Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible DNS Hijack and stolen information


  • This topic is locked This topic is locked
2 replies to this topic

#1 xia0_king

xia0_king

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 12 July 2017 - 07:02 AM

Few weeks ago, I've connected to a friend's home wifi and later found out that his network has been DNS hijack and his devices has all been hijacked. I suspected my device - laptop has been affected too and tried to reset it using the Windows 10 reset option. After resetting it, everything went haywire, i could not even access CMD command on my laptop and the laptop seems to be getting weird such as open ports etc. I assume my home desktop has been affected too. I tried running my own Bitdefender scan but it did not pick up anything. I than research and found RogueKiller and other apps and found out there were quite a few infections on my desktop while i am running RogueKiller - still running while I am typing this paragraph. I than run FBRT tools and attached below is the log. My android phone was also hacked, I had to send for warranty and told me that my phone's motherboard has to be replaced, no explanation given - never root before. Factory reset my router too.

 

Initially, i tried to make a bootable DVD through my desktop using the USB Downloader tool and Windows 7 ISO. When i tried to run it on my laptop. It froze and my guts told me that something was wrong. Would require assistance to look at the log to see if anything has gone wrong. I just factory reset my router and change the password.

 

Below is attached of my log of my desktop for FBRT and RogueKiller after fixing using RogueKiller . Would make another thread for my laptop after this desktop is fixed. I am prepared to lose any personal data. Would be trying to reformat my desktop later on.

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by xia0_ (administrator) on ZHIQIANG-PC (12-07-2017 19:55:51)
Running from C:\Users\xia0_\Downloads
Loaded Profiles: xia0_ (Available Profiles: defaultuser0 & xia0_)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\syswow64\vmnetdhcp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(VMware, Inc.) C:\Windows\syswow64\vmnat.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
() C:\Program Files\Reason\Security\rsLggr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\xia0_\Downloads\RogueKiller_portable64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1022928 2017-05-22] (MSI)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [15375312 2017-06-21] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Run: [Discord] => C:\Users\xia0_\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Run: [Spotify] => C:\Users\xia0_\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-12] (Spotify Ltd)
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Run: [Spotify Web Helper] => C:\Users\xia0_\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-12] (Spotify Ltd)
GroupPolicyScripts: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87ec348b-4cb1-490c-87b1-27c6bcd6a28d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{87ec348b-4cb1-490c-87b1-27c6bcd6a28d}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-04-20] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-04-20] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-04-20] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-04-20] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf - No CLSID Value
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-04-21]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-04-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-12-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\xia0_\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\xia0_\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xia0_\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\xia0_\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] ()
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2283984 2017-06-21] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [174032 2017-04-28] (MSI)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-04] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-05-09] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178824 2017-05-09] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-04-19] (Razer Inc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-07-12] ()
R2 rsService; C:\Program Files\Reason\Security\rsService.exe [252696 2017-06-28] (Reason Software Company Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-14] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-04-28] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-01-12] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-04-20] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1442896 2017-05-30] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-30] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [879600 2017-05-30] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 dg_ssudbus; C:\Windows\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R0 Ignis; C:\Windows\system32\DRIVERS\ignis.sys [305120 2017-03-15] (Bitdefender)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 Neo_VPN; C:\Windows\System32\drivers\neo_vpn.sys [29744 2016-12-20] (PureVPN)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-06-14] (CACE Technologies, Inc.)
R3 NTIOLib_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [14288 2017-03-15] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_274d0ab8ee30c459\nvlddmkm.sys [14847088 2017-04-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-04] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-05-04] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [963056 2017-05-17] (Realtek                                            )
S3 rzbtendpt; C:\Windows\System32\drivers\rzbtendpt.sys [51736 2016-06-23] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-09-01] (Razer Inc)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36368 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [43544 2016-06-23] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [43544 2016-06-23] (Razer Inc)
S3 SDGame; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 SDGame; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 ssudcdf; C:\Windows\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43648 2016-07-22] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-12] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R2 vmparport; C:\Windows\system32\DRIVERS\vmparport.sys [49216 2017-03-21] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [36832 2017-06-23] (Wellbia.com Co., Ltd.)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-05-09] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 19:55 - 2017-07-12 19:55 - 00022745 _____ C:\Users\xia0_\Downloads\FRST.txt
2017-07-12 19:30 - 2017-07-12 19:55 - 00043574 _____ C:\Users\xia0_\Downloads\Addition.txt
2017-07-12 19:28 - 2017-07-12 19:55 - 00000000 ____D C:\FRST
2017-07-12 19:27 - 2017-07-12 19:28 - 02435584 _____ (Farbar) C:\Users\xia0_\Downloads\FRST64.exe
2017-07-12 19:08 - 2017-07-12 19:08 - 00002236 _____ C:\Users\xia0_\Desktop\Tweaking.com - Windows Repair.lnk
2017-07-12 19:07 - 2017-07-12 19:08 - 00190978 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-07-12 19:07 - 2017-07-12 19:07 - 00003774 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-07-12 19:07 - 2017-07-12 19:07 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-12 19:07 - 2017-07-12 19:07 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-12 19:05 - 2017-07-12 19:05 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-12 19:05 - 2017-07-12 19:05 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-12 18:52 - 2017-07-12 18:52 - 02984912 _____ C:\Users\xia0_\Downloads\SecurityTaskManager_Setup.exe
2017-07-12 18:52 - 2017-07-12 18:52 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-07-12 18:52 - 2017-07-12 18:52 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-07-12 18:52 - 2017-07-12 18:52 - 00001208 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-07-12 18:52 - 2017-07-12 18:52 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-07-12 18:49 - 2017-07-12 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-12 18:49 - 2017-07-12 18:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 18:49 - 2017-07-12 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-12 18:48 - 2017-07-12 19:14 - 00000000 ____D C:\Users\xia0_\Desktop\mbar
2017-07-12 18:48 - 2017-07-12 18:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\xia0_\Downloads\mbar-1.09.3.1001.exe
2017-07-12 18:48 - 2017-07-12 18:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-12 18:45 - 2017-07-12 19:07 - 34869800 _____ (Tweaking.com) C:\Users\xia0_\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-07-12 18:45 - 2017-07-12 19:05 - 26468936 _____ C:\Users\xia0_\Downloads\RogueKiller_portable64.exe
2017-07-12 18:42 - 2017-07-12 18:42 - 07804240 _____ (Reason Software Company Inc.) C:\Users\xia0_\Downloads\reason-core-security-setup_iot (1).exe
2017-07-12 18:41 - 2017-07-12 18:58 - 00000000 ____D C:\Windows\CbsTemp
2017-07-12 18:40 - 2017-07-12 18:40 - 00000607 _____ C:\Users\xia0_\Desktop\JRT.txt
2017-07-12 18:36 - 2017-07-12 18:36 - 00000000 ____D C:\ProgramData\Reason
2017-07-12 18:35 - 2017-07-12 18:35 - 00003648 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan
2017-07-12 18:35 - 2017-07-12 18:35 - 00003486 _____ C:\Windows\System32\Tasks\Reason Core Security
2017-07-12 18:35 - 2017-07-12 18:35 - 00002032 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2017-07-12 18:35 - 2017-07-12 18:35 - 00001175 _____ C:\Users\xia0_\Desktop\Reason Core Security.lnk
2017-07-12 18:35 - 2017-07-12 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-07-12 18:35 - 2017-07-12 18:35 - 00000000 ____D C:\Program Files\Reason
2017-07-12 18:34 - 2017-07-12 18:35 - 07804240 _____ (Reason Software Company Inc.) C:\Users\xia0_\Downloads\reason-core-security-setup_iot.exe
2017-07-12 18:33 - 2017-07-12 18:33 - 04110280 _____ C:\Users\xia0_\Downloads\adwcleaner_6.047 (1).exe
2017-07-12 18:33 - 2017-07-12 18:33 - 01663672 _____ (Malwarebytes) C:\Users\xia0_\Downloads\JRT.exe
2017-07-12 18:33 - 2017-07-12 18:33 - 00000005 ____H C:\ProgramData\cm-lock
2017-07-12 18:26 - 2017-07-12 18:29 - 00000000 ____D C:\AdwCleaner
2017-07-12 18:26 - 2017-07-12 18:26 - 04110280 _____ C:\Users\xia0_\Downloads\adwcleaner_6.047.exe
2017-07-12 18:20 - 2017-07-12 18:20 - 00000022 _____ C:\Users\xia0_\Downloads\esetpowelikscleaner.exe_20170712.182041.6856.zip
2017-07-12 18:15 - 2017-07-12 18:15 - 00549504 _____ (ESET) C:\Users\xia0_\Downloads\esetpowelikscleaner.exe
2017-07-12 18:15 - 2017-07-12 18:15 - 00000022 _____ C:\Users\xia0_\Downloads\esetpowelikscleaner.exe_20170712.181551.13536.zip
2017-07-12 18:14 - 2017-07-12 18:14 - 00000000 ____D C:\Windows\AppReadiness
2017-07-12 18:08 - 2017-07-12 18:29 - 00000000 ____D C:\ProgramData\BSD
2017-07-12 18:07 - 2017-07-12 18:07 - 00001414 _____ C:\Users\xia0_\Desktop\Auslogics Registry Cleaner.lnk
2017-07-12 18:06 - 2017-07-12 18:06 - 08994792 _____ (Auslogics Labs Pty Ltd ) C:\Users\xia0_\Downloads\registry-cleaner-setup.exe
2017-07-12 18:03 - 2017-07-12 18:03 - 00040915 _____ C:\ProgramData\dm.update.1499853567.bdinstall.bin
2017-07-10 20:04 - 2017-07-10 20:04 - 00002640 _____ C:\Users\xia0_\Desktop\Windows 7 USB DVD Download Tool.lnk
2017-07-10 20:04 - 2017-07-10 20:04 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-07-10 20:04 - 2017-07-10 20:04 - 00000000 ____D C:\Users\xia0_\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-07-10 20:02 - 2017-07-10 20:02 - 02721168 _____ (Microsoft Corporation) C:\Users\xia0_\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2017-07-07 16:13 - 2017-07-07 16:13 - 00980307 _____ C:\Users\Public\Desktop\bdsyslog.zip
2017-07-07 15:54 - 2017-04-22 05:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-07-07 15:54 - 2017-04-22 05:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-07-07 15:54 - 2017-04-22 05:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-07-07 15:54 - 2017-04-22 05:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-07-07 15:54 - 2017-04-12 02:27 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-07 15:54 - 2017-04-12 02:27 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-07 15:54 - 2017-03-16 02:15 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-07 15:54 - 2017-03-16 02:15 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-07 15:36 - 2017-07-07 15:36 - 06654216 _____ (Bitdefender S.R.L) C:\Users\xia0_\Downloads\BDSysLog_i.exe
2017-07-07 15:34 - 2017-07-07 15:34 - 00000000 ____D C:\Users\xia0_\AppData\Temp
2017-07-07 15:31 - 2017-07-07 15:31 - 00000000 _____ C:\Users\xia0_\Desktop\New Text Document.txt
2017-07-07 15:08 - 2017-07-12 18:32 - 00003608 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-06-23 11:15 - 2017-06-23 11:15 - 00037895 _____ C:\Users\xia0_\Downloads\57486183_20170621_0002.pdf
2017-06-19 11:30 - 2017-05-17 17:18 - 00131568 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-06-14 16:28 - 2017-06-14 16:28 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-06-14 12:17 - 2017-06-03 18:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 12:17 - 2017-06-03 18:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-06-14 12:17 - 2017-06-03 18:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-06-14 12:17 - 2017-06-03 18:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-06-14 12:17 - 2017-06-03 18:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-14 12:17 - 2017-06-03 18:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-06-14 12:17 - 2017-06-03 18:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 12:17 - 2017-06-03 18:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 12:17 - 2017-06-03 18:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 12:17 - 2017-06-03 18:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 12:17 - 2017-06-03 18:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-06-14 12:17 - 2017-06-03 18:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-06-14 12:17 - 2017-06-03 17:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-14 12:17 - 2017-06-03 17:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-06-14 12:17 - 2017-06-03 17:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 12:17 - 2017-06-03 17:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 12:17 - 2017-06-03 17:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-06-14 12:17 - 2017-06-03 17:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-06-14 12:17 - 2017-06-03 17:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 12:17 - 2017-06-03 17:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-06-14 12:17 - 2017-06-03 17:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-06-14 12:17 - 2017-06-03 17:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-06-14 12:17 - 2017-06-03 17:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-14 12:17 - 2017-06-03 17:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-14 12:17 - 2017-06-03 17:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-06-14 12:17 - 2017-06-03 17:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-06-14 12:17 - 2017-06-03 17:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 12:17 - 2017-06-03 17:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-14 12:17 - 2017-06-03 17:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-14 12:17 - 2017-06-03 17:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2017-06-14 12:17 - 2017-06-03 17:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-06-14 12:17 - 2017-06-03 17:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-06-14 12:17 - 2017-06-03 17:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-06-14 12:17 - 2017-06-03 17:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-06-14 12:17 - 2017-06-03 17:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 12:17 - 2017-06-03 17:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-06-14 12:17 - 2017-06-03 17:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-06-14 12:17 - 2017-06-03 17:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-14 12:17 - 2017-06-03 17:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-06-14 12:17 - 2017-06-03 17:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-06-14 12:17 - 2017-06-03 17:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 12:17 - 2017-06-03 17:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-14 12:17 - 2017-06-03 17:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-06-14 12:17 - 2017-06-03 17:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-06-14 12:17 - 2017-06-03 17:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-14 12:17 - 2017-06-03 17:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-06-14 12:17 - 2017-06-03 17:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 12:17 - 2017-06-03 17:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 12:17 - 2017-06-03 17:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-06-14 12:17 - 2017-06-03 17:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:17 - 2017-06-03 17:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll
2017-06-14 12:17 - 2017-06-03 17:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-06-14 12:17 - 2017-06-03 17:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 12:17 - 2017-06-03 17:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-06-14 12:17 - 2017-06-03 17:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-14 12:17 - 2017-06-03 17:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-06-14 12:17 - 2017-06-03 17:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 12:17 - 2017-06-03 17:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-14 12:17 - 2017-06-03 17:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-06-14 12:17 - 2017-06-03 17:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-06-14 12:17 - 2017-06-03 17:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-06-14 12:17 - 2017-06-03 17:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-14 12:17 - 2017-06-03 17:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 12:17 - 2017-06-03 17:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-06-14 12:17 - 2017-06-03 17:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-06-14 12:17 - 2017-06-03 17:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-06-14 12:17 - 2017-06-03 17:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-06-14 12:17 - 2017-06-03 17:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-06-14 12:17 - 2017-06-03 17:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 12:17 - 2017-06-03 17:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-06-14 12:17 - 2017-06-03 17:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 12:17 - 2017-06-03 17:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2017-06-14 12:17 - 2017-06-03 17:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-06-14 12:17 - 2017-06-03 17:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 12:17 - 2017-06-03 17:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-06-14 12:17 - 2017-06-03 17:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll
2017-06-14 12:17 - 2017-06-03 17:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-06-14 12:17 - 2017-06-03 17:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-14 12:17 - 2017-06-03 17:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 12:17 - 2017-06-03 17:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 12:17 - 2017-06-03 17:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-06-14 12:17 - 2017-06-03 17:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-06-14 12:17 - 2017-06-03 17:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll
2017-06-14 12:17 - 2017-06-03 17:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 12:17 - 2017-06-03 17:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 12:17 - 2017-06-03 17:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-06-14 12:17 - 2017-06-03 17:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2017-06-14 12:17 - 2017-06-03 17:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-06-14 12:17 - 2017-06-03 17:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 12:17 - 2017-06-03 17:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 12:17 - 2017-06-03 17:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 12:17 - 2017-06-03 17:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 12:17 - 2017-06-03 17:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-06-14 12:17 - 2017-06-03 17:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-06-14 12:17 - 2017-06-03 17:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 12:17 - 2017-06-03 16:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-06-14 12:17 - 2017-06-03 16:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 12:17 - 2017-06-03 16:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-06-14 12:17 - 2017-06-03 16:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-06-14 12:17 - 2017-06-03 16:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 12:17 - 2017-06-03 16:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-06-14 12:17 - 2017-06-03 16:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 12:17 - 2017-06-03 16:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-06-14 12:17 - 2017-06-03 16:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-14 12:17 - 2017-06-03 16:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-06-14 12:17 - 2017-06-03 16:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 12:17 - 2017-06-03 16:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 12:17 - 2017-06-03 16:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-06-14 12:17 - 2017-06-03 16:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-06-14 12:17 - 2017-06-03 16:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 12:17 - 2017-06-03 16:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 12:17 - 2017-06-03 16:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 12:17 - 2017-06-03 16:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-06-14 12:17 - 2017-06-03 16:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 12:17 - 2017-06-03 16:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2017-06-14 12:17 - 2017-06-03 16:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 12:17 - 2017-06-03 16:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 12:17 - 2017-06-03 16:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 12:17 - 2017-06-03 16:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-06-14 12:17 - 2017-06-03 16:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-06-14 12:17 - 2017-06-03 16:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-06-14 12:17 - 2017-06-03 14:08 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-06-14 12:17 - 2017-05-25 13:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-06-14 12:17 - 2017-03-04 14:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-06-14 12:17 - 2017-03-04 14:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 12:17 - 2017-03-04 14:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-06-14 12:17 - 2017-03-04 14:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-06-14 12:17 - 2016-09-07 12:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-06-14 01:17 - 2017-06-14 01:24 - 00000000 ____D C:\Users\xia0_\AppData\Local\NETGEARGenie
2017-06-14 01:17 - 2017-06-14 01:17 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2017-06-14 01:17 - 2017-06-14 01:17 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2017-06-14 01:17 - 2017-06-14 01:17 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2017-06-14 01:17 - 2017-06-14 01:17 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2017-06-14 01:17 - 2017-06-14 01:17 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2017-06-13 23:12 - 2017-06-13 23:12 - 00000000 ____D C:\Users\xia0_\AppData\Local\IsolatedStorage
2017-06-13 23:11 - 2016-12-20 01:16 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-06-13 23:11 - 2016-12-20 01:16 - 00029744 _____ (PureVPN) C:\Windows\system32\Drivers\neo_vpn.sys
2017-06-13 19:57 - 2017-06-13 19:57 - 00030961 _____ C:\ProgramData\agent.update.1497355070.bdinstall.bin
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 19:46 - 2017-04-27 09:59 - 00000000 ____D C:\Users\defaultuser0
2017-07-12 19:35 - 2017-04-27 10:00 - 00131072 _____ C:\Windows\system32\config\ELAM
2017-07-12 19:32 - 2017-04-27 10:05 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\Skype
2017-07-12 19:31 - 2017-04-27 16:45 - 00000068 __RSH C:\Windows\system32\Drivers\XtuAcpiDriver.winsecurity
2017-07-12 19:31 - 2017-04-27 10:11 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-07-12 18:58 - 2017-04-27 16:45 - 00000068 __RSH C:\Windows\system32\Drivers\xinputhid.winsecurity
2017-07-12 18:36 - 2017-04-27 10:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-12 18:35 - 2017-04-27 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-07-12 18:35 - 2017-04-27 10:14 - 00000000 ____D C:\Program Files (x86)\MSI
2017-07-12 18:32 - 2017-05-01 13:06 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\Spotify
2017-07-12 18:31 - 2017-05-02 12:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-12 18:30 - 2017-04-28 14:18 - 00000000 ____D C:\ProgramData\VMware
2017-07-12 18:30 - 2017-04-27 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 18:29 - 2017-04-27 10:59 - 00037329 _____ C:\bdlog.txt
2017-07-12 18:29 - 2017-04-27 10:00 - 00524288 _____ C:\Windows\system32\config\BBI
2017-07-12 18:14 - 2017-04-27 10:18 - 00000000 __RSD C:\Windows\Media
2017-07-12 18:14 - 2017-04-27 10:18 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-12 18:14 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\Registration
2017-07-12 18:14 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\Help
2017-07-12 18:08 - 2017-05-01 19:30 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C585885-4C0D-4F57-A63F-38864B0E3565}
2017-07-12 18:08 - 2017-04-27 10:18 - 00000155 _____ C:\Windows\win.ini
2017-07-12 18:00 - 2017-05-01 13:06 - 00000000 ____D C:\Users\xia0_\AppData\Local\Spotify
2017-07-10 20:20 - 2017-05-01 12:11 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\vlc
2017-07-10 20:18 - 2017-04-28 01:25 - 00000000 ____D C:\Users\xia0_\Documents\Vuze Downloads
2017-07-10 20:06 - 2017-04-27 10:01 - 00000000 ____D C:\Users\xia0_
2017-07-10 20:05 - 2017-04-27 10:06 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-10 20:05 - 2017-04-27 10:06 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-10 20:01 - 2017-04-27 10:17 - 00000000 ____D C:\Windows\INF
2017-07-10 20:00 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-07 16:34 - 2017-04-27 10:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-07 16:19 - 2017-04-28 14:31 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\VMware
2017-07-07 16:19 - 2017-04-28 14:31 - 00000000 ____D C:\Users\xia0_\AppData\Local\VMware
2017-07-07 16:03 - 2017-04-27 10:05 - 00000000 ___RD C:\Users\xia0_\OneDrive
2017-07-07 15:59 - 2017-05-12 11:45 - 00000000 ____D C:\Windows\system32\UNP
2017-07-07 15:59 - 2017-05-12 11:45 - 00000000 ____D C:\Program Files\UNP
2017-07-07 15:48 - 2017-04-27 00:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-07 15:36 - 2017-04-27 10:18 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-07 15:34 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\system32\NDF
2017-07-07 15:05 - 2017-04-27 09:41 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-27 17:47 - 2017-04-28 01:25 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\Azureus
2017-06-27 17:08 - 2017-04-27 12:12 - 00000000 ____D C:\Users\xia0_\AppData\Roaming\GarenaPlus
2017-06-27 17:08 - 2017-04-27 10:28 - 00000000 ____D C:\ProgramData\GarenaMessenger
2017-06-27 16:49 - 2017-04-27 10:02 - 00000000 ____D C:\Users\xia0_\AppData\Local\Packages
2017-06-23 14:54 - 2017-05-27 23:46 - 00036832 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2017-06-23 11:16 - 2017-05-09 12:29 - 00262312 _____ C:\Windows\system32\prfh0804.dat
2017-06-23 11:16 - 2017-05-09 12:29 - 00110286 _____ C:\Windows\system32\prfc0804.dat
2017-06-23 11:16 - 2017-04-27 09:59 - 01261848 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-22 19:43 - 2017-05-09 04:42 - 00000000 ____D C:\Users\xia0_\vmlogs
2017-06-22 19:43 - 2017-05-09 04:40 - 00000000 ____D C:\Users\xia0_\.BigNox
2017-06-22 19:43 - 2017-05-09 04:39 - 00000000 ____D C:\Users\xia0_\AppData\Local\Nox
2017-06-22 19:43 - 2017-04-28 16:08 - 00000000 ____D C:\Users\xia0_\.android
2017-06-20 20:01 - 2017-05-01 13:04 - 00000000 ____D C:\Users\xia0_\AppData\Local\ElevatedDiagnostics
2017-06-19 13:29 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\rescache
2017-06-19 11:31 - 2017-04-27 10:24 - 00002064 _____ C:\Users\Public\Desktop\MSI Super Charger.lnk
2017-06-19 11:31 - 2017-04-27 10:14 - 00000000 ____D C:\MSI
2017-06-19 11:30 - 2017-04-27 10:18 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-06-19 11:14 - 2017-04-27 10:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-19 11:14 - 2017-04-27 10:12 - 00000000 ____D C:\ProgramData\Skype
2017-06-19 11:08 - 2017-04-27 09:41 - 00375208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 16:28 - 2017-04-27 10:18 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-14 16:28 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2017-06-14 16:28 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\system32\en-GB
2017-06-14 16:28 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-14 16:28 - 2017-04-27 10:18 - 00000000 ____D C:\Windows\ShellExperiences
2017-06-14 12:26 - 2017-04-27 13:32 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 12:24 - 2017-04-27 13:31 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 02:29 - 2017-04-27 10:13 - 00000000 ____D C:\Users\xia0_\AppData\Local\NVIDIA Corporation
2017-06-13 23:50 - 2017-05-02 19:57 - 00000000 ____D C:\Users\xia0_\Documents\DragonNest
2017-06-13 23:32 - 2017-05-16 05:54 - 00000000 ____D C:\Users\xia0_\AppData\Local\CrashDumps
2017-06-13 22:34 - 2017-04-27 10:28 - 00000000 ____D C:\Program Files (x86)\Garena Plus
 
==================== Files in the root of some directories =======
 
2017-04-27 10:11 - 2017-04-27 10:11 - 0048261 _____ () C:\ProgramData\agent.1493259068.bdinstall.bin
2017-06-13 19:57 - 2017-06-13 19:57 - 0030961 _____ () C:\ProgramData\agent.update.1497355070.bdinstall.bin
2017-04-27 10:31 - 2017-04-27 10:31 - 0493154 _____ () C:\ProgramData\cl.1493259130.bdinstall.bin
2017-07-12 18:33 - 2017-07-12 18:33 - 0000005 ____H () C:\ProgramData\cm-lock
2017-04-27 10:35 - 2017-04-27 10:35 - 0056894 _____ () C:\ProgramData\dm.1493260292.bdinstall.bin
2017-07-12 18:03 - 2017-07-12 18:03 - 0040915 _____ () C:\ProgramData\dm.update.1499853567.bdinstall.bin
 
Some files in TEMP:
====================
2017-07-12 18:12 - 2017-07-12 18:12 - 0518144 _____ (Auslogics) C:\Users\xia0_\AppData\Local\Temp\$$$-boost-speed-installer-TTDNPSZR.exe
2017-07-12 18:36 - 2017-07-12 18:36 - 1069856 _____ () C:\Users\xia0_\AppData\Local\Temp\rscp_setup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-20 20:01
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by xia0_ (12-07-2017 19:56:15)
Running from C:\Users\xia0_\Downloads
Windows 10 Pro Version 1607 (X64) (2017-04-27 02:00:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2861019060-3189710903-2318176794-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2861019060-3189710903-2318176794-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2861019060-3189710903-2318176794-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2861019060-3189710903-2318176794-501 - Limited - Disabled)
xia0_ (S-1-5-21-2861019060-3189710903-2318176794-1001 - Administrator - Enabled) => C:\Users\xia0_
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccessData FTK Imager (HKLM\...\{EC863A58-F195-4C12-8093-B348C4037BEE}) (Version: 3.4.3.3 - AccessData)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.89 - NVIDIA Corporation) Hidden
Autopsy (HKLM\...\{18BFB127-49CF-4F63-90E1-27A4D965AA01}) (Version: 4.3.0 - The Sleuth Kit)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.24.54 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.25.80 - Bitdefender)
Discord (HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.227.0000 - Shanda Games International)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
MapleStorySEA version 1.67.1 (HKLM-x32\...\{9C52265B-F695-4A8E-A363-E9974DAF8E69}_is1) (Version: 1.67.1 - Asiasoft Online Pte.Ltd.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.14 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.16 - MSI)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.2.0 - Duodian Technology Co. Ltd.)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
ProDiscover Basic  8.2.0.2 (64 Bit) (HKLM\...\{78BC5838-099A-402E-8868-ED8AA3506F42}) (Version: 8.2.0.2 - Technology Pathways LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.2.4 - Razer Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.1.7.463 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.3.0.3 - Reason Software Company Inc.)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.36 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinHex (HKLM-x32\...\WinHex) (Version:  - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\xia0_\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\xia0_\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2861019060-3189710903-2318176794-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\xia0_\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers01: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-04-20] (Bitdefender)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers04: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-04-20] (Bitdefender)
ContextMenuHandlers05: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-04-20] (Bitdefender)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-04-20] (NVIDIA Corporation)
ContextMenuHandlers06: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-04-20] (Bitdefender)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05AFEED0-5BD2-4FCC-A9AB-44606CF4037D} - \Auslogics\Driver Updater\Start Driver Updater оn xia0_ logon -> No File <==== ATTENTION
Task: {06646852-91B7-4F00-A1A7-EF2E1A64F403} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {073DE99D-82AC-4AA3-A6E4-B94B72CBCDDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {078BAC4E-7BF9-46B9-91F2-0E8BFBBABC5D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {0913C03F-FF56-474A-8FED-C7B09990D996} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {0C1B025F-640D-4297-8251-C5A6C7D2D29E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {1700E968-68D8-4E94-8DE5-CB2E460CE031} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation)
Task: {1C9E7E6A-2A29-45AE-8701-013B450E443C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-27] (Google Inc.)
Task: {34E19250-F4E9-4411-9880-49B94F63E57C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {3BF3A075-3562-44E2-AC8C-B1FDB0A2FB59} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation)
Task: {3ECE0241-6D87-4249-9849-861876716C83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-07] (Microsoft Corporation)
Task: {433E4300-7CEE-4BF9-9BB3-E6F91DC861ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation)
Task: {46F472B8-F8E9-423A-A384-482923033288} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {4F7F0643-ACCF-40DD-AB38-7729840BF6B9} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-06-28] (Reason Software Company Inc.)
Task: {542742EB-A601-4D54-BFB6-12E7031E5843} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {5854C1A2-6736-4802-AC4F-B74D5BE66CF8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {5BB1153E-56E5-47B1-A55C-104ECA9B3B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-27] (Google Inc.)
Task: {73017658-41F5-49E8-8D8B-8057D7E4D648} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-06-28] (Reason Software Company Inc.)
Task: {99FA7EBD-63A9-47EC-A280-42238F7DAD40} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2017-01-18] ()
Task: {A4ED6FCD-4946-4D13-847D-10F2FBB5A875} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {A96DDD2C-6B0F-486E-8DAD-19DD645AB8C1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {BD05A285-BE34-4B1A-B566-E4902F66766D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation)
Task: {D2E6A773-6F1E-40EF-85F3-6348965DE172} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-04-20] (Bitdefender)
Task: {ED4E1390-964F-4EFE-9AC3-4A2BE4F4A1F5} - \Auslogics\BoostSpeed\Start BoostSpeed оn xia0_ logon -> No File <==== ATTENTION
Task: {F03C4DBB-2073-4512-96C0-4B97B59FC421} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {F303A3DB-7C86-4E1A-A39E-409DB3649E23} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {FF9B141E-8CB0-4173-802A-AA3774E44D85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-07] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-14 12:17 - 2017-06-03 18:01 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-04-27 10:23 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-04-27 10:23 - 2017-02-07 12:34 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
2017-04-27 10:23 - 2017-02-07 12:34 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
2017-04-27 10:23 - 2017-02-07 12:34 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
2017-04-27 10:23 - 2017-02-07 12:34 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
2016-11-25 14:16 - 2016-11-25 14:16 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-09-25 06:20 - 2016-09-25 06:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-05-26 11:58 - 2017-07-07 15:34 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-16 15:36 - 2017-03-04 14:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 15:36 - 2017-03-04 14:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 15:36 - 2017-03-04 14:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 12:17 - 2017-06-03 16:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 12:17 - 2017-06-03 16:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-22 19:41 - 2017-06-22 19:41 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-22 19:41 - 2017-06-22 19:41 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-22 19:41 - 2017-06-22 19:41 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-22 19:41 - 2017-06-22 19:41 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-30 14:51 - 2017-05-30 14:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdsystray.txtui
2017-01-12 02:15 - 2017-01-12 02:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 15:45 - 2017-03-04 14:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-27 10:12 - 2017-05-04 04:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-12 18:36 - 2017-07-12 18:37 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2017-07-12 18:36 - 2017-07-12 18:37 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-05-30 14:52 - 2017-05-30 14:52 - 00022304 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdaphconp.txtui
2017-04-27 10:23 - 2017-04-20 18:27 - 00066240 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bddpsp.dll
2017-07-10 20:05 - 2017-06-23 11:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-10 20:05 - 2017-06-23 11:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-03-08 02:18 - 2017-03-08 02:18 - 00582936 _____ () C:\Program Files\Reason\Security\rsLggr.exe
2017-07-12 18:45 - 2017-07-12 19:05 - 26468936 _____ () C:\Users\xia0_\Downloads\RogueKiller_portable64.exe
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-07-12 18:35 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-04-27 10:12 - 2017-05-04 04:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\xia0_\Downloads\adwcleaner_6.047 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\adwcleaner_6.047.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\esetpowelikscleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\mbar-1.09.3.1001.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\reason-core-security-setup_iot (1).exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\reason-core-security-setup_iot.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\registry-cleaner-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\RogueKiller_portable64.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\SecurityTaskManager_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\xia0_\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-04-27 10:18 - 2017-07-12 19:31 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2861019060-3189710903-2318176794-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xia0_\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2984E7B8-1F35-4221-883A-3E33906C5833}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3DFA7D04-D1D0-4149-B1C1-07D3AE551181}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9EE85622-4681-4CEF-9E72-50B8BBCE21B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A21F361E-A0EA-4FC9-80F4-89DA4349F962}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{315A55A9-F6A8-439C-982B-D3B7522E48C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C818C673-F3F9-4798-8099-59CF1C570690}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5CF364B3-B35F-4A6A-9C53-A35F7DE06102}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{8DF963AB-37E2-4405-B89D-6E76F8B6DB78}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{850B75E4-41CA-4E56-9D24-5BE90CC267F8}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{D52648B0-D97A-4454-9595-B73B1EF824C6}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{48F668C2-BCE1-4B88-B944-0B0CCA4B876B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{E403D19B-E246-4ADA-AEFD-DD61F7D21BDF}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{F328F0AD-DCE9-4B69-B2F2-701345C079BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B628071D-0A9F-4AFD-9E8D-565752CF448E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{412FB143-836E-4BC6-BA38-8E57ED98859C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{50C8E6E2-80F3-4A4E-B1B5-2A1CD5F68EC4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5CBA8010-467E-4619-9B4D-2851E0F0A503}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{91E0F763-BC12-4B31-9FED-38C977FEFF1E}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{D6B714EB-C819-4883-96D6-CA4807644D04}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{9F5B3755-29E4-42C6-8D1F-7D7F801CA91C}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{9568F79F-1FBA-4B83-A917-8E4D088C1EE2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F8DCD605-CC5F-45FD-9D37-8423127015C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{39453C5A-9704-4C84-996A-83AE1B6C1357}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8CB42417-7BB2-42FF-AC38-E7949DD74A66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D4953B28-0DC9-420D-8ECD-351D47B523B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F25D08A8-808B-4C58-9CCD-17E81BC6E58A}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe
FirewallRules: [{BFD50B3B-0B7D-4C4B-8DB2-87D5F580D7BB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1D8AA9CC-5F23-4B04-9C87-592B30FC4210}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{6741A24F-BC7E-4159-91AF-0B9FED72A5F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-07-2017 15:53:57 Windows Update
10-07-2017 20:03:04 Installed Windows 7 USB/DVD Download Tool
12-07-2017 18:34:07 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: PureVPN
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2017 07:47:04 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/12/2017 07:47:04 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/12/2017 07:46:47 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/12/2017 07:46:47 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/12/2017 07:14:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2017 06:52:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2017 06:37:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2017 06:36:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/12/2017 06:34:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/12/2017 06:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vsserv.exe, version: 21.0.25.92, time stamp: 0x5926cd41
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc000000d
Fault offset: 0x00000000000ff44c
Faulting process ID: 0x5a8
Faulting application start time: 0x01d2faf559175179
Faulting application path: C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: cf20e158-db77-44f9-b741-4fe822d1913c
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/12/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (07/12/2017 06:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (07/12/2017 06:30:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 06:29:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (07/12/2017 06:29:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2017 06:29:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/12/2017 06:29:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/12/2017 06:29:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CodeMeter Runtime Server service terminated unexpectedly. It has done this 1 time(s).
 
Error: (07/12/2017 06:29:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/12/2017 06:29:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-12 18:30:32.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 18:06:17.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-10 20:11:24.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-07 15:11:10.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-07 15:05:00.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-07 14:54:53.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-27 16:38:36.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-23 11:19:08.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-22 19:30:28.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-20 17:41:02.296
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 24504 MB
Available physical RAM: 15864.8 MB
Total Virtual: 28088 MB
Available Virtual: 19455.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:975.78 GB) (Free:735.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 
RogueKiller V12.11.6.0 (x64) [Jul 10 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : xia0_ [Administrator]
Started from : C:\Users\xia0_\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 07/12/2017 19:05:59 (Duration : 00:41:17)
 
¤¤¤ Processes : 1 ¤¤¤
[Adw.Elex|Tr.Zusy|PUP.Divcom] mbar.exe(3948) -- C:\Users\xia0_\Desktop\mbar\mbar.exe[7] -> Killed [TermThr]
 
¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\im -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{990177ea-5a3f-4a1a-a234-bb322ae7fb0f} | DhcpNameServer : 191.101.58.3 10.0.80.11 ([X][X])  -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2861019060-3189710903-2318176794-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2861019060-3189710903-2318176794-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 4 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_BthHFSrv1740E804.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_ChargeService363FA7D2.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_CodeMeter36C93C2E -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_CodeMeter36C93C2E.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_Discord2C651D5 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_Discord2C651D5.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_GameManagerService536C4152.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_GameScannerService57C6E352.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_HuaweiHiSuiteService645CDAEECA.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_mbar-13.1001.exe1336BD94.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_mbar14471F3C.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_MSI_LiveUpdate_Service4985D9F2 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_MSI_LiveUpdate_Service4985D9F2.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_NETGEARGenie2DD05509.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_nvcontainer4E128E7F.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_nvcontainer5AADDE7E.memory -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_NVDisplaytainer.exe7A5C107F.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_NvTelemetryContainer7F33DE7E.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_OfficeClickToRun70F6510B -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_OfficeClickToRun70F6510B.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RazerCentralService7B9DCD82.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_rsLggr2670E520.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RtkNGUI6423FD468C -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RtkNGUI6423FD468C.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RzKLService409FD913.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RzSDKService3F23BA8A.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_RzSynapse33F71AA9.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_SkypeHost8CD32401.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_steam16A06D4E -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_steam16A06D4E.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_Super Charger38CC9BDF.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_vmware-authd427785E9.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_vpnclient256BD449 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\c_vpnclient256BD449.file -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109C80000000000000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109C80000000000000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109C80090400000000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109C80090400000000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109F80000000100000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00005109F80000000100000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109C80000000000000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109C80000000000000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109C80090400000000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109C80090400000000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109DD0000000100000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109DD0000000100000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109F80000000100000000F01FEC -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_00006109F80000000100000000F01FEC.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0FD28D5BF2CAF964E879956935491766 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_0FD28D5BF2CAF964E879956935491766.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1007C6B46D7C017319E3B52CF3EC196E.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12342rg -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12346db -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_12350vi4 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1685B18D193F50947A97A82899F4A300 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_1685B18D193F50947A97A82899F4A300.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_180D05B7076E34B34A06E0C2BDC59E48 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_180D05B7076E34B34A06E0C2BDC59E48.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2EEB87D0FF8F8944FAA1F38FC1DEA86C -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_2EEB87D0FF8F8944FAA1F38FC1DEA86C.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5F26CF5B763A5A73F92D6A1E730C90F6 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_5F26CF5B763A5A73F92D6A1E730C90F6.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008142220573 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008142220573.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA73301B744CAF070E41400 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA73301B744CAF070E41400.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_721BFB81FC9436F4091E724A9D56AA10 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_721BFB81FC9436F4091E724A9D56AA10.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_818DCFD4A63092246AD7FC71CD64D129 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_818DCFD4A63092246AD7FC71CD64D129.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8385CB87A990E2048886DEA83A05F624 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_8385CB87A990E2048886DEA83A05F624.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_85A368CE591F21C408393B844C30B7EE -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_85A368CE591F21C408393B844C30B7EE.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_916BEFFD554579631B5442D339D69BB5 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_916BEFFD554579631B5442D339D69BB5.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_96DFC9DB19BEE453C9894D936E909123 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_96DFC9DB19BEE453C9894D936E909123.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_FA892FCC1EC962B42B1584E6893A7498 -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\icm_FA892FCC1EC962B42B1584E6893A7498.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\ItemsState.ini -> Deleted
[PUP.Gen1][File] C:\ProgramData\SecTaskMan\purevpn.exe.q_Quarantine_11670_q.ini -> Deleted
[Hidden.ADS][Stream] C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 -> Deleted
[Hidden.ADS][Stream] C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM006-2DM164 +++++
--- User ---
[MBR] aa3e187663affc7fd6741f9c82907ede
[BSP] 723e93a68d4f6b4f6c65058e7fc2347f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 999198 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2047076352 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 17 July 2017 - 07:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/651334 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 22 July 2017 - 07:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users