Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help infected with winvmx client


  • This topic is locked This topic is locked
3 replies to this topic

#1 Noah1

Noah1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 23 May 2017 - 12:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by dowz_000 (administrator) on NOAH (23-05-2017 11:24:19)
Running from C:\Users\dowz_000.000\Documents
Loaded Profiles: dowz_000 (Available Profiles: Noah & dowz_000 & LT.Noah & Administrator & Guest & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(My Digital Life Forums) C:\Windows\KMSServerService\KMS Server Service.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\System32\tprdpw32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Predator-Usb) C:\Program Files\Predator3\PredatorACM.exe
() C:\Users\dowz_000.000\AppData\Local\Temp\WS\realtek_amd64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\tv_x64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(winscr) C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\winscr\winscr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Lenovo) C:\Users\dowz_000.000\AppData\Local\Apps\2.0\ZLNJ2YZ7.3VA\9L0DWOWA.MR5\lsb...tion_2d7b41b05b24775e_0001.0006_6e55c1acac1ba44a\LSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-02-10] (Autodesk, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-26] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28734456 2017-05-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKLM-x32\...\Run: [Braina] => "C:\Program Files (x86)\Braina\Braina.exe" -tray
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
HKLM-x32\...\Run: [cpx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM\...\Winlogon: [LegalNoticeCaption] This computer system is the property of Noah Dausey and is authorised use by Noah Dausey and authorised people only. This computer is under a Non-disclosure agreement. It is the user's responsibility to LOG OFF IMMEDIATELY if you aren't authorised. Unauthorised access of this system and it's files will break the Non-disclosure agreement and may result in criminal penalties.
HKLM\...\Winlogon: [LegalNoticeText] Logon Warning 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [36864 2007-06-29] (IGN Entertainment Inc.)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-04-27] ()
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048312 2017-05-17] (Electronic Arts)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Akamai NetSession Interface] => C:\Users\dowz_000.000\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-04-20] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\HYPERS~1.SCR [584192 2017-04-25] ()
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-10-17]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3475408241-2161465828-3712585331-1003] => ftp=ftp://ftpgate:21
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{03BCEF60-5D2D-4304-A1DD-40E133AF8978}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4730A65A-459F-469F-8E3F-9F0EB0627075}: [DhcpNameServer] 172.21.1.21 172.21.1.22
Tcpip\..\Interfaces\{F65DE22A-85B2-477F-8AFA-83ADA2EA4539}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131359804848848898&GUID=513E32BF-D9BF-4BD8-B5A9-9550F59A55C6
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131359804848857863&GUID=513E32BF-D9BF-4BD8-B5A9-9550F59A55C6
HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {923895FF-4DE1-4E06-A1FC-3CC9209C6908} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {923895FF-4DE1-4E06-A1FC-3CC9209C6908} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3475408241-2161465828-3712585331-1003 -> {923895FF-4DE1-4E06-A1FC-3CC9209C6908} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3475408241-2161465828-3712585331-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/"
CHR DefaultSearchURL: Default -> hxxp://feed.combo-search.com?st=ds&q={searchTerms}&publisher=combosearch&barcodeid=516940000000000
CHR DefaultSearchKeyword: Default -> Combo Search
CHR Profile: C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default [2017-05-23]
CHR Extension: (Google Slides) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-20]
CHR Extension: (Google Docs) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-20]
CHR Extension: (Advanced Font Settings) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2017-03-20]
CHR Extension: (Tampermonkey) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-23]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2017-04-24]
CHR Extension: (VTchromizer) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2017-05-03]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-05-09]
CHR Extension: (Google Sheets) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-20]
CHR Extension: (Default) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gahmocfokfjkhbokmdelkodhjjkjkope [2017-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-20]
CHR Extension: (AdBlock) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-05-23]
CHR Extension: (Binger) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihngfhjjlpneihgjggelbegdefmfapam [2017-04-24]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
CHR Profile: C:\Users\dowz_000.000\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-07]
CHR HKU\S-1-5-21-3475408241-2161465828-3712585331-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-01-23] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-04-20] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-04-20] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-04-20] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 Dataup; C:\Users\dowz_000.000\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-16] (Dropbox, Inc.)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 ftpsvc; C:\WINDOWS\system32\inetsrv\ftpsvc.dll [372736 2017-04-18] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-07] (Hewlett-Packard Company) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [16896 2017-04-18] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 KMSServerService; C:\WINDOWS\KMSServerService\KMS Server Service.exe [236032 2017-05-10] (My Digital Life Forums) [File not signed]
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2016-01-22] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2162064 2017-05-17] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920 2017-05-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-04-27] (Overwolf LTD)
R2 PredatorACM; C:\Program Files\Predator3\PredatorACM.exe [56832 2017-02-05] (Predator-Usb) [File not signed]
R2 realtek_amd64; C:\Users\dowz_000.000\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-04-18] () [File not signed] <==== ATTENTION
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-02-05] (IDT, Inc.) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2010-02-26] (Intel Corporation)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\dowz_000.000\AppData\Local\mypjrwkg\ct.exe [947200 2017-03-29] (Google Inc.) [File not signed] <==== ATTENTION
S3 WMSVC; C:\WINDOWS\system32\inetsrv\wmsvc.exe [10752 2017-04-18] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ADSPIDEREX; C:\Windows\system32\drivers\adspiderex.sys [55664 2015-12-27] ((주)디지탈온넷)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-04-20] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-04-20] (Bluestack System Inc. )
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-02-27] (LogMeIn Inc.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\neo_vpn.sys [30504 2016-12-20] (PureVPN)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42064 2016-12-29] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-15] (Oracle Corporation)
S1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-15] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2017-05-23] ()
S1 ffrtyttw; \??\C:\WINDOWS\system32\drivers\ffrtyttw.sys [X]
S1 fvzskiis; \??\C:\WINDOWS\system32\drivers\fvzskiis.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 11:27 - 2017-05-23 11:27 - 00002000 _____ C:\Users\dowz_000.000\Documents\renvss.cmd
2017-05-23 11:27 - 2017-05-23 11:27 - 00002000 _____ C:\Users\dowz_000.000\Documents\renvss.bat
2017-05-23 11:24 - 2017-05-23 11:25 - 00038618 _____ C:\Users\dowz_000.000\Documents\FRST.txt
2017-05-23 11:24 - 2017-05-23 11:24 - 00000000 ____D C:\FRST
2017-05-23 11:23 - 2017-05-23 11:23 - 02429952 _____ (Farbar) C:\Users\dowz_000.000\Documents\FRST64.exe
2017-05-23 10:30 - 2017-05-23 10:30 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2017-05-23 09:21 - 2017-05-23 09:21 - 05101744 _____ (Enigma Software Group USA, LLC.) C:\Users\dowz_000.000\Documents\RegHunter-Installer.exe
2017-05-22 14:39 - 2017-05-22 14:39 - 05766464 _____ (Zemana Ltd. ) C:\Users\dowz_000.000\Documents\eXplorer (1).exe
2017-05-22 14:39 - 2017-05-22 14:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dowz_000.000\Documents\rkill (1).com
2017-05-22 14:39 - 2017-05-22 14:39 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\dowz_000.000\Documents\iExplore64.exe
2017-05-22 14:39 - 2017-05-22 14:39 - 00000002 _____ C:\Users\dowz_000.000\Desktop\Rkill.txt
2017-05-22 14:38 - 2017-05-22 14:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dowz_000.000\Documents\iExplore.exe
2017-05-22 14:37 - 2017-05-22 14:37 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\dowz_000.000\Documents\SpyHunter-Installer (1).exe
2017-05-22 11:41 - 2017-05-22 11:41 - 05103792 _____ (Enigma Software Group USA, LLC.) C:\Users\dowz_000.000\Documents\SpyHunter-Installer.exe
2017-05-22 11:36 - 2017-05-22 11:36 - 05766464 _____ (Zemana Ltd. ) C:\Users\dowz_000.000\Documents\eXplorer.exe
2017-05-22 11:35 - 2017-05-22 11:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dowz_000.000\Documents\rkill.com
2017-05-17 14:51 - 2017-05-17 15:12 - 00001109 _____ C:\Users\dowz_000.000\Documents\World histoy essay.txt
2017-05-17 13:17 - 2017-05-17 13:17 - 00000000 ____D C:\Users\dowz_000.000\Documents\h2o-3.10.0.10
2017-05-17 13:14 - 2017-05-17 13:17 - 190585389 _____ C:\Users\dowz_000.000\Documents\h2o-3.10.0.10.zip
2017-05-17 13:14 - 2017-05-17 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-17 10:43 - 2017-05-17 10:43 - 00037893 _____ C:\Users\dowz_000.000\AppData\Roaming\Comma Separated Values.ADR
2017-05-17 10:35 - 2017-05-17 10:35 - 00039588 _____ C:\Users\dowz_000.000\Documents\contacts.csv
2017-05-17 09:18 - 2017-05-17 09:20 - 201561864 _____ (MiKTeX.org) C:\Users\dowz_000.000\Documents\basic-miktex-2.9.6326-x64.exe
2017-05-17 09:16 - 2017-05-17 09:16 - 22293504 _____ C:\Users\dowz_000.000\Documents\pandoc-1.19.2.1-windows.msi
2017-05-17 09:13 - 2017-05-17 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-05-17 09:12 - 2017-05-17 09:14 - 00000000 ____D C:\Program Files (x86)\Python36-32
2017-05-17 09:12 - 2017-05-17 09:12 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Package Cache
2017-05-17 08:57 - 2017-05-17 09:00 - 00000000 ____D C:\Users\dowz_000.000\Documents\chatterbot-corpus-0.0.1
2017-05-17 08:57 - 2016-12-31 16:37 - 00000000 ____D C:\Users\dowz_000.000\Documents\nltk-3.2.2
2017-05-17 08:57 - 2016-12-29 13:36 - 00000000 ____D C:\Users\dowz_000.000\Documents\jsondatabase-0.1.7
2017-05-17 08:56 - 2017-05-17 08:59 - 00000000 ____D C:\Users\dowz_000.000\Documents\python-twitter-3.2.1
2017-05-17 08:56 - 2016-11-29 14:34 - 00000000 ____D C:\Users\dowz_000.000\Documents\pymongo-3.4.0
2017-05-17 08:16 - 2017-05-17 13:19 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\JxBrowser
2017-05-17 08:16 - 2017-05-17 08:18 - 00000000 ____D C:\Users\dowz_000.000\Pearson
2017-05-17 08:16 - 2017-05-17 08:16 - 00001094 _____ C:\Users\Public\Desktop\TestNav.lnk
2017-05-17 08:16 - 2017-05-17 08:16 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Pearson
2017-05-17 08:16 - 2017-05-17 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson
2017-05-17 08:15 - 2017-05-17 08:15 - 00000000 ____D C:\Program Files (x86)\TestNav
2017-05-16 16:01 - 2017-05-16 16:01 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-05-16 13:28 - 2017-05-16 13:28 - 00000000 ____D C:\Users\dowz_000.000\Documents\ChatterBot-master
2017-05-16 13:27 - 2017-05-16 13:27 - 02032433 _____ C:\Users\dowz_000.000\Documents\ChatterBot-master.zip
2017-05-16 13:17 - 2017-05-16 13:19 - 00000777 _____ C:\Users\dowz_000.000\Documents\Gedibot AI.py
2017-05-14 11:32 - 2017-05-14 11:33 - 119605528 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\msert.exe
2017-05-11 12:32 - 2017-05-11 12:32 - 00000000 ____D C:\Users\dowz_000.000\Documents\Custom Office Templates
2017-05-11 12:08 - 2017-05-11 11:33 - 00000938 _____ C:\Users\dowz_000.000\Documents\usblock.reg
2017-05-11 12:08 - 2017-05-11 11:18 - 00000938 _____ C:\Users\dowz_000.000\Documents\usbunlock.reg
2017-05-11 09:14 - 2017-05-11 09:14 - 00003856 _____ C:\WINDOWS\System32\Tasks\outlook
2017-05-10 21:03 - 2017-05-12 10:11 - 00000000 ____D C:\Users\dowz_000.000\Desktop\commands
2017-05-10 20:32 - 2017-05-10 20:32 - 04127544 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\setupo365homepremretail.x86.en-us_ (2).exe
2017-05-10 20:31 - 2017-05-10 20:31 - 04127544 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\setupo365homepremretail.x86.en-us_ (1).exe
2017-05-10 20:03 - 2017-05-10 20:03 - 00000000 __SHD C:\Users\dowz_000.000\AppData\LocalLow\EmieUserList
2017-05-10 20:03 - 2017-05-10 20:03 - 00000000 __SHD C:\Users\dowz_000.000\AppData\LocalLow\EmieSiteList
2017-05-10 20:03 - 2017-05-10 20:03 - 00000000 __SHD C:\Users\dowz_000.000\AppData\LocalLow\EmieBrowserModeList
2017-05-10 13:13 - 2017-05-10 13:13 - 00000000 ____D C:\Users\dowz_000.000\Documents\Outlook Files
2017-05-10 13:09 - 2017-05-10 13:09 - 00000000 ____D C:\496715b7b57e044926e3
2017-05-10 11:38 - 2017-05-10 11:38 - 04181816 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\setupo365homepremretail.x86.en-us_.exe
2017-05-10 11:27 - 2017-05-10 11:27 - 00000000 ____D C:\WINDOWS\KMSServerService
2017-05-10 11:22 - 2017-05-23 10:44 - 00003754 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-05-10 11:22 - 2017-05-10 13:06 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-05-10 11:20 - 2017-05-10 11:30 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-05-10 11:19 - 2015-10-20 20:06 - 57195008 _____ () C:\Users\dowz_000.000\Downloads\Microsoft Toolkit v2.exe
2017-05-10 11:15 - 2017-05-10 11:18 - 56270082 _____ C:\Users\dowz_000.000\Downloads\Microsoft Toolkit v2.rar
2017-05-09 09:23 - 2017-05-09 09:24 - 00000000 ____D C:\Users\dowz_000.000\Desktop\Personal
2017-05-09 08:06 - 2017-05-09 08:06 - 48435872 _____ (LispWorks Ltd) C:\Users\dowz_000.000\Downloads\LispWorksPersonal61.exe
2017-05-09 08:01 - 2017-05-09 08:01 - 00000000 ____D C:\Users\dowz_000.000\Downloads\A_I_Progra1981713202006
2017-05-08 17:12 - 2017-05-08 17:12 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2017-05-08 17:12 - 2017-05-08 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ Build Tools
2017-05-08 17:12 - 2017-05-08 17:12 - 00000000 ____D C:\Program Files\Application Verifier
2017-05-08 17:12 - 2017-05-08 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual C++ Build Tools
2017-05-08 17:12 - 2017-05-08 17:12 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2017-05-08 17:10 - 2017-05-08 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-05-08 17:09 - 2017-05-08 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-05-08 17:08 - 2017-05-08 17:09 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-05-08 13:33 - 2017-05-08 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-05-08 13:32 - 2017-05-08 13:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-05-08 13:03 - 2017-05-08 13:03 - 03287928 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\visualcppbuildtools_full.exe
2017-05-08 13:01 - 2017-05-08 13:01 - 00033852 _____ C:\Users\dowz_000.000\Downloads\A_I_Progra1981713202006.zip
2017-05-08 12:56 - 2017-05-08 12:56 - 15301888 _____ (Microsoft Corporation) C:\Users\dowz_000.000\Downloads\vc_redist.x64.exe
2017-05-08 12:54 - 2017-05-08 12:54 - 00002694 _____ C:\Users\dowz_000.000\Downloads\F2VFZZZI5NS5YSM.zip
2017-05-08 12:54 - 2017-05-08 12:54 - 00000000 ____D C:\Users\dowz_000.000\Downloads\F2VFZZZI5NS5YSM
2017-05-08 11:19 - 2017-05-08 11:19 - 108619006 _____ C:\Users\dowz_000.000\Downloads\MOAC_PowerPoint_2013.pdf
2017-05-03 15:28 - 2017-05-03 15:28 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-03 10:55 - 2017-05-03 10:55 - 00003094 _____ C:\WINDOWS\System32\Tasks\{5ADF504B-CD8A-42F6-BAAF-BE330E096D0C}
2017-05-03 09:56 - 2017-05-08 09:44 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-01 11:15 - 2017-05-01 11:15 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-05-01 11:14 - 2017-05-02 12:27 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Battle.net
2017-05-01 11:14 - 2017-05-01 11:14 - 00000966 _____ C:\Users\Public\Desktop\Blizzard App.lnk
2017-05-01 11:14 - 2017-05-01 11:14 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Blizzard Entertainment
2017-05-01 11:14 - 2017-05-01 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-05-01 11:13 - 2017-05-02 10:44 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-05-01 11:12 - 2017-05-01 11:15 - 00000000 ____D C:\Users\dowz_000.000\AppData\Roaming\Battle.net
2017-05-01 11:11 - 2017-05-01 11:12 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-01 10:21 - 2017-05-01 10:21 - 00000000 ____D C:\Users\dowz_000.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Batchrun
2017-05-01 10:20 - 2017-05-01 10:37 - 00000000 ____D C:\Program Files (x86)\Batchrun
2017-04-28 12:49 - 2017-04-28 12:49 - 00000902 _____ C:\Users\dowz_000.000\Documents\new 1.txt
2017-04-28 08:08 - 2017-04-28 08:08 - 00000000 ____D C:\Program Files (x86)\Starfield Screensaver
2017-04-27 14:14 - 2017-04-27 14:14 - 00000000 ____D C:\5501353330dd9605057728cbfa87
2017-04-26 10:15 - 2017-04-26 10:17 - 00000000 ____D C:\Program Files (x86)\ntuserlitelist
2017-04-25 11:01 - 2017-04-25 11:00 - 00584192 _____ C:\WINDOWS\Hyperspace.scr
2017-04-25 11:00 - 2017-04-25 11:00 - 00000000 ____D C:\Users\dowz_000.000\Downloads\Hyperspace
2017-04-25 10:57 - 2017-04-25 10:57 - 00001847 _____ C:\Users\Noah.000\Desktop\Cosmic Voyage - Run.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001847 _____ C:\Users\LT.Noah\Desktop\Cosmic Voyage - Run.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001847 _____ C:\Users\Guest.000\Desktop\Cosmic Voyage - Run.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001847 _____ C:\Users\Administrator\Desktop\Cosmic Voyage - Run.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001063 _____ C:\Users\Noah.000\Desktop\Cosmic Voyage - Cfg.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001063 _____ C:\Users\LT.Noah\Desktop\Cosmic Voyage - Cfg.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001063 _____ C:\Users\Guest.000\Desktop\Cosmic Voyage - Cfg.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00001063 _____ C:\Users\Administrator\Desktop\Cosmic Voyage - Cfg.lnk
2017-04-25 10:57 - 2017-04-25 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cosmic Voyage
2017-04-25 10:57 - 2017-04-25 10:57 - 00000000 ____D C:\Program Files (x86)\Cosmic Voyage
2017-04-25 10:57 - 2006-03-10 13:53 - 00913408 _____ C:\WINDOWS\SysWOW64\Cosmic Voyage.exe
2017-04-25 10:57 - 2005-01-10 19:51 - 00040960 _____ C:\WINDOWS\SysWOW64\Cosmic Voyage.scr
2017-04-25 10:33 - 2017-04-25 10:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2017-04-25 10:21 - 2017-04-25 21:29 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Reflector 2
2017-04-25 10:21 - 2017-04-25 10:21 - 00000000 ____D C:\ProgramData\Reflector 2
2017-04-25 10:20 - 2017-04-25 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 2
2017-04-25 10:20 - 2017-04-25 10:20 - 00000000 ____D C:\Program Files\Reflector 2
2017-04-24 21:27 - 2017-04-24 21:27 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-04-24 21:23 - 2017-04-24 21:27 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-04-24 21:23 - 2017-04-20 03:10 - 00000000 ____D C:\ProgramData\BlueStacks
2017-04-24 07:59 - 2017-04-24 07:59 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-24 07:59 - 2017-04-24 07:59 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-04-24 07:59 - 2017-04-24 07:59 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2017-04-24 07:59 - 2017-04-24 07:59 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\AuthenTec
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 11:09 - 2016-10-15 13:52 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-23 11:07 - 2017-02-18 12:24 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\LogMeIn Hamachi
2017-05-23 11:06 - 2017-04-03 10:40 - 00000000 ____D C:\Users\dowz_000.000\AppData\LocalLow\AuthenTec
2017-05-23 10:38 - 2017-04-20 12:46 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\ntuserlitelist
2017-05-23 10:38 - 2016-09-23 18:50 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3475408241-2161465828-3712585331-1003
2017-05-23 10:31 - 2016-12-26 14:31 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\TSVNCache
2017-05-23 10:30 - 2013-10-17 13:46 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2017-05-23 10:30 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-05-23 10:28 - 2017-04-11 13:58 - 00000374 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2017-05-23 10:28 - 2016-10-15 13:52 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-23 10:27 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-23 10:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-23 09:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-23 09:49 - 2017-04-04 09:55 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{263AB1FB-DCCD-4618-B08A-B24A84AB43B3}
2017-05-23 09:42 - 2017-04-18 20:49 - 00000000 __SHD C:\Users\dowz_000\IntelGraphicsProfiles
2017-05-23 09:42 - 2017-04-18 20:21 - 00000000 ___RD C:\Users\dowz_000.000\OneDrive
2017-05-23 09:20 - 2017-04-20 09:55 - 00000000 ____D C:\Program Files\KMSpico
2017-05-23 08:02 - 2017-03-20 15:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-22 09:08 - 2017-04-01 17:54 - 00003174 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordowz_000
2017-05-22 09:08 - 2017-04-01 17:54 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordowz_000.job
2017-05-22 08:00 - 2017-04-18 19:25 - 00000000 ____D C:\Users\dowz_000.000
2017-05-18 13:54 - 2016-11-22 15:16 - 00000000 ____D C:\ProgramData\Origin
2017-05-18 12:28 - 2016-09-26 17:16 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-18 12:24 - 2016-11-21 17:56 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Ubisoft Game Launcher
2017-05-18 12:17 - 2016-11-22 15:18 - 00000000 ____D C:\Users\dowz_000.000\AppData\Roaming\Origin
2017-05-18 10:35 - 2016-12-29 13:38 - 00000000 ____D C:\Users\dowz_000.000\Documents\BeamNG.drive
2017-05-18 10:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-17 15:16 - 2017-02-17 11:55 - 00000000 ____D C:\Users\dowz_000.000\Desktop\test commands
2017-05-17 15:14 - 2017-03-07 10:54 - 00000000 ____D C:\Users\dowz_000.000\Desktop\CoraAI
2017-05-17 15:12 - 2017-03-07 11:32 - 00037770 _____ C:\Users\dowz_000.000\Desktop\Cora.cmd
2017-05-17 13:15 - 2016-10-15 13:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-17 09:45 - 2016-11-22 15:18 - 00000000 ____D C:\Program Files (x86)\Origin
2017-05-17 09:13 - 2013-10-17 13:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-17 08:16 - 2016-08-30 09:42 - 00000000 ____D C:\Users\dowz_000.000\.oracle_jre_usage
2017-05-14 11:51 - 2016-10-22 11:50 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-12 12:48 - 2017-04-18 19:25 - 00000000 ____D C:\Users\DefaultAppPool
2017-05-11 12:12 - 2013-12-24 20:58 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Packages
2017-05-11 09:43 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-10 20:37 - 2013-05-24 16:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-10 13:09 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-10 10:38 - 2016-10-17 07:01 - 00000000 ____D C:\Users\dowz_000.000\AppData\Roaming\TeamViewer
2017-05-09 11:21 - 2017-04-18 17:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-09 08:06 - 2017-01-20 10:51 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Downloaded Installations
2017-05-08 17:08 - 2017-04-18 22:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-05 14:06 - 2016-09-28 14:54 - 00007601 _____ C:\Users\dowz_000.000\AppData\Local\resmon.resmoncfg
2017-05-05 12:51 - 2017-03-07 12:19 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 15:27 - 2016-10-17 09:56 - 693531497 _____ C:\WINDOWS\MEMORY.DMP
2017-05-03 11:12 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-05-03 11:00 - 2017-04-20 12:41 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-03 10:57 - 2017-04-21 13:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-03 10:57 - 2017-04-11 13:06 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2017-05-03 07:59 - 2017-03-17 13:15 - 00000000 ____D C:\Program Files (x86)\FileZilla Server
2017-05-02 21:46 - 2016-11-12 16:12 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-02 12:48 - 2014-11-21 03:43 - 01009716 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-01 10:41 - 2017-03-07 11:38 - 00000000 ____D C:\commands
2017-04-28 14:08 - 2017-03-17 15:12 - 00000000 ____D C:\Program Files\O16UE6T2Y4
2017-04-28 12:46 - 2016-10-04 14:34 - 00000000 ____D C:\Users\dowz_000.000\Documents\Arma 3
2017-04-28 10:22 - 2017-04-18 20:28 - 00009940 __RSH C:\ProgramData\ntuser.pol
2017-04-27 10:11 - 2017-03-17 15:11 - 00000000 ____D C:\Program Files\VHK5GIBA0X
2017-04-24 21:27 - 2013-08-22 10:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-24 21:26 - 2016-11-12 16:11 - 00000000 ____D C:\Users\dowz_000.000\AppData\Local\Bluestacks
2017-04-24 07:59 - 2017-04-18 19:25 - 00000000 ____D C:\Users\Administrator
2017-04-24 07:59 - 2012-08-03 17:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2017-05-17 10:43 - 2017-05-17 10:43 - 0037893 _____ () C:\Users\dowz_000.000\AppData\Roaming\Comma Separated Values.ADR
2016-11-24 01:34 - 2017-01-30 09:04 - 0000353 _____ () C:\Users\dowz_000.000\AppData\Roaming\WB.CFG
2017-03-22 17:09 - 2017-03-29 10:09 - 0000600 _____ () C:\Users\dowz_000.000\AppData\Local\PUTTY.RND
2016-09-28 14:54 - 2017-05-05 14:06 - 0007601 _____ () C:\Users\dowz_000.000\AppData\Local\resmon.resmoncfg
2016-12-09 21:03 - 2017-04-15 04:29 - 0000552 _____ () C:\Users\dowz_000.000\AppData\Local\TroubleshooterConfig.json
2017-04-20 12:29 - 2017-04-20 12:29 - 0002048 _____ () C:\Users\dowz_000.000\AppData\Local\uninstallro.exe
 
Files to move or delete:
====================
C:\Users\dowz_000.000\Cora.bat
 
 
Some files in TEMP:
====================
2017-04-20 12:25 - 2017-04-20 12:28 - 0061440 _____ (The Gentee Group) C:\Users\dowz_000.000\AppData\Local\Temp\genteert.dll
2017-05-10 11:24 - 2017-05-10 11:24 - 1042784 _____ (Microsoft Corporation) C:\Users\dowz_000.000\AppData\Local\Temp\PidGenX.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-09 11:21
 
==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   117.73KB   1 downloads


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:11 PM

Posted 23 May 2017 - 05:45 PM

Welcome :)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:11 PM

Posted 27 May 2017 - 03:20 PM

Are you still with us?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:11 PM

Posted 07 June 2017 - 06:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users