\CrashDumps
2017-03-02 22:04 - 2017-03-02 22:04 - 00000000 ____D C:\Users\No\AppData\Roaming\Corsair
2017-03-02 22:04 - 2017-03-02 22:04 - 00000000 ____D C:\Users\No\AppData\Local\Corsair
2017-03-02 22:03 - 2017-03-02 22:03 - 00001199 _____ C:\Users\Public\Desktop\Corsair Utility Engine.lnk
2017-03-02 22:03 - 2017-03-02 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-03-02 22:03 - 2017-03-02 22:03 - 00000000 ____D C:\Program Files (x86)\Corsair
2017-03-02 22:01 - 2017-03-02 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-03-02 22:00 - 2017-03-03 14:29 - 00000000 ____D C:\ProgramData\Origin
2017-03-02 22:00 - 2017-03-02 22:19 - 00000000 ____D C:\Users\No\AppData\Local\Origin
2017-03-02 22:00 - 2017-03-02 22:00 - 00000000 ____D C:\Users\No\.QtWebEngineProcess
2017-03-02 22:00 - 2017-03-02 22:00 - 00000000 ____D C:\Users\No\.Origin
2017-03-02 21:58 - 2017-03-02 21:58 - 00000000 ____D C:\Users\No\AppData\Local\CEF
2017-03-02 21:26 - 2017-03-02 21:26 - 00000000 ____D C:\Temp
2017-03-02 21:26 - 2017-03-02 21:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-02 21:26 - 2016-09-10 01:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-02 21:26 - 2016-09-10 01:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-03-02 21:26 - 2016-09-10 01:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-02 21:26 - 2016-09-10 01:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-02 21:25 - 2017-03-02 21:25 - 00003942 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1488464700
2017-03-02 21:25 - 2017-03-02 21:25 - 00001166 _____ C:\Users\Public\Desktop\Opera.lnk
2017-03-02 21:25 - 2017-03-02 21:25 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-02 21:25 - 2017-03-02 21:25 - 00000000 ____D C:\Users\No\AppData\Roaming\Opera Software
2017-03-02 21:25 - 2017-03-02 21:25 - 00000000 ____D C:\Users\No\AppData\Local\Opera Software
2017-03-02 21:17 - 2017-03-02 21:25 - 00000000 ____D C:\Program Files\Opera
2017-03-02 21:15 - 2017-03-02 21:16 - 00000000 ____D C:\Users\No\Downloads\Wall
2017-03-02 21:13 - 2017-03-02 21:13 - 00000000 ____D C:\Windows\vi-VN
2017-03-02 21:13 - 2017-03-02 21:13 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2017-03-02 21:13 - 2017-03-02 21:13 - 00000000 ____D C:\Windows\system32\vi-VN
2017-03-02 21:10 - 2017-03-02 21:10 - 00001051 _____ C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-03-02 21:10 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-03-02 21:10 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-03-02 21:10 - 2017-01-05 01:07 - 00042286 _____ C:\Windows\system32\nvinfo.pb
2017-03-02 21:10 - 2016-07-15 19:28 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons002a.dll
2017-03-02 21:10 - 2016-07-15 19:26 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll
2017-03-02 21:10 - 2016-07-15 19:25 - 01747456 _____ (Microsoft Corporation) C:\Windows\system32\MLS3.dll
2017-03-02 21:10 - 2016-07-15 18:45 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons002a.dll
2017-03-02 21:10 - 2016-07-15 18:42 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData002a.dll
2017-03-02 21:10 - 2016-07-15 18:40 - 01700864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS3.dll
2017-03-02 21:09 - 2017-03-02 21:09 - 00000000 ____D C:\NVIDIA
2017-03-02 21:04 - 2017-03-03 14:28 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-02 21:04 - 2017-03-02 21:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-02 21:04 - 2017-03-02 13:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-02 21:04 - 2017-03-02 13:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-02 21:04 - 2017-02-10 09:33 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-03-02 21:04 - 2016-12-29 20:06 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-02 21:04 - 2016-12-29 19:44 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 02477624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-02 21:04 - 2016-12-29 19:44 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-02 21:04 - 2016-12-19 14:26 - 07651057 _____ C:\Windows\system32\nvcoproc.bin
2017-03-02 21:03 - 2017-03-02 13:33 - 00003650 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-03-02 21:01 - 2017-03-02 21:01 - 00000000 ____D C:\Users\No\AppData\Roaming\WinRAR
2017-03-02 21:01 - 2017-03-02 21:01 - 00000000 ____D C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-02 21:01 - 2017-03-02 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-02 21:01 - 2017-03-02 21:01 - 00000000 ____D C:\Program Files\WinRAR
2017-03-02 21:00 - 2017-03-03 13:29 - 00000000 ____D C:\Users\No\AppData\Roaming\DMCache
2017-03-02 21:00 - 2017-03-03 11:51 - 00000000 ____D C:\Users\No\Downloads\Compressed
2017-03-02 21:00 - 2017-03-03 11:45 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-03-02 21:00 - 2017-03-03 01:05 - 00001082 _____ C:\Users\No\Desktop\Internet Download Manager.lnk
2017-03-02 21:00 - 2017-03-03 01:05 - 00000000 ____D C:\Users\No\AppData\Roaming\IDM
2017-03-02 21:00 - 2017-03-02 21:00 - 00000000 ____D C:\Users\No\Downloads\Video
2017-03-02 21:00 - 2017-03-02 21:00 - 00000000 ____D C:\ProgramData\IDM
2017-03-02 20:56 - 2017-03-02 20:56 - 00000000 ____D C:\Users\No\AppData\Roaming\Macromedia
2017-03-02 20:55 - 2017-03-03 13:50 - 00004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2378505-8B2C-4B7C-90AF-51DA78D5950E}
2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ____D C:\Users\No\AppData\Local\Comms
2017-03-02 13:47 - 2017-03-02 22:59 - 00000000 ____D C:\Users\No\AppData\Local\AvgSetupLog
2017-03-02 13:35 - 2017-03-02 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-02 13:35 - 2016-12-29 19:43 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-02 13:23 - 2017-03-02 13:23 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-03-02 13:23 - 2017-03-02 13:23 - 00000000 ____D C:\Users\No\Documents\Rainmeter
2017-03-02 13:23 - 2017-03-02 13:23 - 00000000 ____D C:\Users\No\AppData\Roaming\Rainmeter
2017-03-02 13:23 - 2017-03-02 13:23 - 00000000 ____D C:\Program Files\Rainmeter
2017-02-14 00:14 - 2016-10-17 22:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-04 13:06 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\spool
2017-03-04 13:06 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-04 13:05 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-04 13:05 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-04 13:04 - 2016-07-16 13:04 - 00000000 ____D C:\Windows\system32\Sysprep
2017-03-04 13:03 - 2016-07-16 18:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-03-04 13:03 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-03 12:27 - 2016-07-16 13:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-03-03 03:13 - 2016-12-27 00:06 - 00029456 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2017-03-03 01:49 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\rescache
2017-03-03 01:24 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 23:11 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\NDF
2017-03-02 22:58 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 22:56 - 2016-07-16 18:45 - 00000000 ____D C:\Windows\INF
2017-03-02 22:49 - 2016-07-16 18:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-03-02 22:49 - 2016-07-16 13:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-03-02 22:39 - 2016-07-16 18:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-02 22:18 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-02 22:17 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\Web
2017-03-02 21:26 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-03-02 21:26 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\appcompat
2017-03-02 21:13 - 2016-07-16 21:14 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-03-02 21:13 - 2016-07-16 21:14 - 00000000 ____D C:\Windows\system32\WCN
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\MiracastView
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-02 21:13 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-02 21:04 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\Help
2017-02-10 09:33 - 2016-07-16 21:29 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
 
==================== Files in the root of some directories =======
 
2017-03-04 13:16 - 2017-03-04 13:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-03-02 23:54 - 2017-03-02 23:54 - 0355200 _____ (Sysinternals - www.sysinternals.com) C:\Users\No\AppData\Local\Temp\AKE.exe
2017-03-02 23:04 - 2017-03-02 22:58 - 11581544 _____ (SurfRight B.V.) C:\Users\No\AppData\Local\Temp\HitmanPro.exe
2017-03-02 23:06 - 2017-03-02 23:14 - 11581544 _____ (SurfRight B.V.) C:\Users\No\AppData\Local\Temp\HitmanPro_x64.exe
2017-03-02 22:49 - 2015-07-11 08:06 - 0344232 _____ (Symantec Corporation) C:\Users\No\AppData\Local\Temp\SEVINST64x86.EXE
2017-03-02 23:28 - 2017-03-02 23:28 - 0335944 _____ (BitDefender S.R.L.) C:\Users\No\AppData\Local\Temp\trufos.dll
2017-03-03 01:06 - 2017-03-03 01:06 - 0009216 _____ (Pasi Ruokola) C:\Users\No\AppData\Local\Temp\UnSigner.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-03 01:24
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by No (03-03-2017 14:36:49)
Running from C:\Users\No\Desktop
Windows 10 Pro Version 1607 (X64) (2017-03-04 06:08:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2369109559-4255352668-1661004810-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2369109559-4255352668-1661004810-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2369109559-4255352668-1661004810-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2369109559-4255352668-1661004810-501 - Limited - Disabled)
No (S-1-5-21-2369109559-4255352668-1661004810-1001 - Administrator - Enabled) => C:\Users\No
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
AudioFXSetup (Version: 1.2.701 - Nahimic) Hidden
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.14731 - Electronic Arts)
Corsair Utility Engine (HKLM-x32\...\{D1A3ECB3-18F1-4EB2-9C1B-A83DE1D16976}) (Version: 2.10.71 - Corsair)
CheckDevicesConfigurator (Version: 1.2.701 - Nahimic) Hidden
FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.80 - GridinSoft LLC)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
K-Lite Codec Pack 12.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.5 - KLCP)
LauncherSetup (Version: 1.2.701 - Nahimic) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MPC-BE 1.5.0.2235 (HKLM-x32\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Nahimic for MSI (HKLM-x32\...\{92186aa9-f51d-426c-a276-ca21a47cf8dd}) (Version: 1.2.7 - Nahimic)
NahimicSettingsConfigurator (Version: 1.2.701 - Nahimic) Hidden
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
ProductDaemonSetup (Version: 1.2.701 - Nahimic) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Samsung NVM Express Driver (HKLM-x32\...\{911984db-4e3f-4ad0-91d8-84b0e4f3d904}) (Version: 2.0.0.1607 - Samsung Electronics)
Samsung NVM Express Driver 2.0.0.1607 (Version: 2.0.0.1607 - Samsung Electronics Co., Ltd) Hidden
UIInstallUpgrade (Version: 1.2.701 - Nahimic) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13954F52-D568-4C2C-A648-294BD5FADBCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {15A70D02-714B-4050-89AD-FF9862F266C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {38A64ADC-57D6-4242-8BD3-60DA1C8B80DD} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-08-29] ()
Task: {541E6E28-245E-49CD-A090-F29E2E2D7657} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-21] ()
Task: {55BB2002-4306-4F49-B3DA-350CC610E64B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {6A44984B-6871-4041-9511-1867B12BAAA9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {7530ECED-EE8B-49B0-BB99-68D6CD693619} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [2017-03-03] (GridinSoft LLC)
Task: {75764C97-969F-4118-8F0F-25462D726765} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {78F113C2-A07C-4AB8-9916-AB321C485F18} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-08-29] ()
Task: {7F76AF6E-A05E-42E4-8D37-D4334156854B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {B02EE6FD-FB41-4D23-9AD2-EDD6548FD7CC} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-08-29] ()
Task: {B0E6EE5F-B19C-4CE9-9B52-63959C1D1CE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BB7BB57B-75A3-43DF-AE86-6031BC323A28} - System32\Tasks\Opera scheduled Autoupdate 1488464700 => C:\Program Files\Opera\launcher.exe [2017-02-27] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-05-20 00:11 - 2015-05-20 00:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-03-02 21:04 - 2016-12-29 19:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2015-08-29 09:27 - 2015-08-29 09:27 - 00209888 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2015-08-29 09:27 - 2015-08-29 09:27 - 00297440 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 00130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2017-03-03 03:14 - 2017-03-03 03:14 - 01785344 _____ () C:\Program Files\GridinSoft Anti-Malware\shellext.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 18:43 - 2016-07-16 18:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-20 18:16 - 2017-02-20 18:16 - 00956368 _____ () C:\Program Files\GridinSoft Anti-Malware\libmem.dll
2015-08-29 09:24 - 2015-08-29 09:24 - 00532448 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
2015-08-29 09:24 - 2015-08-29 09:24 - 00816128 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
2015-08-29 09:28 - 2015-08-29 09:28 - 00276992 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
2017-03-02 22:18 - 2017-03-02 22:18 - 00022024 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-03-02 21:25 - 2017-02-27 15:19 - 53908056 _____ () C:\Program Files\Opera\43.0.2442.1144\opera_browser.dll
2017-03-02 21:25 - 2017-02-27 15:19 - 59948632 _____ () C:\Program Files\Opera\43.0.2442.1144\opera_child.dll
2017-03-02 21:25 - 2017-02-27 15:19 - 02559576 _____ () C:\Program Files\Opera\43.0.2442.1144\libglesv2.dll
2017-03-02 21:25 - 2017-02-27 15:19 - 00100952 _____ () C:\Program Files\Opera\43.0.2442.1144\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65621991.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65621991.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-03 00:59 - 2017-03-03 01:02 - 00001162 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2369109559-4255352668-1661004810-1001\Control Panel\Desktop\\Wallpaper -> D:\Wall\river_valley_mountains-wallpaper-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{00D2D768-CF54-4F5E-B60B-E0DBDDF747FF}] => (Allow) C:\Program Files\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{83B79F51-7747-4A45-9B3A-33B93A9B2637}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D9659897-C21B-4157-99F0-A381BD5B56D5}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{B6BA2ADD-EA3C-4C5B-8547-DD0CEDE6FDA8}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{C667404D-A3BB-4BA5-A30E-2C47667C53AA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{911161D2-E925-426A-999C-174DDDC19155}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{AB67CD6B-4FF1-4539-96D4-96645CD98F98}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{7737B1D7-DCA9-4323-A758-7D4F19C0CE5B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{43BFFA34-B312-40BB-8B8F-E10BDF96CE3D}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74D2A77B-65A1-49F9-9821-7E3CB5E72B51}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D4443F2A-6D3C-4A70-B027-C5F53E50C1B5}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B80A232-6986-4D5B-97BF-CFADF1A6195E}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B49FDA97-4C4E-48E6-84E8-53476BB9867C}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA828477-457C-420A-9A5E-056F92590210}] => (Allow) C:\Users\No\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2017 02:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x1954
Faulting application start time: 0x01d293efd9d14daa
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: cce17dbe-8f2a-4f24-b31e-7ca2efd3c3e4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:29:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x1a74
Faulting application start time: 0x01d293efd3d9432b
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: ecd14e35-3e18-4767-9126-f341eb76e807
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IGOProxy64.exe, version: 0.0.0.0, time stamp: 0x5887f415
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000005
Fault offset: 0x0000000000037370
Faulting process id: 0x10bc
Faulting application start time: 0x01d293efd02c85f1
Faulting application path: C:\Program Files (x86)\Origin\IGOProxy64.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 68786f50-8f79-47d4-8c4a-658919a49b26
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IGOProxy64.exe, version: 0.0.0.0, time stamp: 0x5887f415
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000005
Fault offset: 0x0000000000037370
Faulting process id: 0x1504
Faulting application start time: 0x01d293efd052c173
Faulting application path: C:\Program Files (x86)\Origin\IGOProxy64.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 74953bff-3e50-4358-bb47-7a0cdb6d266d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IGOProxy64.exe, version: 0.0.0.0, time stamp: 0x5887f415
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08c03
Exception code: 0xc0000005
Fault offset: 0x0000000000006172
Faulting process id: 0x10bc
Faulting application start time: 0x01d293efd02c85f1
Faulting application path: C:\Program Files (x86)\Origin\IGOProxy64.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
Report Id: 51c71516-8901-46e0-a810-befcede4628f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IGOProxy64.exe, version: 0.0.0.0, time stamp: 0x5887f415
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08c03
Exception code: 0xc0000005
Fault offset: 0x0000000000006172
Faulting process id: 0x1504
Faulting application start time: 0x01d293efd052c173
Faulting application path: C:\Program Files (x86)\Origin\IGOProxy64.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
Report Id: 0bc2baff-335f-4c41-b47a-09578e06eff2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x1788
Faulting application start time: 0x01d293efcca9f17b
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: 6df534ad-5847-471a-9bd4-36f9e70923cd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x1e8c
Faulting application start time: 0x01d293ee78eeb91b
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: 68826347-f421-453f-9e8c-231775ab2700
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:19:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x1cf8
Faulting application start time: 0x01d293ee72f69df4
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: 11623d58-0621-497c-8d44-a4104353bb49
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2017 02:18:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrentie.exe, version: 1.0.0.43295, time stamp: 0x58892622
Faulting module name: NahimicMSIOSD.dll, version: 0.0.0.0, time stamp: 0x55e08afa
Exception code: 0xc0000005
Fault offset: 0x00005eb9
Faulting process id: 0x974
Faulting application start time: 0x01d293ee6cfbe21d
Faulting application path: C:\Users\No\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
Faulting module path: C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
Report Id: 6f2c2162-a3fd-4158-b003-def148e44685
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/03/2017 02:28:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:28:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:28:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:28:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:28:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/03/2017 02:28:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff6fb7dbed9e8, 0x0000000000000000, 0xfffff80ef24d78be, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 2b6700bb-a0f3-445a-a4bd-e9c1f3020af2.
 
Error: (03/03/2017 02:28:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:27:37 PM on ‎3/‎3/‎2017 was unexpected.
 
Error: (03/03/2017 02:18:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:18:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 02:18:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16348.02 MB
Available physical RAM: 13376.82 MB
Total Virtual: 19292.02 MB
Available Virtual: 15884.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.39 GB) (Free:342.91 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:916.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FFFFFFFF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 2F2FD370)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 tienchien

tienchien
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 03 March 2017 - 09:37 AM

I have done nothing wrong, please instruct.


Edited by tienchien, 03 March 2017 - 09:37 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 04 March 2017 - 10:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR Extension: (Thanh toán trên c?a hàng Chrome tr?c tuy?n) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\No\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
==========


Remove Malwarebytes using their removal tool.
https://support.malwarebytes.com/customer/portal/articles/1835311-how-do-i-uninstall-malwarebytes-anti-malware-?b_id=6438

When done please restart the computer normally.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===


Please let me know what problem persists with this computer.

#4 tienchien

tienchien
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 05 March 2017 - 07:47 AM

I'm sorry. My computer will not boot and I installed new windows again.

You can help me.?

 

PhysicalDrive1 is data. Windows from PhysicalDrive0. thank you very much.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Professional
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MSI
System Product Name:		MS-7976
Logical Drives Mask:		0x0000000c

Kernel Drivers (total 170):
  0x0DA87000 \SystemRoot\system32\ntoskrnl.exe
  0x0DA12000 \SystemRoot\system32\hal.dll
  0x0CB74000 \SystemRoot\system32\kd.dll
  0x6F6D0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x6F760000 \SystemRoot\System32\drivers\werkernel.sys
  0x6F770000 \SystemRoot\System32\drivers\CLFS.SYS
  0x6F000000 \SystemRoot\System32\drivers\tm.sys
  0x6F030000 \SystemRoot\system32\PSHED.dll
  0x6F050000 \SystemRoot\system32\BOOTVID.dll
  0x6F060000 \SystemRoot\System32\drivers\FLTMGR.SYS
  0x6F0D0000 \SystemRoot\System32\drivers\msrpc.sys
  0x6F130000 \SystemRoot\System32\drivers\ksecdd.sys
  0x6F160000 \SystemRoot\System32\drivers\clipsp.sys
  0x6F210000 \SystemRoot\System32\drivers\cmimcext.sys
  0x6F220000 \SystemRoot\System32\drivers\ntosext.sys
  0x6F230000 \SystemRoot\system32\CI.dll
  0x6F2D0000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x6F3B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x6F3D0000 \SystemRoot\System32\Drivers\acpiex.sys
  0x6F400000 \SystemRoot\System32\Drivers\WppRecorder.sys
  0x6F410000 \SystemRoot\System32\Drivers\cng.sys
  0x6F4B0000 \SystemRoot\System32\drivers\ACPI.sys
  0x6F570000 \SystemRoot\System32\drivers\WMILIB.SYS
  0x6F590000 \SystemRoot\System32\drivers\intelpep.sys
  0x6F5B0000 \SystemRoot\system32\drivers\WindowsTrustedRT.sys
  0x6F5D0000 \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
  0x6F5E0000 \SystemRoot\System32\drivers\pcw.sys
  0x6F600000 \SystemRoot\System32\drivers\msisadrv.sys
  0x6F610000 \SystemRoot\System32\drivers\pci.sys
  0x6F670000 \SystemRoot\System32\drivers\vdrvroot.sys
  0x6F690000 \SystemRoot\system32\drivers\pdc.sys
  0x6F7E0000 \SystemRoot\system32\drivers\CEA.sys
  0x700D0000 \SystemRoot\System32\drivers\partmgr.sys
  0x70100000 \SystemRoot\System32\drivers\spaceport.sys
  0x70190000 \SystemRoot\System32\drivers\volmgr.sys
  0x6F800000 \SystemRoot\System32\drivers\volmgrx.sys
  0x6F860000 \SystemRoot\System32\drivers\mountmgr.sys
  0x6F880000 \SystemRoot\System32\drivers\stornvme.sys
  0x6F8A0000 \SystemRoot\System32\drivers\storport.sys
  0x6F930000 \SystemRoot\System32\drivers\iaStorA.sys
  0x6FE00000 \SystemRoot\System32\drivers\EhStorClass.sys
  0x6FE20000 \SystemRoot\System32\drivers\fileinfo.sys
  0x6FE40000 \SystemRoot\System32\Drivers\Wof.sys
  0x6FE80000 \SystemRoot\system32\drivers\WdFilter.sys
  0x70CB0000 \SystemRoot\System32\Drivers\NTFS.sys
  0x70EF0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x70200000 \SystemRoot\system32\drivers\ndis.sys
  0x70330000 \SystemRoot\system32\drivers\NETIO.SYS
  0x703B0000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x703E0000 \SystemRoot\System32\drivers\tcpip.sys
  0x70660000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x706D0000 \SystemRoot\System32\drivers\wfplwfs.sys
  0x70700000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x707B0000 \SystemRoot\System32\drivers\volume.sys
  0x707C0000 \SystemRoot\System32\drivers\volsnap.sys
  0x70830000 \SystemRoot\System32\drivers\rdyboost.sys
  0x70880000 \SystemRoot\System32\Drivers\mup.sys
  0x708B0000 \SystemRoot\system32\drivers\iorate.sys
  0x708D0000 \SystemRoot\System32\drivers\disk.sys
  0x708F0000 \SystemRoot\System32\drivers\CLASSPNP.SYS
  0x70980000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x70A80000 \SystemRoot\system32\drivers\filecrypt.sys
  0x70AA0000 \SystemRoot\system32\drivers\tbs.sys
  0x70AB0000 \SystemRoot\System32\Drivers\Null.SYS
  0x70AC0000 \SystemRoot\System32\Drivers\Beep.SYS
  0x70AD0000 \SystemRoot\System32\drivers\BasicDisplay.sys
  0x70AF0000 \SystemRoot\System32\drivers\watchdog.sys
  0x71A60000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x71C80000 \SystemRoot\System32\drivers\BasicRender.sys
  0x71CA0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x71CC0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x71CD0000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x71D00000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x71D10000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x71D60000 \SystemRoot\system32\drivers\afd.sys
  0x71600000 \SystemRoot\system32\DRIVERS\ndisrfl.sys
  0x71610000 \SystemRoot\System32\drivers\vwififlt.sys
  0x71630000 \SystemRoot\System32\drivers\pacer.sys
  0x71660000 \SystemRoot\system32\drivers\netbios.sys
  0x71680000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x71700000 \SystemRoot\system32\drivers\csc.sys
  0x71790000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x717B0000 \SystemRoot\System32\drivers\npsvctrig.sys
  0x717C0000 \SystemRoot\System32\drivers\mssmbios.sys
  0x717D0000 \SystemRoot\System32\drivers\gpuenergydrv.sys
  0x717E0000 \SystemRoot\System32\Drivers\dfsc.sys
  0x71830000 \SystemRoot\system32\DRIVERS\ahcache.sys
  0x71870000 \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
  0x71890000 \SystemRoot\System32\drivers\kdnic.sys
  0x718A0000 \SystemRoot\System32\drivers\umbus.sys
  0x72A00000 \SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys
  0x734B0000 \SystemRoot\System32\drivers\USBXHCI.SYS
  0x73520000 \SystemRoot\system32\drivers\ucx01000.sys
  0x73560000 \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
  0x73590000 \SystemRoot\system32\drivers\SpbCx.sys
  0x735B0000 \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  0x718C0000 \SystemRoot\System32\drivers\e2xw10x64.sys
  0x718F0000 \SystemRoot\System32\drivers\iaLPSS2_UART2.sys
  0x71940000 \SystemRoot\system32\drivers\SerCx2.sys
  0x71970000 \SystemRoot\System32\drivers\HDAudBus.sys
  0x71990000 \SystemRoot\System32\drivers\portcls.sys
  0x71A00000 \SystemRoot\System32\drivers\drmk.sys
  0x70B10000 \SystemRoot\System32\drivers\ks.sys
  0x71A30000 \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
  0x70B80000 \SystemRoot\System32\Drivers\msgpioclx.sys
  0x735F0000 \SystemRoot\System32\drivers\wmiacpi.sys
  0x70BB0000 \SystemRoot\System32\drivers\intelppm.sys
  0x71A50000 \SystemRoot\System32\drivers\acpipagr.sys
  0x71810000 \SystemRoot\System32\drivers\UEFI.sys
  0x71820000 \SystemRoot\System32\drivers\NdisVirtualBus.sys
  0x70BE0000 \SystemRoot\System32\drivers\swenum.sys
  0x70BF0000 \SystemRoot\System32\drivers\iwdbus.sys
  0x70C00000 \SystemRoot\System32\drivers\CorsairVBusDriver.sys
  0x70C10000 \SystemRoot\System32\drivers\rdpbus.sys
  0x70C30000 \SystemRoot\System32\drivers\HIDCLASS.SYS
  0x70C60000 \SystemRoot\System32\drivers\HIDPARSE.SYS
  0x70F00000 \SystemRoot\System32\drivers\UsbHub3.sys
  0x70F90000 \SystemRoot\System32\drivers\USBD.SYS
  0x70FA0000 \SystemRoot\System32\drivers\kbdhid.sys
  0x70FB0000 \SystemRoot\System32\drivers\kbdclass.sys
  0x6FED0000 \SystemRoot\system32\DRIVERS\HdAudio.sys
  0x70FD0000 \SystemRoot\system32\drivers\ksthunk.sys
  0x6FF40000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
  0x70010000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x70A40000 \SystemRoot\System32\drivers\usbccgp.sys
  0x70C80000 \SystemRoot\System32\drivers\hidusb.sys
  0x70CA0000 \SystemRoot\System32\drivers\mouhid.sys
  0x70FE0000 \SystemRoot\System32\drivers\mouclass.sys
  0x709A0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x709D0000 \SystemRoot\System32\Drivers\dump_stornvme.sys
  0x70A10000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0xA43C0000 \SystemRoot\System32\win32k.sys
  0xA4950000 \SystemRoot\System32\win32kfull.sys
  0xA4400000 \SystemRoot\System32\win32kbase.sys
  0x71E00000 \SystemRoot\System32\drivers\dxgmms2.sys
  0x71EB0000 \SystemRoot\System32\drivers\monitor.sys
  0xA4590000 \SystemRoot\System32\TSDDD.dll
  0xA45A0000 \SystemRoot\System32\cdd.dll
  0x71EC0000 \SystemRoot\system32\drivers\luafv.sys
  0x71EF0000 \SystemRoot\system32\drivers\wcifs.sys
  0x71F10000 \SystemRoot\system32\drivers\storqosflt.sys
  0x71F30000 \SystemRoot\system32\drivers\wcnfs.sys
  0x71F50000 \SystemRoot\System32\drivers\registry.sys
  0x71F70000 \SystemRoot\system32\drivers\lltdio.sys
  0x71F90000 \SystemRoot\system32\drivers\mslldp.sys
  0x71FB0000 \SystemRoot\system32\drivers\rspndr.sys
  0x71FD0000 \SystemRoot\system32\drivers\HTTP.sys
  0x720E0000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x72110000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x72190000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x721D0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x721F0000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x72240000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x72300000 \SystemRoot\system32\drivers\peauth.sys
  0x723D0000 \SystemRoot\system32\drivers\mmcss.sys
  0x725B0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x723F0000 \SystemRoot\system32\drivers\Ndu.sys
  0x70070000 \SystemRoot\system32\DRIVERS\idmwfp.sys
  0x700B0000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x74110000 \SystemRoot\System32\DRIVERS\srv.sys
  0x741A0000 \SystemRoot\System32\drivers\condrv.sys
  0x741C0000 \SystemRoot\System32\drivers\tunnel.sys
  0x73600000 \SystemRoot\system32\Drivers\WdNisDrv.sys
  0x73630000 \SystemRoot\system32\DRIVERS\BTHUSB.sys
  0x73650000 \SystemRoot\system32\DRIVERS\bthport.sys
  0x73750000 \SystemRoot\system32\DRIVERS\BthLEEnum.sys
  0x73810000 \SystemRoot\System32\drivers\rfcomm.sys
  0x73850000 \SystemRoot\System32\drivers\BthEnum.sys
  0x738B0000 \SystemRoot\System32\drivers\bthpan.sys
  0x738E0000 \SystemRoot\System32\drivers\CorsairVHidDriver.sys

Processes (total 55):
       0 System Idle Process
       4 System
     408 C:\Windows\System32\smss.exe
     516 csrss.exe
     596 C:\Windows\System32\wininit.exe
     604 csrss.exe
     688 C:\Windows\System32\winlogon.exe
     696 C:\Windows\System32\services.exe
     736 C:\Windows\System32\lsass.exe
     836 C:\Windows\System32\svchost.exe
     900 C:\Windows\System32\svchost.exe
    1020 dwm.exe
     108 C:\Windows\System32\svchost.exe
     808 C:\Windows\System32\svchost.exe
     856 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
    1556 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\svchost.exe
    1772 C:\Windows\System32\spoolsv.exe
    1968 C:\Windows\System32\svchost.exe
    1992 C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
    2012 Memory Compression
    2052 C:\Windows\System32\svchost.exe
    2100 C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
    2120 C:\Program Files\Windows Defender\MsMpEng.exe
    2168 C:\Windows\System32\sihost.exe
    2084 C:\Windows\System32\svchost.exe
    2560 C:\Windows\System32\taskhostw.exe
    1680 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
    2756 C:\Windows\System32\RuntimeBroker.exe
    3184 C:\Windows\explorer.exe
    3480 C:\Windows\System32\SearchIndexer.exe
    3628 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    3800 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    4312 C:\Program Files\Windows Defender\NisSrv.exe
    4948 C:\Windows\System32\audiodg.exe
    1892 C:\Program Files\Windows Defender\MSASCuiL.exe
    5260 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    5368 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    5564 C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
    5708 fontdrvhost.exe
    3232 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1708 C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
     908 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    1388 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    3080 C:\Windows\System32\SearchProtocolHost.exe
    6112 C:\Windows\System32\SearchFilterHost.exe
    4964 C:\Windows\System32\smartscreen.exe
    4472 dllhost.exe
    1788 dllhost.exe
    3264 C:\Users\No\Desktop\MBRCheck.exe
    6000 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`23700000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00008000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNG MZVKW512HMJP-00000, Rev: CXA7100Q
PhysicalDrive1 Model Number: WDCWD10EZEX-07M2NA1, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    476 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    931 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by No (administrator) on DESKTOP-II91K7H (05-03-2017 19:48:55)
Running from C:\Users\No\Desktop
Loaded Profiles: No (Available Profiles: defaultuser0 & No)
Platform: Windows 10 Pro Version 1607 (X64) Language: Tiếng Anh (Mỹ)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13760208 2017-01-27] (Corsair Components, Inc.)
HKU\S-1-5-21-1553038078-159095257-2181309123-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4019312 2017-02-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5bd1113-3ecf-488e-ad6b-85cf6abf9d84}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1553038078-159095257-2181309123-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.vn/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: xut3zgls.default
FF ProfilePath: C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default [2017-03-05]
FF Homepage: Mozilla\Firefox\Profiles\xut3zgls.default -> hxxps://www.google.com.vn/
FF Extension: (Firefox All Aboard 1.6) - C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default\Extensions\@all-aboard-v1-6 [2017-03-05]
FF Extension: (Google Translator for Firefox) - C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default\Extensions\translator@zoli.bod.xpi [2017-03-05]
FF Extension: (AVIM) - C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default\Extensions\{2B8EFF80-1240-11DB-BF6C-934CD2EFDFE8} [2017-03-05]
FF Extension: (Adblock Plus) - C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-05]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\No\AppData\Roaming\Mozilla\Firefox\Profiles\xut3zgls.default\features\{a435b2b0-98c7-4a71-b4c4-2cf27e0bfd8b}\disableSHA1rollout@mozilla.org.xpi [2017-03-05]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1553038078-159095257-2181309123-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1553038078-159095257-2181309123-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\No\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\No\AppData\Roaming\IDM\idmmzcc5 [2017-03-05] [not signed]
FF HKU\S-1-5-21-1553038078-159095257-2181309123-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-02] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-02] (Intel Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-02] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [43000 2017-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [27640 2017-01-20] (Corsair)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [287032 2016-10-27] (Intel Corporation)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-02] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 08:27 - 2017-03-06 08:27 - 00000000 ____D C:\Windows\CSC
2017-03-06 08:27 - 2017-03-06 08:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-06 08:27 - 2017-03-05 17:45 - 00000000 ___RD C:\Users\No\OneDrive
2017-03-06 08:27 - 2016-07-16 18:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-03-06 08:26 - 2017-03-06 08:26 - 00000020 ___SH C:\Users\No\ntuser.ini
2017-03-06 08:26 - 2017-03-06 08:26 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\No\My Documents
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\No\Documents\My Videos
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\No\Documents\My Pictures
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\No\Documents\My Music
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\No\AppData\Roaming\Adobe
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\No\AppData\Local\VirtualStore
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\No\AppData\Local\TileDataLayer
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\No\AppData\Local\Publishers
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\No\AppData\Local\ConnectedDevicesPlatform
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\Users\defaultuser0
2017-03-06 08:26 - 2017-03-06 08:26 - 00000000 ____D C:\ProgramData\USOShared
2017-03-06 08:26 - 2017-03-05 18:48 - 00000000 ____D C:\Users\No\AppData\Local\Packages
2017-03-06 08:26 - 2017-03-05 18:03 - 00000000 ____D C:\Users\No
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 _SHDL C:\Documents and Settings
2017-03-06 08:25 - 2017-03-06 08:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-06 08:25 - 2017-03-05 19:34 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 08:24 - 2017-03-06 08:25 - 00000000 ____D C:\Windows\Panther
2017-03-06 08:24 - 2017-03-06 08:24 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-06 08:24 - 2017-03-05 19:34 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-06 08:24 - 2017-03-05 17:48 - 00194208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-05 19:48 - 2017-03-05 19:49 - 00010063 _____ C:\Users\No\Desktop\FRST.txt
2017-03-05 19:48 - 2017-03-05 19:48 - 02423808 _____ (Farbar) C:\Users\No\Desktop\FRST64.exe
2017-03-05 18:45 - 2017-03-05 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-05 18:41 - 2017-03-05 18:41 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-05 18:38 - 2017-03-05 19:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-05 18:38 - 2017-03-05 18:38 - 00000000 ____D C:\Users\No\AppData\Roaming\Malwarebytes
2017-03-05 18:23 - 2017-03-05 18:23 - 00000000 ____D C:\Users\No\AppData\Local\PeerDistRepub
2017-03-05 18:03 - 2017-03-05 19:48 - 00000000 ____D C:\FRST
2017-03-05 18:00 - 2017-03-05 18:00 - 695502286 _____ C:\Windows\MEMORY.DMP
2017-03-05 18:00 - 2017-03-05 18:00 - 00671132 _____ C:\Windows\Minidump\030517-3531-01.dmp
2017-03-05 18:00 - 2017-03-05 18:00 - 00000000 ____D C:\Windows\Minidump
2017-03-05 17:56 - 2017-03-05 17:56 - 00003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-03-05 17:56 - 2017-03-05 17:56 - 00000000 ____D C:\Users\No\AppData\Roaming\FFSJ
2017-03-05 17:53 - 2017-03-05 17:53 - 00000000 ____D C:\Users\No\AppData\Roaming\WinRAR
2017-03-05 17:53 - 2017-03-05 17:53 - 00000000 ____D C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-05 17:53 - 2017-03-05 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-05 17:53 - 2017-03-05 17:53 - 00000000 ____D C:\Program Files\WinRAR
2017-03-05 17:47 - 2017-03-05 17:47 - 00000000 ____D C:\Windows\vi-VN
2017-03-05 17:47 - 2017-03-05 17:47 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2017-03-05 17:47 - 2017-03-05 17:47 - 00000000 ____D C:\Windows\system32\vi-VN
2017-03-05 17:45 - 2017-03-05 17:45 - 00001047 _____ C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-03-05 17:45 - 2016-07-15 19:28 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons002a.dll
2017-03-05 17:45 - 2016-07-15 19:26 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll
2017-03-05 17:45 - 2016-07-15 19:25 - 01747456 _____ (Microsoft Corporation) C:\Windows\system32\MLS3.dll
2017-03-05 17:45 - 2016-07-15 18:45 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons002a.dll
2017-03-05 17:45 - 2016-07-15 18:42 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData002a.dll
2017-03-05 17:45 - 2016-07-15 18:40 - 01700864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS3.dll
2017-03-05 17:43 - 2017-03-05 17:43 - 00001199 _____ C:\Users\Public\Desktop\Corsair Utility Engine.lnk
2017-03-05 17:43 - 2017-03-05 17:43 - 00000000 ____D C:\Users\No\AppData\Roaming\Corsair
2017-03-05 17:43 - 2017-03-05 17:43 - 00000000 ____D C:\Users\No\AppData\Local\Corsair
2017-03-05 17:43 - 2017-03-05 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-03-05 17:43 - 2017-03-05 17:43 - 00000000 ____D C:\Program Files (x86)\Corsair
2017-03-05 17:40 - 2017-03-05 19:35 - 00000000 ____D C:\Users\No\AppData\LocalLow\Mozilla
2017-03-05 17:40 - 2017-03-05 17:40 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-05 17:40 - 2017-03-05 17:40 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-05 17:40 - 2017-03-05 17:40 - 00000000 ____D C:\Users\No\AppData\Roaming\Mozilla
2017-03-05 17:40 - 2017-03-05 17:40 - 00000000 ____D C:\Users\No\AppData\Local\Mozilla
2017-03-05 17:40 - 2017-03-05 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-05 17:40 - 2017-03-05 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-05 17:39 - 2017-03-05 17:39 - 00003866 _____ C:\Windows\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7
2017-03-05 17:39 - 2017-03-05 17:39 - 00003738 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-03-05 17:39 - 2017-03-05 17:39 - 00003632 _____ C:\Windows\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon
2017-03-05 17:37 - 2017-03-05 17:37 - 00000000 ____D C:\Users\No\AppData\Roaming\Skype
2017-03-05 17:37 - 2017-03-05 17:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 17:35 - 2017-03-05 17:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-03-05 17:34 - 2017-03-05 19:34 - 00000000 __SHD C:\Users\No\IntelGraphicsProfiles
2017-03-05 17:34 - 2017-03-05 17:39 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-05 17:34 - 2017-03-05 17:34 - 00000000 ____D C:\Users\No\AppData\Local\Comms
2017-03-05 17:34 - 2017-03-05 17:34 - 00000000 ____D C:\Intel
2017-03-05 17:34 - 2017-03-05 17:34 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2017-03-05 17:34 - 2016-11-02 14:05 - 00113672 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-03-05 17:33 - 2017-03-05 17:41 - 00000000 ____D C:\ProgramData\Intel
2017-03-05 17:33 - 2017-03-05 17:39 - 00000000 ____D C:\Program Files\Intel
2017-03-05 17:33 - 2017-03-05 17:33 - 00873428 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-05 17:33 - 2017-03-05 17:33 - 00000000 ____D C:\Users\No\Intel
2017-03-05 17:33 - 2017-03-05 17:33 - 00000000 ____D C:\Users\No\AppData\Roaming\Intel Corporation
2017-03-05 17:32 - 2017-03-05 19:40 - 00961452 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-05 17:31 - 2017-03-05 19:24 - 00000000 ____D C:\Users\No\AppData\Roaming\DMCache
2017-03-05 17:31 - 2017-03-05 17:33 - 00000000 ____D C:\Users\No\Downloads\Compressed
2017-03-05 17:31 - 2017-03-05 17:32 - 00000000 ____D C:\Users\No\AppData\Roaming\IDM
2017-03-05 17:31 - 2017-03-05 17:31 - 00001078 _____ C:\Users\No\Desktop\Internet Download Manager.lnk
2017-03-05 17:31 - 2017-03-05 17:31 - 00000000 ____D C:\Users\No\Downloads\Video
2017-03-05 17:31 - 2017-03-05 17:31 - 00000000 ____D C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-05 17:31 - 2017-03-05 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-05 17:31 - 2017-03-05 17:31 - 00000000 ____D C:\ProgramData\IDM
2017-03-05 17:31 - 2017-03-05 17:31 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-03-05 17:30 - 2017-03-05 18:40 - 00004160 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9DE24A71-C52C-4CDA-A04F-3129AFDD5104}
2017-03-05 17:30 - 2017-03-05 17:30 - 00000000 ____D C:\Users\No\AppData\Local\MicrosoftEdge
2017-03-05 16:07 - 2016-09-28 17:15 - 00162120 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\e2xw10x64.sys
2017-02-14 00:14 - 2016-10-17 22:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 08:28 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\spool
2017-03-06 08:28 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-06 08:26 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-06 08:26 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-06 08:25 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-06 08:25 - 2016-07-16 13:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-03-06 08:25 - 2016-07-16 13:04 - 00000000 ____D C:\Windows\system32\Sysprep
2017-03-06 08:24 - 2016-07-16 18:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-03-05 19:34 - 2016-07-16 18:45 - 00000000 ____D C:\Windows\INF
2017-03-05 19:21 - 2016-07-16 13:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-03-05 19:08 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-05 18:43 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-05 17:51 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\rescache
2017-03-05 17:47 - 2016-07-16 21:14 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-03-05 17:47 - 2016-07-16 21:14 - 00000000 ____D C:\Windows\system32\WCN
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\MiracastView
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-05 17:47 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-05 17:47 - 2016-07-16 18:36 - 00000000 ____D C:\Windows\CbsTemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 18:23

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by No (05-03-2017 19:49:14)
Running from C:\Users\No\Desktop
Windows 10 Pro Version 1607 (X64) (2017-03-06 01:26:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1553038078-159095257-2181309123-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1553038078-159095257-2181309123-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1553038078-159095257-2181309123-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1553038078-159095257-2181309123-501 - Limited - Disabled)
No (S-1-5-21-1553038078-159095257-2181309123-1001 - Administrator - Enabled) => C:\Users\No

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Corsair Utility Engine (HKLM-x32\...\{D1A3ECB3-18F1-4EB2-9C1B-A83DE1D16976}) (Version: 2.10.71 - Corsair)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (x32 Version: 3.4.2072 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1553038078-159095257-2181309123-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\No\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1553038078-159095257-2181309123-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\No\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1553038078-159095257-2181309123-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\No\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0150A499-839B-4081-B10A-07CFB47C2C47} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {089DB181-62F2-41F4-9F9A-C99C9D355FA7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {22621805-289C-470C-8172-E7391B3B0B76} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4CF2E830-A871-4539-9F4F-39BA7E370CDE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {66A5082A-E247-4D35-A688-FD96696C3051} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {A9AC5AE6-B51F-46CE-B34F-AF7EB1EA675F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B989B3C3-5590-489B-9CFF-6CEFE1795F34} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {F0B9CF98-79A3-4CFE-8E86-3895B04ECA6A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 00107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 00412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 00130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2016-07-16 18:42 - 2016-07-16 18:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 18:43 - 2016-07-16 18:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 18:43 - 2016-07-16 21:28 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 00253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2017-01-27 17:11 - 2017-01-27 17:11 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-01-27 17:10 - 2017-01-27 17:10 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-01-27 17:09 - 2017-01-27 17:09 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-12-01 12:37 - 2016-12-01 12:37 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-12-01 12:37 - 2016-12-01 12:37 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2016-10-20 01:28 - 2016-10-20 01:28 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 18:47 - 2016-07-16 18:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1553038078-159095257-2181309123-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6121BC76-9AEA-457F-BA44-858A7424DBAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71EB8F9A-C23E-461C-B2B2-CBA87A6C4B91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

05-03-2017 17:33:31 IIF_MSI

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 07:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 15.2.0.1020, time stamp: 0x57d81123
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57898e34
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x15d4
Faulting application start time: 0x01d295ad26413e3d
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: aa44db22-b277-4c37-ac85-d2f35a6c7eed
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/05/2017 07:36:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at IAStorDataMgrSvcInterfaces.PublisherService..cctor()

Exception Info: System.TypeInitializationException
   at IAStorDataMgrSvcInterfaces.PublisherService.set_ServerPlatform(Boolean)
   at IAStorDataMgr.EventRelay.<Start>b__12_0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/05/2017 07:35:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 15.2.0.1020, time stamp: 0x57d81121
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57898e34
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x2e8
Faulting application start time: 0x01d295ad0903db15
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: b813b909-7e15-4e5f-8531-bae218e02fca
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/05/2017 07:35:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()

Error: (03/05/2017 07:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 15.2.0.1020, time stamp: 0x57d81123
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57898e34
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x138c
Faulting application start time: 0x01d295aaa7e7d07a
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: fd0ecc3a-68ed-4ba0-895b-0a6e2b85dc28
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/05/2017 07:18:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at IAStorDataMgrSvcInterfaces.PublisherService..cctor()

Exception Info: System.TypeInitializationException
   at IAStorDataMgrSvcInterfaces.PublisherService.set_ServerPlatform(Boolean)
   at IAStorDataMgr.EventRelay.<Start>b__12_0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/05/2017 07:18:26 PM) (Source: FidoAppletDLL) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/05/2017 07:18:25 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (03/05/2017 07:18:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 15.2.0.1020, time stamp: 0x57d81121
Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57898e34
Exception code: 0xe0434352
Fault offset: 0x000d96c2
Faulting process id: 0x13a0
Faulting application start time: 0x01d295aa8ae2abe5
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 0bcfbc6e-c716-45ee-9076-68b8e0f4d4c3
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/05/2017 07:18:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()


System errors:
=============
Error: (03/05/2017 07:36:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/05/2017 07:35:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel(R) Online Connect Helper service.

Error: (03/05/2017 07:34:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:34:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:34:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:34:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:34:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:23:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:18:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/05/2017 07:17:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel(R) Online Connect Helper service.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16272.83 MB
Available physical RAM: 14149.4 MB
Total Virtual: 19216.83 MB
Available Virtual: 17122.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.39 GB) (Free:451.04 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:921.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 07FCC358)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FFFFFFFF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Edited by tienchien, 05 March 2017 - 07:50 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 05 March 2017 - 08:59 AM

Your logs are clean.

Any remaining issues?

#6 tienchien

tienchien
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 06 March 2017 - 05:45 AM

Your logs are clean.

Any remaining issues?

I thing not!!!

 

Thanks for the support. I will donate.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users