Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infested with lsanoci.exe and winldvk.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 HoneyLemonTea

HoneyLemonTea

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 02:17 PM

Thank you for reading

 

For the past few weeks, my laptop has been infested with the Isanoci.exe and winldvk.exe, they slow down the system, prevent me from opening some programs or download some antimalware software. I am able to kill the process in the Sysinternals process Explorer but they always come back every 20 mins after being killed. They located in Appdata folder and I could not granted access to it, even thou I am the admin. I have tried malwarebyte with no result and a lot of other options.

 Looking forward to hearing from everyone trying to help. I don't have a lot of knowledge about computing so please be patient with me. Appreciate all your help!

 

Virustotal link:

 

Lsanoci: https://www.virustotal.com/en/file/21ca3261d449ff2479a704f7706758f72426e72efc653f7c3e54c21434fe4182/analysis/

 

winldvk: https://www.virustotal.com/en/file/893a455bef027cea0bb0b0a95ba277b09e2573b8a08bd34fa1e2def438770d85/analysis/

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2017
Ran by Kevin1 (administrator) on KEVIN-PC (15-11-2017 14:08:54)
Running from C:\Users\Kevin1\Downloads
Loaded Profiles: Kevin1 (Available Profiles: Kevin1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\UniKey\UniKeyNT.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\lsanoci.exe
(Sysinternals - www.sysinternals.com) C:\Users\Kevin1\AppData\Local\Temp\Rar$EX00.934\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe
() C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2017-03-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [613536 2010-12-17] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-12-06] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-12] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1043771657-365200597-3188102359-1082\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
Startup: C:\Users\Kevin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-05-28]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F2237594-48CA-4B18-B601-B4E5E77FA50D}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-1043771657-365200597-3188102359-1082\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {72820D85-200D-41DF-99AB-7A4FD8F92BAF} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-09-15] (Perfect World Entertainment Inc)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2010-12-17] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 7krbt0po.default
FF ProfilePath: C:\Users\Kevin1\AppData\Roaming\Mozilla\Firefox\Profiles\7krbt0po.default [2017-11-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Users\Kevin\Desktop\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Kevin1\AppData\Local\Google\Chrome\User Data\Default [2017-11-15]
CHR Extension: (Skype) - C:\Users\Kevin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Kevin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-09-15] (Perfect World Entertainment Inc)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [151552 2010-10-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [53920 2010-12-17] (Atheros Commnucations) [File not signed]
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125168 2014-12-03] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3512928 2015-07-22] (INCA Internet Co., Ltd.)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-09-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-05-30] () [File not signed]
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [75264 2010-10-25] (Intel Corporation) [File not signed]
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2017-03-06] (Motorola Solutions, Inc.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-23] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-11-07] ()
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
S2 Htsysm; C:\Windows\SysWOW64\HtsysmNT.sys [2304 2010-11-04] () [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2017-03-06] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2017-05-30] () [File not signed]
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-10-04] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-10-04] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0037.sys [28768 2013-12-25] (SoftEther Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2011-03-18] (PC-Doctor, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
R4 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S1 MpKslf8841c8b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D606B65F-7350-4676-9BF8-5956FA76E7E0}\MpKslf8841c8b.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S2 rzpnk; \??\C:\Windows\system32\drivers\rzpnk.sys [X]
S4 SMR501; \SystemRoot\System32\drivers\SMR501.SYS [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-15 14:08 - 2017-11-15 14:08 - 000059323 _____ C:\Users\Kevin1\Downloads\Addition.txt
2017-11-15 14:05 - 2017-11-15 14:09 - 000020038 _____ C:\Users\Kevin1\Downloads\FRST.txt
2017-11-15 14:04 - 2017-11-15 14:08 - 000000000 ____D C:\FRST
2017-11-15 14:04 - 2017-11-15 14:04 - 002392576 _____ (Farbar) C:\Users\Kevin1\Downloads\FRST64.exe
2017-11-15 13:34 - 2017-11-15 13:34 - 026835016 _____ (Adlice Software) C:\Users\Kevin1\Downloads\RogueKiller_portable64.exe
2017-11-15 13:32 - 2017-11-15 13:32 - 036156920 _____ (Adlice Software ) C:\Users\Kevin1\Downloads\setup.exe
2017-11-15 13:22 - 2017-11-15 13:54 - 000000000 ____D C:\Users\Kevin1\AppData\Roaming\Wise Uninstaller
2017-11-15 12:38 - 2017-11-15 12:40 - 000001994 _____ C:\Users\Kevin1\Desktop\Rkill.txt
2017-11-15 12:38 - 2017-11-15 12:38 - 000841241 _____ C:\Users\Kevin1\Downloads\rkill.zip
2017-11-15 12:38 - 2017-11-15 12:38 - 000000000 ____D C:\Users\Kevin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-15 12:37 - 2017-11-15 12:37 - 005659763 _____ (Swearware) C:\Users\Kevin1\Downloads\ComboFix.exe
2017-11-15 11:51 - 2017-11-15 11:51 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-15 11:51 - 2017-11-15 11:51 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 11:51 - 2017-11-15 11:51 - 000002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 11:51 - 2017-11-15 11:51 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-15 11:50 - 2017-11-15 13:55 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-15 11:50 - 2017-11-15 11:55 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-15 11:50 - 2017-11-15 11:51 - 000000000 ____D C:\Users\Kevin1\AppData\Local\Google
2017-11-15 11:50 - 2017-11-15 11:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-15 11:50 - 2017-11-15 11:50 - 000003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 11:50 - 2017-11-15 11:50 - 000003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 11:47 - 2017-11-15 11:47 - 010849904 _____ (Piriform Ltd) C:\Users\Kevin1\Downloads\ccsetup537.exe
2017-11-15 11:44 - 2017-11-15 11:44 - 000000770 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UniKey.lnk
2017-11-15 11:44 - 2017-11-15 11:44 - 000000758 _____ C:\Users\Public\Desktop\UniKey.lnk
2017-11-15 11:44 - 2017-11-15 11:44 - 000000000 ____D C:\Program Files\UniKey
2017-11-15 11:43 - 2017-11-15 11:43 - 000780571 _____ (UniKey ) C:\Users\Kevin1\Downloads\UniKey-4.2RC4-140823-Setup_x64.exe
2017-11-15 11:30 - 2017-11-15 11:30 - 000000000 ____D C:\Users\Kevin1\Documents\League of Legends
2017-11-15 11:26 - 2017-11-15 11:42 - 000000000 ____D C:\Users\Kevin1\AppData\LocalLow\Mozilla
2017-11-15 11:26 - 2017-11-15 11:30 - 000000000 ____D C:\Users\Kevin1\AppData\Local\Mozilla
2017-11-15 11:26 - 2017-11-15 11:26 - 000001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-15 11:26 - 2017-11-15 11:26 - 000000000 ____D C:\Users\Kevin1\AppData\Roaming\Mozilla
2017-11-15 11:20 - 2017-11-15 11:49 - 000000000 ____D C:\Users\Kevin1\AppData\Local\CrashDumps
2017-11-15 11:13 - 2017-11-15 11:13 - 000282352 _____ C:\Users\Kevin1\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-15 11:13 - 2017-11-15 11:13 - 000000000 ____D C:\Users\Kevin1\Documents\My Received Files
2017-11-15 11:13 - 2017-11-15 11:13 - 000000000 ____D C:\Users\Kevin1\AppData\Roaming\Intel Corporation
2017-11-15 11:12 - 2017-11-15 11:12 - 000000000 ____D C:\Users\Kevin1\AppData\Local\CEF
2017-11-15 11:11 - 2017-11-15 13:59 - 000000000 ____D C:\Users\Kevin1\AppData\Local\lsanoci
2017-11-15 11:11 - 2017-11-15 13:59 - 000000000 ____D C:\Users\Kevin1\AppData\Local\ctfmnbu
2017-11-15 11:11 - 2017-11-15 11:11 - 000001375 _____ C:\Users\Kevin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-15 11:11 - 2017-11-15 11:11 - 000000000 ____D C:\Users\Kevin1\AppData\Roaming\Adobe
2017-11-15 11:10 - 2017-11-15 11:10 - 000000000 ____D C:\Users\Kevin1\AppData\Local\VirtualStore
2017-11-15 10:59 - 2017-11-15 10:59 - 000000000 ____D C:\Users\Kevin1\Desktop\Kevin
2017-11-15 10:54 - 2017-11-15 11:11 - 000000000 ____D C:\Users\Kevin1
2017-11-15 10:54 - 2017-11-15 11:10 - 000000000 ____D C:\Users\Kevin1\AppData\Local\SoftThinks
2017-11-15 10:54 - 2017-11-15 10:54 - 000000020 ___SH C:\Users\Kevin1\ntuser.ini
2017-11-15 10:54 - 2017-09-14 03:17 - 000000000 ____D C:\Users\Kevin1\AppData\Local\Microsoft Help
2017-11-15 10:54 - 2015-05-11 02:03 - 000002102 _____ C:\Users\Kevin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-11-15 10:54 - 2011-05-28 11:53 - 000000000 ___RD C:\Users\Kevin1\Desktop\Play Games
2017-11-15 10:42 - 2017-11-15 10:53 - 000245673 _____ C:\MGlogs.zip
2017-11-15 05:09 - 2017-11-15 05:09 - 000000207 _____ C:\Windows\tweaking.com-regbackup-KEVIN-PC-Windows-7-Home-Premium-(64-bit).dat
2017-11-15 05:09 - 2017-11-15 05:09 - 000000000 ____D C:\RegBackup
2017-11-15 04:43 - 2017-11-15 04:43 - 000000000 ___DL C:\Users\Default User
2017-11-15 04:43 - 2017-11-15 04:43 - 000000000 ___DL C:\Users\All Users
2017-11-15 04:43 - 2017-11-15 04:43 - 000000000 ___DL C:\Documents and Settings
2017-11-15 04:12 - 2017-11-15 04:12 - 000115536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrcfimp.sys
2017-11-15 04:03 - 2017-11-15 04:03 - 000003654 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-11-15 04:02 - 2017-11-15 04:02 - 000003192 _____ C:\Windows\System32\Tasks\Process Explorer-Kevin-PC-Kevin
2017-11-15 04:01 - 2017-11-15 04:01 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-11-15 03:57 - 2017-11-15 10:45 - 000000000 ____D C:\AdwCleaner
2017-11-15 03:44 - 2017-11-15 10:53 - 000000000 ____D C:\MGtools
2017-11-12 01:48 - 2017-11-12 01:48 - 000000996 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-11-12 01:48 - 2017-11-12 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-11-12 01:48 - 2017-11-12 01:48 - 000000000 ____D C:\Program Files\VS Revo Group
2017-11-12 01:46 - 2017-11-12 01:46 - 000000000 ____D C:\ProgramData\Babylon
2017-11-12 01:46 - 2017-11-12 01:46 - 000000000 ____D C:\Program Files\Unlocker
2017-11-11 23:39 - 2017-11-11 23:39 - 000001290 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2017-11-11 23:39 - 2017-11-11 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2017-11-11 23:39 - 2017-11-11 23:39 - 000000000 ____D C:\Program Files (x86)\Wise
2017-11-11 22:11 - 2017-11-11 23:18 - 000028490 _____ C:\Windows\system32\Drivers\SMR501.dat
2017-11-11 21:08 - 2017-11-11 22:11 - 000000000 ____D C:\NPE
2017-11-11 21:00 - 2017-11-11 21:00 - 000000000 ____D C:\ProgramData\Norton
2017-11-01 08:04 - 2017-11-01 08:04 - 000000103 _____ C:\Windows\SysWOW64\del.bat
2017-10-31 08:31 - 2017-10-31 08:31 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-10-31 08:09 - 2017-10-31 08:09 - 000001146 _____ C:\Users\Public\Desktop\Europa.Universalis.IV.v1.22.0.Incl.Third.Rome.DLC.Repack.lnk
2017-10-31 08:09 - 2017-10-31 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV Third Rome
2017-10-31 08:00 - 2017-10-31 08:08 - 000000000 ____D C:\Program Files (x86)\Europa Universalis IV Third Rome
2017-10-18 22:13 - 2017-11-15 03:24 - 000000000 ____D C:\Users\Kevin\AppData\Local\lsanoci

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-15 14:08 - 2009-07-13 21:34 - 017301504 _____ C:\Windows\system32\config\HARDWARE
2017-11-15 14:00 - 2013-07-19 22:14 - 000000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-11-15 11:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-15 11:51 - 2013-08-18 01:55 - 000000000 ____D C:\Program Files\CCleaner
2017-11-15 11:49 - 2013-08-18 01:55 - 000002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-15 11:26 - 2016-11-28 14:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-15 11:26 - 2015-07-31 14:16 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-15 11:23 - 2009-07-13 23:45 - 000019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-15 11:23 - 2009-07-13 23:45 - 000019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-15 11:15 - 2009-07-14 00:13 - 000775370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-15 11:13 - 2013-09-29 16:24 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2017-11-15 11:11 - 2011-05-28 11:29 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-11-15 11:10 - 2013-12-25 00:53 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2017-11-15 11:10 - 2011-05-28 12:02 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-11-15 11:10 - 2011-05-28 12:02 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-11-15 11:09 - 2009-07-14 02:44 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-15 11:06 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-15 11:01 - 2013-07-19 23:11 - 000000000 ____D C:\Users\Kevin
2017-11-15 10:37 - 2009-07-13 23:45 - 000981016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 05:34 - 2009-07-13 21:34 - 000000546 _____ C:\Windows\win.ini
2017-11-15 04:47 - 2014-03-15 07:12 - 000000000 ____D C:\Users\HomeGroupUser$
2017-11-15 04:46 - 2014-03-15 07:12 - 000000000 ____D C:\Users\Guest
2017-11-15 04:45 - 2014-03-15 07:12 - 000000000 ____D C:\Users\Administrator
2017-11-14 20:15 - 2013-07-23 21:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 20:15 - 2013-07-23 21:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 20:15 - 2013-07-23 21:24 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-14 20:15 - 2013-07-23 21:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-14 20:15 - 2011-05-28 11:13 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-14 14:01 - 2013-07-23 15:20 - 000003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2017-11-14 14:00 - 2013-07-19 22:14 - 000003448 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2017-11-14 07:40 - 2017-05-04 17:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 07:37 - 2015-11-01 23:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-11 23:46 - 2017-09-24 21:51 - 000000000 ____D C:\Program Files (x86)\AGB-GT
2017-11-07 21:16 - 2017-09-20 13:24 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-07 14:12 - 2017-09-17 21:54 - 000000000 ____D C:\Users\Kevin\AppData\Local\ctfmnbu
2017-11-07 01:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-23 11:43 - 2013-07-19 22:14 - 000000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2017-10-22 12:00 - 2013-07-19 22:14 - 000004268 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

==================== Files in the root of some directories =======

2016-12-13 15:51 - 2016-12-13 15:51 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-02 06:05

==================== End of FRST.txt ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2017
Ran by Kevin1 (15-11-2017 14:09:28)
Running from C:\Users\Kevin1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-20 04:11:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1043771657-365200597-3188102359-500 - Administrator - Disabled)
Guest (S-1-5-21-1043771657-365200597-3188102359-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1043771657-365200597-3188102359-1002 - Limited - Enabled)
Kevin1 (S-1-5-21-1043771657-365200597-3188102359-1082 - Administrator - Enabled) => C:\Users\Kevin1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.45 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CrossFire (HKLM-x32\...\CrossFire_is1) (Version: 1213 - Z8Games.com)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.1.0.0103 - Disc Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Europa.Universalis.IV.v1.22.0.Incl.Third.Rome.DLC.Repack version 1.22.0 (HKLM-x32\...\{C3C65A35-CB28-4220-AEF7-946BD52D991D}}_is1) (Version: 1.22.0 - Ali213.net)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Might and Magic 4 Complete (HKLM-x32\...\Heroes of Might and Magic 4 Complete_is1) (Version:  - GOG.com)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{03703CBB-563D-45CE-8B35-CB04CAB258BE}) (Version: 2.1.38.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java™ SE Development Kit 6 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160210}) (Version: 1.6.0.210 - Oracle)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mount and Blade Warband - Viking Conquest Reforged Edition (HKLM-x32\...\Mount and Blade Warband - Viking Conquest Reforg~0F961404_is1) (Version:  - )
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.2.22.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.712 - Razer Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SilkroadR (HKLM-x32\...\SilkroadR) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Torchlight 2 (HKLM-x32\...\1958228073_is1) (Version: 2.0.0.2 - GOG.com)
Total War ATTILA Age of Charlemagne version 1.6.0.0 (HKLM-x32\...\Total War ATTILA Age of Charlemagne_is1) (Version: 1.6.0.0 - KNIGHT)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
UniKey 4.0 (HKLM-x32\...\UniKey) (Version: 4.0 - Pham Kim Long)
UniKey version 4.2 RC4 (HKLM\...\{8DB56539-5BB2-4D7E-B4E3-5DB718C99CF3}_is1) (Version: 4.2 RC4 - UniKey)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wise Program Uninstaller 2.1.4 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.1.4 - WiseCleaner.com, Inc.)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2010-12-17] (Atheros Commnucations)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2010-12-17] (Atheros Commnucations)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025BDEFC-6189-445B-9311-3820EC71537A} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {061E96FB-B0DE-4D01-89CB-6677D7FDF336} - System32\Tasks\{C698B963-108E-4780-B84E-2E2710C7E3C5} => C:\GOG Games\Risen\bin\Risen.exe
Task: {080F91CB-45FB-4987-8A7C-AFC9D2BF8EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-15] (Google Inc.)
Task: {0FD3E9ED-3D6F-49DA-ABD9-B38154CC38AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-15] (Google Inc.)
Task: {1A58EC2B-81C1-49F3-9C55-4135A0207D97} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {23766D62-2F4B-4814-9EC4-F0B72DA3C720} - System32\Tasks\{324904CA-3094-4E78-B9AE-09CD3919B2BD} => C:\Program Files (x86)\SEGA\Dawn of War 2\DOW2.exe
Task: {3B8D51CF-0ACA-4745-BBB8-A4668A39BB09} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {3E2FEFA7-5AB3-4DAA-B177-BC70F7AE0A17} - System32\Tasks\Process Explorer-Kevin-PC-Kevin => C:\USERS\KEVIN\APPDATA\LOCAL\TEMP\RAR$EX00.912\PROCEXP64.EXE <==== ATTENTION
Task: {41710FC2-4DAD-47B0-A198-A6925A621F8D} - System32\Tasks\{BDDF2473-8985-4BE9-8FE0-B80B1D5A9FA9} => C:\Windows\system32\pcalua.exe -a "D:\Total War WARHAMMER\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "D:\Total War WARHAMMER\_CommonRedist\vcredist\2010"
Task: {51F71FA7-46E2-4EA2-9301-423CD9E4F580} - System32\Tasks\{1D94882C-C754-45C6-88B2-883A51FFEA1A} => C:\GOG Games\Risen\bin\Risen.exe
Task: {54C6B0CE-AEF7-4A54-B22A-53369323C084} - System32\Tasks\{29822BBC-52DF-4CE9-A9B8-A079DE68439E} => C:\Program Files (x86)\SEGA\Dawn of War 2\DOW2.exe
Task: {5F0C6BA7-1C48-48A6-835B-A5C5F7BF9AC3} - System32\Tasks\{3A1FCEF8-2B95-48F5-8B7F-CBC29DEA7077} => C:\Windows\system32\pcalua.exe -a C:\Users\Kevin\Downloads\Setup4.2.19.0.exe -d C:\Users\Kevin\Downloads
Task: {6FA561D9-0090-4837-A9A8-2EEA8E471D8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-09-25] (AVAST Software)
Task: {8F98C6B2-1AFF-4EDC-AFAB-AAF4C4A2D012} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {8F98C6B2-1AFF-4EDC-AFAB-AAF4C4A2D012} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {933F2A04-34DC-4CB5-84B0-0DEEE2B5873B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {9536482B-227C-47C2-8560-522B982B264B} - System32\Tasks\{7DC3BFC4-EE6C-4693-9FB7-2FC969DF644B} => C:\Windows\system32\pcalua.exe -a G:\FairLight\Installer.exe -d G:\FairLight
Task: {96515438-03EC-4D04-AF3F-8C2DEBA909F8} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {A7AA282D-5F2F-42F2-982E-C84C645DC2E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {BBA1D456-DF8F-4095-8D8C-F0B324CD41E7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {C854A2DC-4C13-43B8-AC81-E12C9FAB2947} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {CEF4914B-C075-4D72-A682-F49DEEC39520} - System32\Tasks\{8EC7773F-511B-4BD7-B2F3-6AA1742F769C} => C:\GOG Games\Risen\bin\Risen.exe
Task: {CF892F46-AF3C-4D55-8931-298F291994F0} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {CF892F46-AF3C-4D55-8931-298F291994F0} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {D8E1116F-D203-4765-BCFE-87D2E3B19338} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E9F78FDE-B526-4E59-8515-A4B3A35E254E} - System32\Tasks\{CA169ABE-4EF6-4D88-946E-C51E2C789752} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-19 17:09 - 2017-07-19 17:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-09-20 13:24 - 2017-11-07 21:16 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-07-20 00:31 - 2005-06-07 12:26 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-06-27 16:10 - 2012-01-20 13:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 000102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2017-11-15 11:44 - 2014-08-23 16:24 - 000521216 _____ () C:\Program Files\UniKey\UniKeyNT.exe
2017-10-27 21:21 - 2017-10-27 21:21 - 000927744 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\lsanoci.exe
2017-10-19 12:18 - 2017-10-19 12:18 - 001089536 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe
2013-08-07 14:27 - 2013-08-07 14:27 - 000110088 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-02-10 17:39 - 2015-02-10 17:39 - 000169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2015-02-10 14:27 - 2011-01-12 17:56 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Kevin1\AppData\Local\lsanoci\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\config:! [0]
AlternateDataStreams: C:\Windows\system32\Drivers\cpoqjxva.sys:changelist [1794]
AlternateDataStreams: C:\Windows\system32\Drivers\dnojfqvk.sys:changelist [1794]
AlternateDataStreams: C:\ProgramData\Temp:4ABA35EE [145]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-11 02:47 - 2017-11-15 05:34 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1043771657-365200597-3188102359-1082\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: Chicony_OSD => "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
MSCONFIG\startupreg: ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291325\plugins\TBVerifier.dll",RunConduitFloatingPlugin gipmblamjgodbimgeafaiegdpfbaeihe
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Kevin\AppData\Local\Apps\2.0\G1RWWDLQ.TXH\YBLZ6N3E.3BE\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: paio => "C:\NguLong\TCLS\paio.exe" /startup
MSCONFIG\startupreg: PDVD9LanguageShortcut => "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B334F673-6391-4444-8915-622A6B0E3741}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{361448D4-CEF7-4A0D-B09E-1457A4911E08}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{6FF97981-7980-4C64-A672-F2186EC44B0E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [TCP Query User{E6BFEC09-F2A4-4348-B47C-14BB1F839486}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{889D8CD2-3D9A-4C2A-AD9D-C6EC2ACA496F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{BD34207E-C6C1-4C1C-AA4B-FDE0FFCACBB3}] => (Allow) LPort=8370
FirewallRules: [{EA9FF757-6B97-4132-AB7B-94DC4C8FD5A9}] => (Allow) LPort=8370
FirewallRules: [TCP Query User{D4A9C42E-20DE-4FE3-B154-703AF6202255}F:\pando networks\media booster\pmb.exe] => (Allow) F:\pando networks\media booster\pmb.exe
FirewallRules: [UDP Query User{ED500935-C561-4D9B-A655-FDA48CC2E510}F:\pando networks\media booster\pmb.exe] => (Allow) F:\pando networks\media booster\pmb.exe
FirewallRules: [{E5B4805F-C87F-4414-ADE2-FF747DEE3949}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{22144EC2-E7C7-48B3-AEB8-A7A9F303C4B5}F:\half-life\hl.exe] => (Block) F:\half-life\hl.exe
FirewallRules: [UDP Query User{DDEA9728-6614-4F20-86D0-40B8AAF4A348}F:\half-life\hl.exe] => (Block) F:\half-life\hl.exe
FirewallRules: [{E08A0DE6-6499-4CC8-AD9A-41B06620D704}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{E66B2DE0-1021-4C32-9DA0-95451EAE5263}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{168C9034-0132-4C05-901F-D5F8144917E4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{E326CD55-A131-4B5D-B6B7-A9CF3CA7A890}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{6982B3E7-4916-492F-A3D7-E8D5713EE153}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{2282003B-370B-49E9-B5AA-759AC88240B4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{78035879-A2D4-4DB8-944B-8CACC4F45FFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{601A087F-5EB9-4FF7-901D-414BAC51D898}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{CBE486A0-C24F-41EB-9398-7EA64BDD161A}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrB.exe
FirewallRules: [{938A3886-E967-473F-A74C-88582CD4F28E}] => (Allow) C:\WINDOWS\SysWOW64\PnkBstrB.exe
FirewallRules: [{CDFF75AC-FCBB-4CCF-8276-52A054D719D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{289D3303-61ED-49DE-BBD8-41791ECC97C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [TCP Query User{4374234C-3F7D-4ABC-B699-4180C4BECE2A}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{F374CB6C-9828-4539-8936-42B29AE12655}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{EFFC7482-E26A-49E1-B083-7A9CEB1A9A2C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA961C3F-F4D0-4B06-94CC-B573951F96D0}] => (Allow) LPort=2869
FirewallRules: [{63C799ED-85F2-42B3-A5E4-A3628DD3A272}] => (Allow) LPort=1900
FirewallRules: [{0BF7D8C6-8B57-40F8-B5C3-DDC25B226208}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{A8598FA4-1514-46C7-84C0-3D18152FF52C}D:\total war - rome ii\rome2.exe] => (Allow) D:\total war - rome ii\rome2.exe
FirewallRules: [UDP Query User{85C8BEEF-67D9-4FBE-B812-D29C8F3BA3B2}D:\total war - rome ii\rome2.exe] => (Allow) D:\total war - rome ii\rome2.exe
FirewallRules: [{29785E52-92FC-4024-BFA4-15C82B6DF1DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BED3F37C-834D-469B-9D9E-1830015DE08E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90B263B3-E490-4BF1-A114-283B69379EC9}F:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) F:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{3200FE50-F6D6-4DB6-B7F1-5DACAC717D44}F:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) F:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [{9488A132-6136-46C2-B107-B4E334B0574B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AC486B1-E3A2-4D5A-8CAC-266D6CEE9865}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64500868-1711-4BB4-B5FE-4B66D9DA7574}] => (Allow) D:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{57233565-6FC3-4DF9-A265-270BB444B4FC}] => (Allow) D:\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A3782A54-1E9A-43E6-A843-4B0E1486EDAB}] => (Allow) D:\World_of_Tanks\worldoftanks.exe
FirewallRules: [{7A55A434-CA47-43FC-8389-1A0E597B9C6D}] => (Allow) D:\World_of_Tanks\worldoftanks.exe
FirewallRules: [{5A6A428D-401E-429A-A114-1FB5DC221166}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6C5E1E8E-D82D-4DA0-BE05-007DE46071B8}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0D28FC4D-7968-4DA6-85CE-5AF860863B03}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{0BC4E1A8-ACBD-49E5-BE5F-74692384142E}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{6BF8181D-9E3D-47D8-A1E4-0A17F45A8BA4}C:\gog games\torchlight 2\torchlight2.exe] => (Allow) C:\gog games\torchlight 2\torchlight2.exe
FirewallRules: [UDP Query User{56FDC7F9-3725-4B94-9A5C-077AA87D5B85}C:\gog games\torchlight 2\torchlight2.exe] => (Allow) C:\gog games\torchlight 2\torchlight2.exe
FirewallRules: [TCP Query User{0104913F-C26F-43D1-8D04-6343DC836E84}C:\program files (x86)\knight\total war attila age of charlemagne\attila.exe] => (Allow) C:\program files (x86)\knight\total war attila age of charlemagne\attila.exe
FirewallRules: [UDP Query User{0391A6F9-8008-4FAA-A82D-7ED2C8B2B768}C:\program files (x86)\knight\total war attila age of charlemagne\attila.exe] => (Allow) C:\program files (x86)\knight\total war attila age of charlemagne\attila.exe
FirewallRules: [TCP Query User{CC817353-23B9-4BAE-8837-FF28C9AB4D28}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [UDP Query User{83E1E75F-6D9D-476E-A756-63A57C5DCD13}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe
FirewallRules: [TCP Query User{9DD7B90D-E81A-452F-8611-7B8405B717BB}D:\new folder (2)\age.of.empires.ii.hd.edition.v5.3.1\age.of.empires.ii.hd.edition.v5.3.1\aoe\aok hd.exe] => (Allow) D:\new folder (2)\age.of.empires.ii.hd.edition.v5.3.1\age.of.empires.ii.hd.edition.v5.3.1\aoe\aok hd.exe
FirewallRules: [UDP Query User{C466ABD0-CDC0-4669-9423-A02C7ED50ECC}D:\new folder (2)\age.of.empires.ii.hd.edition.v5.3.1\age.of.empires.ii.hd.edition.v5.3.1\aoe\aok hd.exe] => (Allow) D:\new folder (2)\age.of.empires.ii.hd.edition.v5.3.1\age.of.empires.ii.hd.edition.v5.3.1\aoe\aok hd.exe
FirewallRules: [TCP Query User{5D868AEA-997C-469A-8E60-CCCAA23DB580}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{851DFA36-07DF-4AB9-952A-5BDC32891C15}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{97C9A863-E0F5-4DF5-B659-5A920A40238B}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{D661ACB9-B82A-4D0E-8B92-622BE5BB1612}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{096418F6-A766-4158-B070-32F57F864A17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-11-2017 03:00:17 Windows Update
14-11-2017 03:00:19 Windows Update
15-11-2017 03:00:32 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: rzpnk
Description: rzpnk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rzpnk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKslf8841c8b
Description: MpKslf8841c8b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslf8841c8b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2017 11:20:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxUI.exe, version: 8.15.10.4229, time stamp: 0x55653f55
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1bbc
Faulting application start time: 0x01d35e2da772deed
Faulting application path: C:\WINDOWS\System32\GfxUI.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: ec64feeb-ca20-11e7-9b0d-bc77376d589d

Error: (11/15/2017 11:20:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxUI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 000007FEFD21B3DD
Stack:

Error: (11/15/2017 11:15:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: main.exe, version: 5.2.22.0, time stamp: 0x548a99c2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1798
Faulting application start time: 0x01d35e2ca658e15a
Faulting application path: C:\Program Files (x86)\Razer\Razer Cortex\main.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 27006bf0-ca20-11e7-9b0d-bc77376d589d

Error: (11/15/2017 11:14:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: main.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception

Exception Info: System.DllNotFoundException
   at MS.Internal.NativeWPFDLLLoader.LoadNativeWPFDLL(UInt16*, UInt16*)
   at MS.Internal.NativeWPFDLLLoader.LoadCommonDLLsAndDwrite()
   at <Module>.CModuleInitialize.{ctor}(CModuleInitialize*, Void ())
   at <Module>.?A0x721f77f1.CreateCModuleInitialize()
   at <Module>.?A0x721f77f1.??__E?A0x721f77f1@cmiStartupRunner@@YMXXZ()
   at <Module>._initterm_m(Void* ()*, Void* ()*)
   at <Module>.<CrtImplementationDetails>.LanguageSupport.InitializePerAppDomain(<CrtImplementationDetails>.LanguageSupport*)
   at <Module>.<CrtImplementationDetails>.LanguageSupport._Initialize(<CrtImplementationDetails>.LanguageSupport*)
   at <Module>.<CrtImplementationDetails>.LanguageSupport.Initialize(<CrtImplementationDetails>.LanguageSupport*)

Exception Info: <CrtImplementationDetails>.ModuleLoadException
   at <Module>.<CrtImplementationDetails>.LanguageSupport.Initialize(<CrtImplementationDetails>.LanguageSupport*)
   at <Module>..cctor()

Exception Info: System.TypeInitializationException
   at Razer.Kel.GUI.SingleInstanceApplicationWrapper.OnStartup(Microsoft.VisualBasic.ApplicationServices.StartupEventArgs)
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at Razer.Kel.GUI.Startup.Main(System.String[])

Error: (11/15/2017 11:13:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe".Error in manifest or policy file "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" on line 0.
Invalid Xml syntax.

Error: (11/15/2017 11:10:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/15/2017 11:10:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/15/2017 11:01:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Kevin-PC)
Description: Windows cannot delete the profile directory C:\Users\Kevin. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (11/15/2017 10:59:28 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user 'S-1-5-21-1043771657-365200597-3188102359-1000' in response to user profile deletion.  Error code 0x8007043C.

This service cannot be started in Safe Mode
.

Error: (11/15/2017 05:38:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: )
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (11/15/2017 11:49:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/15/2017 11:49:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/15/2017 11:18:16 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Error: (11/15/2017 11:18:07 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Error: (11/15/2017 11:16:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/15/2017 11:10:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (11/15/2017 11:09:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BuddyVM service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/15/2017 11:09:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rzpnk service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/15/2017 11:08:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (11/15/2017 11:08:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Htsysm service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-11-15 11:08:40.392
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-15 11:08:40.361
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-15 11:08:35.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-15 11:08:35.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-14 22:32:18.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-14 22:32:18.769
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-14 22:32:05.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-14 22:32:05.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-11 23:24:03.085
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-11-11 23:24:03.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 63%
Total physical RAM: 6038.17 MB
Available physical RAM: 2180.21 MB
Total Virtual: 12074.54 MB
Available Virtual: 8047.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:242.4 GB) (Free:62.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:208.61 GB) (Free:38.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=242.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=208.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


Edited by HoneyLemonTea, 15 November 2017 - 02:20 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 15 November 2017 - 03:30 PM

Hi HoneyLemonTea :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 06:54 PM

Hi Aura,

 

Thank for replying.

 

Unfortunately, both the MBAR and the MBAR Supplement won't work. I tried to run it under admin and still nothing happen. I also followed the guide to extract the supplement MBAR to desktop but it also won't work.

 

Looking to hear from you :)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 15 November 2017 - 07:44 PM

When you say it doesn't work, do you mean, you try to execute the installer, and it won't even open, or are you getting an error message? If the later, what error are you getting?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 07:55 PM

Hi aura,

 

It won't even open, not even show up in task manager process tab.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 15 November 2017 - 07:58 PM

Here's a zipped version.

https://support.malwarebytes.com/docs/DOC-1267

Extract it, and try to launch the MBAR.exe file inside with Admin Rights.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 08:01 PM

Hi Aura,

 

I did, even to desktop with the recommendation, run it as admin, and it still not open.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 15 November 2017 - 08:32 PM

If you run the mbar.cmd file (with Admin Rights), does it works?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 08:36 PM

Hi Aura,

 

running the mbar.cmd file under Admin Rights is working. Its scanning right now. I will post the log after it finish.

 

Thank you for replying.



#10 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 10:14 PM

Hi Aura,

 

The program detected and kill a lot of malwares. After reboot everything seem fine for now. I just want to make sure that the malwares are completely gone.

 

This is the log from mbar.

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.11.15.11
  rootkit: v2017.10.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Kevin1 :: KEVIN-PC [administrator]

11/15/2017 8:34:27 PM
mbar-log-2017-11-15 (20-34-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 399159
Time elapsed: 28 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\SYSTEM32\drivers\cdrcfimp.sys (Rootkit.Agent.PUA) -> Delete on reboot. [c7ffa50f84f819175b92b07bd4bdd80e]
C:\Users\Kevin\AppData\Local\lsanoci\lsanoci.exe (Trojan.Clicker) -> Delete on reboot. [9e399d659614d46291d41cdfe21fb749]
C:\Users\Kevin\AppData\Local\lsanoci\winldvk.exe (Adware.Yelloader) -> Delete on reboot. [0bcc05fd664446f0ff88a5c8a75a5ea2]
C:\Users\Kevin1\AppData\Local\lsanoci\lsanoci.exe (Trojan.Agent) -> Delete on reboot. [4493db27f9b147efaedc011cf909f10f]
C:\Users\Kevin1\AppData\Local\lsanoci\winldvk.exe (Adware.Yelloader) -> Delete on reboot. [ad2a10f2b3f7f1455d2aea835ca5db25]
C:\WINDOWS\System32\config\systemprofile\AppData\Local\lsanoci\lsanoci.exe (Trojan.Clicker) -> Delete on reboot. [33a462a0baf0f73f1a4b57a4768bd030]
C:\WINDOWS\System32\config\systemprofile\AppData\Local\lsanoci\winldvk.exe (Adware.Yelloader) -> Delete on reboot. [e0f74db5f9b1b3834c3bdb92e12034cc]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 15 November 2017 - 10:46 PM

That's awesome news. There's still a lot left to be done though. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 15 November 2017 - 11:24 PM

Hi Aura,

 

This is the malwarebyte log

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/15/17
Scan Time: 10:52 PM
Log File: 9bbd9929-ca81-11e7-8add-bc77376d589d.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3267
License: Expired

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin-PC\Kevin1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 475491
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 27 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 16 November 2017 - 08:12 AM

Good! Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 HoneyLemonTea

HoneyLemonTea
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 16 November 2017 - 11:25 PM

Hi Aura,

I just finish my workday so apologize for the late reply.

 

This is the adwarecleaner log:

 

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 17 02:46:01 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-15-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [11317 B] - [2017/11/15 9:10:2]
C:/AdwCleaner/AdwCleaner[C1].txt - [1469 B] - [2017/11/15 9:24:4]
C:/AdwCleaner/AdwCleaner[S0].txt - [12549 B] - [2017/11/15 9:5:9]
C:/AdwCleaner/AdwCleaner[S1].txt - [1329 B] - [2017/11/15 9:23:30]
C:/AdwCleaner/AdwCleaner[S2].txt - [1222 B] - [2017/11/15 15:45:6]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

 

This is the RogueKiller log:

 

RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kevin1 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/16/2017 21:42:19 (Duration : 01:16:33)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {166EECC4-C76C-4609-8D4B-D863B3A05B18} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=c:\users\kevin\appdata\roaming\tencent\vng game client\261ce0bb3c1e0e0cf6fa32ad0f968d5f\teniodl\teniodl.exe|Name=TenioDL??????|Desc=TenioDL??????|Edge=TRUE| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C55FA572-D01C-4978-989A-DA95068C976B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=c:\users\kevin\appdata\roaming\tencent\vng game client\261ce0bb3c1e0e0cf6fa32ad0f968d5f\teniodl\teniodl.exe|Name=TenioDL??????|Desc=TenioDL??????|Edge=TRUE| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {166EECC4-C76C-4609-8D4B-D863B3A05B18} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=c:\users\kevin\appdata\roaming\tencent\vng game client\261ce0bb3c1e0e0cf6fa32ad0f968d5f\teniodl\teniodl.exe|Name=TenioDL??????|Desc=TenioDL??????|Edge=TRUE| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C55FA572-D01C-4978-989A-DA95068C976B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=c:\users\kevin\appdata\roaming\tencent\vng game client\261ce0bb3c1e0e0cf6fa32ad0f968d5f\teniodl\teniodl.exe|Name=TenioDL??????|Desc=TenioDL??????|Edge=TRUE| [x] -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{CA169ABE-4EF6-4D88-946E-C51E2C789752} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (https://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?page=tsMain) -> Deleted

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> Deleted
[PUP.HackTool][Folder] C:\WINDOWS\AutoKMS -> Deleted
[PUP.HackTool][File] C:\WINDOWS\AutoKMS\AutoKMS.ini -> Deleted
[PUP.HackTool][File] C:\WINDOWS\AutoKMS\AutoKMS.log -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> ERROR [3]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-75HXZ SCSI Disk Device +++++
--- User ---
[MBR] 4310b67f39c407165e840a44c6efca25
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30928896 | Size: 248218 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 539281408 | Size: 213618 MB
User = LL1 ... OK
User = LL2 ... OK

 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:10 AM

Posted 17 November 2017 - 08:00 AM

All good no worries :) Now, run a new scan with FRST and provide me a fresh set of logs as we'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users