Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a virus called Hacktool:Win32/AutoKMS


  • This topic is locked This topic is locked
2 replies to this topic

#1 AbhaySolanki

AbhaySolanki

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 10 October 2017 - 05:16 AM

The first log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-10-2017
Ran by Abhay (administrator) on DESKTOP-PL742CC (10-10-2017 15:42:21)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Abhay (Available Profiles: Abhay)
Platform: Windows 10 Enterprise 10240.17443.amd64fre.th1.170602-2340 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3926016 2016-05-26] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2017-08-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [Steam] => D:\New folder (2)\steam.exe [3074336 2017-10-05] (Valve Corporation)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\Run: [BitTorrent] => C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe [2153928 2017-08-12] (BitTorrent Inc.)
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\MountPoints2: {017650e3-a05f-11e7-9c4b-9840bb3e6640} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\MountPoints2: {6d7e702d-a907-11e7-9c6c-9840bb3e6640} - "H:\LaunchU3.exe" -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47ae2bd7-5f3f-44d5-89a1-6cd567f1a52b}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 383lmmts.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\383lmmts.default [2017-09-25]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-05] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://private.dogpile.com/{REPLACE}/search/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Dogpile Private Search
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-05]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-05]
CHR Extension: (Dogpile Private Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaakfggmkjlaepgbmpmgjdijpihiehph [2017-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-07-29] ()
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [480216 2017-08-05] (Intel Corporation)
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2223864 2017-08-05] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [341976 2017-08-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-15] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-07-19] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-09-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2017-09-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2017-08-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269920 2017-08-05] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [401896 2017-10-10] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-08-09] (Samsung Electronics Co., Ltd.)
R2 DpmLiteDrv; C:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [75320 2017-08-05] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2017-08-05] (DT Soft Ltd)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [358968 2017-08-05] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [63496 2017-08-05] (Intel Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98608 2017-08-05] (Intel Corporation)
R1 MpKsl227f31d1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3F5529B-B774-4240-BB73-55B3EFF91B29}\MpKsl227f31d1.sys [58120 2017-10-06] (Microsoft Corporation)
R1 MpKsl8b5e2969; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A5AECD8-C50F-4937-95D5-2B769A82158D}\MpKsl8b5e2969.sys [58120 2017-10-10] (Microsoft Corporation)
R1 MpKslbb381857; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4719E64-355C-4152-95EE-4936A15752DA}\MpKslbb381857.sys [58120 2017-10-08] (Microsoft Corporation)
R1 MpKslfa3c1188; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{837D983A-C050-4D7A-BB61-75E09BDE63FD}\MpKslfa3c1188.sys [58120 2017-10-05] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [955392 2017-08-05] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [436224 2017-08-05] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-08-09] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [74848 2017-08-05] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-10 15:42 - 2017-10-10 15:43 - 000012837 _____ C:\Users\Admin\Downloads\FRST.txt
2017-10-10 15:42 - 2017-10-10 15:42 - 000000000 ____D C:\FRST
2017-10-10 15:41 - 2017-10-10 15:41 - 002401792 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-10-10 15:10 - 2017-10-10 15:10 - 000016148 _____ C:\Windows\system32\DESKTOP-PL742CC_Abhay_HistoryPrediction.bin
2017-10-09 09:49 - 2017-10-09 09:49 - 000166136 _____ C:\Users\Admin\Downloads\749106C4218951E551F6B3AFD1146794C2156722.torrent
2017-10-09 09:33 - 2017-10-09 09:33 - 000128361 _____ C:\Users\Admin\Downloads\D072C72BCFAEAFE7A725CE680F8C7B4093F01355.torrent
2017-10-08 12:56 - 2017-10-08 12:56 - 000102495 _____ C:\Users\Admin\Downloads\BSZ50_MARGINMAILER_25710_20171007.PDF
2017-10-08 12:48 - 2017-10-08 12:48 - 000002012 _____ C:\Windows\SysWOW64\BrowserSettings.InstallState
2017-10-08 12:48 - 2017-10-08 12:48 - 000000000 ____D C:\Program Files (x86)\(n)Code Solutions
2017-10-08 12:46 - 2017-10-08 12:46 - 000489126 _____ C:\Users\Admin\Downloads\(n)Procure Tool (1).zip
2017-10-08 11:44 - 2017-10-08 11:44 - 000017254 _____ C:\Users\Admin\Downloads\Red.Dead.Redemption - PC.torrent
2017-10-03 19:39 - 2017-10-03 19:39 - 001168693 _____ C:\Users\Admin\Downloads\TOPScorer-eBrochure.pdf
2017-09-29 19:24 - 2017-09-29 19:24 - 000003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-09-29 19:24 - 2017-09-29 19:24 - 000000679 _____ C:\DelFix.txt
2017-09-29 19:24 - 2017-09-29 19:24 - 000000000 ____D C:\Windows\ERUNT
2017-09-29 10:04 - 2017-09-29 10:04 - 000000000 ____D C:\ProgramData\Emsisoft
2017-09-29 10:01 - 2017-09-29 10:35 - 000000000 ____D C:\EEK
2017-09-29 09:10 - 2017-09-29 10:01 - 333232968 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit (1).exe
2017-09-29 09:08 - 2017-09-29 09:08 - 000069187 _____ C:\Users\Admin\Downloads\1131_001.pdf
2017-09-27 21:43 - 2017-09-27 21:43 - 000000211 _____ C:\Users\Admin\Desktop\Black Squad.url
2017-09-25 19:56 - 2017-09-25 19:56 - 000001315 _____ C:\Users\Admin\Desktop\idea64 - Shortcut.lnk
2017-09-25 19:54 - 2017-09-25 19:54 - 000002272 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2017-09-25 19:54 - 2017-09-25 19:54 - 000001228 _____ C:\Users\Admin\Desktop\Mozilla Firefox.lnk
2017-09-25 10:11 - 2017-09-25 10:11 - 000000605 _____ C:\Users\Public\Desktop\Steam.lnk
2017-09-25 10:11 - 2017-09-25 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-25 10:10 - 2017-09-25 10:10 - 001446792 _____ C:\Users\Admin\Downloads\SteamSetup.exe
2017-09-18 12:38 - 2017-09-18 12:38 - 000001933 _____ C:\Users\Admin\Downloads\Maze.java.zip
2017-09-13 14:29 - 2017-09-13 14:29 - 000054024 _____ C:\Users\Admin\Downloads\cur197.ani
2017-09-13 11:51 - 2017-09-15 12:23 - 000000079 _____ C:\Users\Admin\Desktop\email teacher.txt
2017-09-12 21:54 - 2017-09-12 21:54 - 000000000 ____D C:\Users\Admin\Documents\My Games
2017-09-12 21:54 - 2017-09-12 21:54 - 000000000 ____D C:\Users\Admin\AppData\Local\Skyrim
2017-09-12 21:53 - 2017-09-12 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-10 15:42 - 2017-08-12 00:08 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2017-10-10 15:23 - 2017-08-05 01:24 - 000003808 _____ C:\Windows\System32\Tasks\AutoKMS
2017-10-10 15:10 - 2017-08-12 00:09 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\BitTorrent
2017-10-10 15:09 - 2015-07-10 17:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-10 14:19 - 2017-08-05 01:04 - 000000000 ____D C:\Users\Admin
2017-10-10 13:18 - 2015-07-10 16:32 - 000000000 ____D C:\Windows\INF
2017-10-10 11:38 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\AppReadiness
2017-10-10 11:37 - 2015-07-10 16:34 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 11:07 - 2017-09-08 13:48 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2AC21A95-CAC6-4662-9E57-304212EA18A3}
2017-10-09 10:35 - 2017-08-05 01:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2017-10-08 19:34 - 2017-08-20 02:42 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Temp
2017-10-05 21:39 - 2017-08-05 01:09 - 000887678 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-05 15:25 - 2015-07-10 14:35 - 000524288 ___SH C:\Windows\system32\config\BBI
2017-09-27 20:12 - 2017-08-05 01:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 19:54 - 2017-08-05 06:40 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-09-24 20:05 - 2017-08-05 01:56 - 000000000 ____D C:\Windows\Panther
2017-09-24 19:58 - 2017-07-11 13:09 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-24 19:31 - 2017-08-05 23:45 - 000000000 ____D C:\AMD
2017-09-22 14:02 - 2017-08-05 01:07 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-09-22 13:35 - 2017-08-05 06:25 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1238717651-3256879073-989753507-1001
2017-09-22 13:35 - 2017-08-05 01:07 - 000002363 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-18 23:38 - 2017-08-25 21:54 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-15 13:27 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\LiveKernelReports
2017-09-13 14:39 - 2017-08-05 08:26 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 14:07 - 2017-08-05 08:26 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-13 14:01 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\Cursors
 
==================== Files in the root of some directories =======
 
2017-08-14 11:38 - 2017-08-14 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{F74DEB18-5EAC-4E14-BC03-BB592F7DB538}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-06 21:46
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by Abhay (10-10-2017 15:44:18)
Running from C:\Users\Admin\Downloads
Windows 10 Enterprise 10240.17443.amd64fre.th1.170602-2340 (X64) (2017-08-04 19:33:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abhay (S-1-5-21-1238717651-3256879073-989753507-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1238717651-3256879073-989753507-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1238717651-3256879073-989753507-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-1238717651-3256879073-989753507-503 - Limited - Disabled)
Guest (S-1-5-21-1238717651-3256879073-989753507-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
(n)Code Solutions - PKI Component (Ver 3.0.0) (HKLM-x32\...\{2D810C13-E97C-46EF-8707-2D9A1FDB8E65}) (Version: 3.0.0 - (n)Code Solutions)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Black Squad (HKLM\...\Steam App 550650) (Version:  - NS STUDIO)
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.45 - Synaptics Incorporated)
Dungeons & Dragons Online® (HKLM\...\Steam App 206480) (Version:  - Standing Stone Games, LLC)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.313 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1603.5 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PlanetSide 2 (HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PX Profile Update (HKLM-x32\...\{92EF4CD3-1423-7E68-2568-14F9D0D8930B}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10334 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.38 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.6.326593 - Linden Research, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics WBF DDK 5111 (VSM) (HKLM\...\{DC5A22ED-3DF4-43F0-BC5F-805DB8E6D7E3}) (Version: 4.5.289.0 - Synaptics)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1238717651-3256879073-989753507-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-08-05] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-08] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0427824D-891C-4C2E-B96C-07EE0C9E0E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-05] (Google Inc.)
Task: {38D5C261-651E-4059-BD66-8BA42A06C34F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {4C9603C5-CFC2-4883-A798-936E1293795E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-21] (Advanced Micro Devices, Inc.)
Task: {6899347F-8D8F-449B-B1F9-B00FEAA7921D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {7B5E9FCC-D4DD-4F1C-BFC0-5DAAE963D108} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-08-05] ()
Task: {7E485A1A-37CB-4716-9AC3-94A27BEF2313} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-05] (Google Inc.)
Task: {9DCE3756-B0D7-44EF-BF3B-AD03523175D5} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-08-05] (Realtek Semiconductor)
Task: {E46F89C4-AAF1-4A8A-8423-FBFA130BCB69} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-15] (Intel® Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-05 06:47 - 2015-07-15 07:34 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2017-08-12 11:15 - 2017-08-12 11:15 - 000022016 _____ () C:\Windows\System32\xrxs1l6.dll
2017-08-05 08:01 - 2016-10-25 12:45 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2017-08-26 11:04 - 2017-09-01 08:40 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-08-26 11:04 - 2017-09-01 08:41 - 000103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2017-08-05 08:02 - 2017-06-03 19:09 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 12:12 - 2016-09-13 12:12 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 12:12 - 2016-09-13 12:12 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 12:13 - 2016-09-13 12:13 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-08-05 08:00 - 2015-09-17 11:18 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-08-05 08:03 - 2017-04-28 05:14 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-08-05 08:00 - 2016-11-19 11:36 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-05 08:03 - 2017-04-28 05:12 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-05 08:03 - 2015-09-17 11:13 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-27 20:11 - 2017-09-21 12:59 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 20:11 - 2017-09-21 12:59 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-07-19 03:44 - 2016-07-19 03:44 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\ncode.in -> hxxps://www.ncode.in
IE trusted site: HKU\.DEFAULT\...\ncodesolutions.com -> hxxps://www.ncodesolutions.com
IE trusted site: HKU\.DEFAULT\...\npay.in -> hxxps://www.npay.in
IE trusted site: HKU\.DEFAULT\...\nprocure.com -> hxxps://nprocure.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 16:34 - 2015-07-10 16:32 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{9f2ea3b7-27a5-47a0-b09d-9208bea66011}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1238717651-3256879073-989753507-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{17E30FEF-899A-4DF1-B2A2-39DA59CBFF12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E0D7B7E-F8B8-48DA-88C7-9F88F3CDB23E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{248441FB-636A-499F-B72D-BE07F2F0480A}] => (Allow) D:\New folder (2)\New folder\Steam.exe
FirewallRules: [{1FC5FCA6-C33C-4E7C-B115-3DAB4E707048}] => (Allow) D:\New folder (2)\New folder\Steam.exe
FirewallRules: [{FE451A7F-4088-4B53-AD9C-510BBEF3C904}] => (Allow) D:\New folder (2)\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{45C49214-FE0B-4283-AD9E-ACC950CD35EB}] => (Allow) D:\New folder (2)\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{480768A8-0C1D-4DBC-AFD4-81606D8F05AA}] => (Allow) D:\New folder (2)\New folder\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{13080431-BD99-4FD1-888E-06EFD7FCFCC2}] => (Allow) D:\New folder (2)\New folder\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D2A397EB-6E94-4929-AF02-95C4F6693746}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [UDP Query User{7966F533-2A09-4E13-8187-913446497624}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [TCP Query User{45619C7F-9637-4AAE-B418-0A75A16D5FBC}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{84C1824E-3A98-45A1-BBC5-80407DFC91DB}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{C15A1497-41D2-4389-A59E-4E101AF82CA9}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{56C8E703-AB34-4B2A-B8A1-C4C5D19A99BD}D:\cod 4\iw3mp.exe] => (Allow) D:\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{D1B620D4-687A-434F-B53F-D7DD84A0A130}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [UDP Query User{4496A89E-05B5-4679-AD52-8C6B9C385434}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [TCP Query User{F55D59E6-944D-4463-82F2-A6964C6FE489}D:\new folder (2)\secondlifeviewer\slvoice.exe] => (Allow) D:\new folder (2)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{CD7B5C33-6C2F-43E2-A8EC-26B35187A733}D:\new folder (2)\secondlifeviewer\slvoice.exe] => (Allow) D:\new folder (2)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{394E1D49-5796-4621-945F-ACE0277A6931}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [UDP Query User{6F9A590D-F457-46FC-8C9E-300CD7D649D1}D:\cod\cod2mp_s.exe] => (Allow) D:\cod\cod2mp_s.exe
FirewallRules: [{A8A1B218-3DF7-4351-B46B-36CE14DAF21F}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{384209ED-C719-499D-86A9-5F734B60E431}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{2E9B1F63-50DD-4854-86E7-07A2CB9BB73E}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6516C458-F5D5-4E3C-ABE9-085B175E0A3F}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FF6252D1-84E0-4F48-B2C6-2D7651E773EA}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{1CBDF46B-00B4-4DAA-B83E-A11364084AB6}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{557A59B8-1B9F-4D0D-BA6D-1FB556335C79}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [UDP Query User{D4B4C37A-9F76-4426-AB5B-2D66DD85FAC8}D:\intellij idea community edition 2017.2\bin\idea64.exe] => (Block) D:\intellij idea community edition 2017.2\bin\idea64.exe
FirewallRules: [{5E3BDFE5-B496-4979-B82E-3BC18A0D5DD3}] => (Allow) D:\New folder (2)\New folder\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{76951B1F-B9D1-4DBC-AFE0-CFFD8234EEF5}] => (Allow) D:\New folder (2)\New folder\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{759B86D3-03E9-425A-99BC-416E41974886}D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{5B590641-FBE0-46BB-B057-11568C6818B4}D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{8BA05FCF-63B4-423D-B9A8-8C7461ECBCD0}D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe
FirewallRules: [UDP Query User{5DF0DAF9-5C45-4F77-AF0A-3F7AB2E688FE}D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\argo\argo_x64.exe
FirewallRules: [{B5C21A9E-DB11-4F7B-A536-1B8BF9AA34BF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5C475647-D5A6-46DD-900C-82F133D9BB58}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BD967804-A82E-4AAA-8FB6-1ABB2F8DDB12}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40C62935-BE7C-4539-B3D3-4E2CA03F1ED0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C44E0D2-70F7-48AC-8679-DAB20EEE97DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7D8EC086-C8B0-49C1-9647-F1F5EB4F5486}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{03401570-C2C7-4EB8-AF11-9B81B772D1DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AC0C17EF-8D3C-472C-923D-16336426DDF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{10AD4F33-7992-4BCB-9BA8-F945C26DCDD7}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [{6C73507C-C233-4426-84DF-D2E6CADADB65}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Dungeons and Dragons Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{0E71304B-21EF-4955-AB00-C51C5F16378C}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [UDP Query User{26E16434-9219-48D7-A23A-4F215922D6D5}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Allow) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [TCP Query User{C2735E07-FD60-42B0-8796-3759708D0783}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [UDP Query User{5D0E937E-6128-45C2-9D39-72F51CD34227}D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe] => (Block) D:\new folder (2)\new folder\steamapps\common\dungeons and dragons online\dndclient.exe
FirewallRules: [{6726B215-D9CB-4090-B751-F5237FDED3D3}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{FD1E7932-44B0-4B5B-9EEF-A1712B6AF7F1}] => (Allow) D:\New folder (2)\New folder\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{4EF81584-0681-453A-BA61-72F346867961}] => (Allow) C:\Users\Admin\Desktop\Steam.exe
FirewallRules: [{234BC233-4830-4E04-B880-F9A14E228E2E}] => (Allow) C:\Users\Admin\Desktop\Steam.exe
FirewallRules: [{870F9035-40EC-4828-8616-F6CA4A6F4AA0}] => (Allow) C:\Users\Admin\Desktop\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{493FD20F-9DFE-446F-9E3A-5DE43DF22D9A}] => (Allow) C:\Users\Admin\Desktop\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{40063A7C-4664-4E68-8E56-1C9950A203F8}] => (Allow) D:\New folder (2)\Steam.exe
FirewallRules: [{E4F1A5FC-D64E-43F3-9C61-2C968C6273A8}] => (Allow) D:\New folder (2)\Steam.exe
FirewallRules: [{3C003640-FD10-48C8-B4FB-E1872B53DEA8}] => (Allow) D:\New folder (2)\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A129B787-10DA-427A-8BB2-5A8ED8D7EAC1}] => (Allow) D:\New folder (2)\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{150DEEA3-D873-448E-9748-BF25EF245538}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5A58A401-1637-4856-A1FC-71A774EC4A64}] => (Allow) D:\New folder (2)\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{A207FF1E-F91B-4A18-A15A-0C5206870627}] => (Allow) D:\New folder (2)\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{8257390F-BA1E-4418-97A0-CDCF064B3DE0}] => (Allow) D:\New folder (2)\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{A2759450-9061-41A0-9641-26A219C7E5C3}] => (Allow) D:\New folder (2)\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
 
==================== Restore Points =========================
 
29-09-2017 19:24:18 End of disinfection
06-10-2017 21:55:28 Scheduled Checkpoint
08-10-2017 12:47:10 Removed (n)Code Solutions - PKI Component (Ver 3.0.0)
08-10-2017 12:47:42 Installed (n)Code Solutions - PKI Component (Ver 3.0.0)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2017 03:23:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10240.17319 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1048
 
Start Time: 01d341abcb2c5557
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 5918fc97-ad9f-11e7-9c93-9840bb3e6640
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/10/2017 03:09:22 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 22685 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 289
Executing Function:  ConfigTdpPolicy::onOperatingSystemConfigTdpLevelChanged
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 03:09:22 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 22655 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 152
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 03:09:22 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 22651 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 330
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 01:20:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BurnoutParadise.exe, version: 1.0.0.1, time stamp: 0x496dc296
Faulting module name: BurnoutParadise.exe, version: 1.0.0.1, time stamp: 0x496dc296
Exception code: 0xc0000005
Fault offset: 0x0042e18a
Faulting process id: 0x1680
Faulting application start time: 0x01d3419c5b14146a
Faulting application path: D:\burnout\BurnoutParadise.exe
Faulting module path: D:\burnout\BurnoutParadise.exe
Report Id: 7cb9c232-85a5-4d55-91e9-b3d4e41e19a6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/10/2017 01:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.17113, time stamp: 0x57cf95cb
Faulting module name: ntdll.dll, version: 10.0.10240.17184, time stamp: 0x580ee916
Exception code: 0xc0000374
Fault offset: 0x00000000000eaa2c
Faulting process id: 0x15e8
Faulting application start time: 0x01d3419c674d2315
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5b1625bd-acaa-418f-a3c1-cf87979b8cbd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/10/2017 01:17:54 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 27142 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 289
Executing Function:  ConfigTdpPolicy::onOperatingSystemConfigTdpLevelChanged
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 01:17:54 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 27107 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 152
Executing Function:  ConfigTdpPolicy::onBindDomain
Message:  ConfigTdp not supported.
Participant:  TCPU [0]
Domain:  PKG [0]
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 01:17:54 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 27103 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 330
Executing Function:  ConfigTdpPolicy::synchronizeConfigTdpPlatformSettings
Message:  ConfigTdp not supported.
Policy:  ConfigTDP Policy [0]
 
Error: (10/10/2017 01:04:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16766, time stamp: 0x56e8dba8
Faulting module name: combase.dll, version: 10.0.10240.17394, time stamp: 0x59029382
Exception code: 0xc0000602
Fault offset: 0x000000000012124d
Faulting process id: 0x111c
Faulting application start time: 0x01d34188c6fd715c
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\system32\combase.dll
Report Id: 5c50ea10-dfab-4993-8bd4-b99f97e12dd7
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (10/10/2017 03:19:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (10/10/2017 03:17:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (10/10/2017 03:17:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (10/10/2017 03:15:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (10/10/2017 03:15:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (10/10/2017 03:09:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (10/10/2017 01:21:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-PL742CC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-PL742CC\Abhay SID (S-1-5-21-1238717651-3256879073-989753507-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/10/2017 01:17:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:06:37 PM on ‎10/‎10/‎2017 was unexpected.
 
Error: (10/10/2017 12:58:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (10/10/2017 12:58:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 4 0x0 0x0
 
 
CodeIntegrity:
===================================
  Date: 2017-10-08 12:20:44.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-08 12:20:43.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-06 21:48:26.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-06 21:48:25.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 22:42:19.476
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 22:42:19.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 14:16:46.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 14:16:46.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-19 16:47:15.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-19 16:47:15.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-6006U CPU @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3965.14 MB
Available physical RAM: 1253.15 MB
Total Virtual: 4669.14 MB
Available Virtual: 1648.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.02 GB) (Free:58.56 GB) NTFS
Drive d: ( ) (Fixed) (Total:276.97 GB) (Free:225.39 GB) NTFS
Drive e: ( ) (Fixed) (Total:276.97 GB) (Free:258.22 GB) NTFS
Drive f: ( ) (Fixed) (Total:277.43 GB) (Free:270.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1C99BC2F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 PM

Posted 10 October 2017 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {7B5E9FCC-D4DD-4F1C-BFC0-5DAAE963D108} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-08-05] ()
C:\Windows\System32\Tasks\AutoKM
C:\Windows\AutoKMS
C:\Users\Admin\AppData\Local\{F74DEB18-5EAC-4E14-BC03-BB592F7DB538}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 PM

Posted 16 October 2017 - 07:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users