Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Rkill detected a PUP/GEN


  • This topic is locked This topic is locked
11 replies to this topic

#1 whistlingswordsman

whistlingswordsman

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 05 December 2017 - 04:57 AM

Hi, I am redirected here from the Am I Infected subforum.  I ran Rkill and it listed the following:

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/04/2017 04:45:06 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * NDISRD Stopped. [PUP/GEN]
 
1 service stopped!
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 12/04/2017 04:45:13 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
 
The following are from logs from FRST.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Administrator (administrator) on CHENG-PC (05-12-2017 04:48:32)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: eb1 & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
( ) C:\Windows\System32\dlbxcoms.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(hxxp://tortoisesvn.net) F:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Mixesoft Project) C:\Users\Administrator\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Administrator\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-06-14] (Broadcom Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] => f:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe [235002 2011-06-09] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1384608 2012-07-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5565296 2015-12-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [Steam] => F:\Program Files (x86)\Steam\Steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2016-03-03] (Tonec Inc.)
HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Run: [appnhost] => C:\Users\Administrator\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-03-09]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2017-10-24]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CBBF6BF-5D9B-4383-93C1-E5F26BFA0BAE}: [DhcpNameServer] 192.168.74.1
Tcpip\..\Interfaces\{2E32E192-B077-4863-B86A-45AEDEEAD50A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B8EA9147-0066-4127-BA38-3DF6981347ED}: [DhcpNameServer] 192.168.56.2
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-37779939-3967571366-2390344075-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-37779939-3967571366-2390344075-500 -> DefaultScope {EE3CC798-3379-40D9-B42A-59A2230039BE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-37779939-3967571366-2390344075-500 -> {EE3CC798-3379-40D9-B42A-59A2230039BE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-25] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-25] (Oracle Corporation)
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} hxxps://extraweb-americas.ey.com/home/extraweb/iNotes6.cab
DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} hxxps://extraweb-americas.ey.com/MAIL002/dwa8W.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default [2017-12-04]
FF Homepage: Mozilla\Firefox\Profiles\qpu09jw6.default -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\qpu09jw6.default -> backup.ftp", "27.34.142.47"
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27] [Lagacy]
FF Extension: (Ghostery) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\firefox@ghostery.com.xpi [2017-03-25]
FF Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\https-everywhere@eff.org.xpi [2016-11-27] [Lagacy]
FF Extension: (Tab Grenade) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2016-06-08] [Lagacy]
FF Extension: (Open In Chrome) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\openinchrome@griffeltavla.wordpress.com.xpi [2016-09-20] [Lagacy]
FF Extension: (Tree Style Tab) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2016-11-27] [Lagacy]
FF Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-25] [Lagacy]
FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-07-29] [Lagacy]
FF Extension: (NoScript) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-25] [Lagacy]
FF Extension: (gtranslate) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2017-03-25] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-27] [Lagacy]
FF Extension: (Auto Unload Tab) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{d3c46ca0-999d-11da-a72b-0800200c9a66}.xpi [2016-11-27] [Lagacy]
FF Extension: (BetterPrivacy) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qpu09jw6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-27] [Lagacy]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-08-14] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (avast! WebRep) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-05] [Lagacy] [not signed]
FF HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - F:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-27] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-27] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\npplugin2.dll [2013-02-22] (PPLive Corporation)
FF Plugin-x32: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> F:\Users\Administrator\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\Administrator\AppData\Local\Fancy\npfancygame.dll [2013-09-23] (Beijing FancyGuo Tech Ltd)
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: wwwxiamicom.com/sharetingplugin -> C:\Users\Administrator\AppData\Roaming\XMusicUpdate\npsharetingplugin.dll [2014-02-23] (www.xiami.com)
StartMenuInternet: FIREFOX.EXE - F:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]
CHR Extension: (Google Translate) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-23]
CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Tabs Outliner) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-10-23]
CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-30]
CHR Extension: (Click&Clean) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-11-26]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-29]
CHR Extension: (Ghostery) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-12-03]
CHR Extension: (IDM Integration Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-07-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2015-09-19] (ASUSTeK Computer Inc.) [File not signed]
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-04-16] (CyberGhost S.R.L)
R2 dlbx_device; C:\Windows\system32\dlbxcoms.exe [567280 2007-02-28] ( )
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-06] (DTS, Inc)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2012-06-14] (Broadcom Corporation) [File not signed]
S4 XMusicServer; C:\Users\Administrator\AppData\Roaming\XMusicUpdate\XMusicServer.exe [1578624 2014-02-27] (xiami)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-11] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-12-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-12-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-12-05] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl6de672ac; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42A4B7A9-BA65-4C73-92EE-8D7489192A84}\MpKsl6de672ac.sys [58120 2017-12-04] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies)
S3 WinRing0_1_2_0; C:\Users\Administrator\Downloads\RealTemp_370\WinRing0x64.sys [14544 2012-06-23] (OpenLibSys.org)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 AIDA64Driver; \??\C:\Users\Administrator\Desktop\! Black OPS StormDisk V5.5\Programs\AIDA64\kerneld.x64 [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-05 04:48 - 2017-12-05 04:48 - 000038880 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-12-04 22:05 - 2017-12-04 22:05 - 002391552 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64 (1).exe
2017-12-04 21:05 - 2017-12-05 04:16 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-04 21:05 - 2017-12-04 21:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-04 21:05 - 2017-12-04 21:05 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-04 21:05 - 2017-12-04 21:05 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-04 21:05 - 2017-12-04 21:05 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-04 19:18 - 2017-12-04 19:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2017-12-04 19:14 - 2017-12-04 19:14 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Administrator\Desktop\esetonlinescanner_enu.exe
2017-12-04 05:43 - 2017-12-04 19:16 - 000040622 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-04 05:43 - 2017-12-04 19:16 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-04 05:43 - 2017-12-04 19:15 - 000178293 _____ C:\Windows\ZAM.krnl.trace
2017-12-04 05:43 - 2017-12-04 05:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-12-04 05:42 - 2017-12-04 05:42 - 006625600 _____ (Zemana Ltd. ) C:\Users\Administrator\Downloads\Zemana.AntiMalware.Setup (1).exe
2017-12-04 04:44 - 2017-12-04 04:44 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkiunsigned.exe
2017-12-04 04:37 - 2017-12-04 04:37 - 000072594 _____ C:\ComboFix.txt
2017-12-03 21:19 - 2017-12-03 21:20 - 000503414 _____ C:\TDSSKiller.3.1.0.12_03.12.2017_21.19.10_log.txt
2017-12-03 20:19 - 2017-12-03 20:19 - 000399736 _____ (BitTorrent, Inc.) C:\Users\Administrator\Downloads\utorrent_2.2.1_build_25302.exe
2017-12-03 15:31 - 2017-12-03 15:31 - 000088724 _____ C:\Users\Administrator\Downloads\Shortcut.txt
2017-12-03 15:28 - 2017-12-03 15:31 - 000075156 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-12-03 15:27 - 2017-12-03 15:31 - 000127641 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-12-03 15:27 - 2017-12-03 15:27 - 002391552 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-12-03 15:14 - 2017-12-03 15:09 - 000074533 _____ C:\Users\Administrator\Desktop\ComboFix.txt
2017-12-03 15:02 - 2017-12-04 05:16 - 000000000 ____D C:\Windows\erdnt
2017-12-03 14:29 - 2017-12-03 21:27 - 000001574 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-12-03 13:52 - 2017-12-03 13:52 - 000258910 _____ C:\TDSSKiller.3.1.0.12_03.12.2017_13.52.03_log.txt
2017-12-03 13:04 - 2017-12-03 13:04 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill_2.9.1.0.exe
2017-12-03 12:48 - 2017-12-04 05:53 - 000002014 _____ C:\Users\Administrator\Desktop\Rkill.txt
2017-12-03 12:48 - 2017-12-03 12:48 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill_2.9.1.0.exe
2017-12-03 12:47 - 2017-12-03 12:47 - 008187336 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.0.5.0.exe
2017-12-03 12:30 - 2017-12-03 12:30 - 000030988 _____ C:\Users\Administrator\Downloads\ckd05.torrent
2017-12-03 12:28 - 2017-12-03 12:29 - 000038937 _____ C:\Users\Administrator\Downloads\tem064.torrent
2017-12-03 12:17 - 2017-12-03 12:17 - 000037576 _____ C:\Users\Administrator\Downloads\tem065.torrent
2017-12-03 12:16 - 2017-12-03 12:16 - 000079418 _____ C:\Users\Administrator\Downloads\lxvs041.torrent
2017-12-03 12:16 - 2017-12-03 12:16 - 000068095 _____ C:\Users\Administrator\Downloads\aka050.torrent
2017-12-03 12:15 - 2017-12-03 12:15 - 000080278 _____ C:\Users\Administrator\Downloads\lxvs042.torrent
2017-12-03 12:14 - 2017-12-03 12:14 - 000106455 _____ C:\Users\Administrator\Downloads\abp674.torrent
2017-12-03 09:45 - 2017-12-03 09:45 - 000024747 _____ C:\Users\Administrator\Downloads\ekw032.torrent
2017-12-03 09:44 - 2017-12-03 09:44 - 000033068 _____ C:\Users\Administrator\Downloads\nafi004.torrent
2017-12-03 09:43 - 2017-12-03 09:43 - 000080754 _____ C:\Users\Administrator\Downloads\crvr059.torrent
2017-12-03 09:21 - 2017-12-03 09:21 - 000066795 _____ C:\Users\Administrator\Downloads\abp675.torrent
2017-12-03 09:21 - 2017-12-03 09:21 - 000066795 _____ C:\Users\Administrator\Downloads\abp675 (1).torrent
2017-12-03 09:20 - 2017-12-03 09:20 - 000039068 _____ C:\Users\Administrator\Downloads\flav180.torrent
2017-12-03 09:19 - 2017-12-03 09:19 - 000063199 _____ C:\Users\Administrator\Downloads\ngod064.torrent
2017-12-02 17:08 - 2017-12-02 17:08 - 000073215 _____ C:\Users\Administrator\Downloads\juy327.torrent
2017-12-02 11:25 - 2017-12-02 11:25 - 000096969 _____ C:\Users\Administrator\Downloads\mmna006.torrent
2017-12-02 11:24 - 2017-12-02 11:24 - 000035578 _____ C:\Users\Administrator\Downloads\ipz899.torrent
2017-12-02 11:21 - 2017-12-02 11:21 - 000023968 _____ C:\Users\Administrator\Downloads\miae027.torrent
2017-12-02 11:14 - 2017-12-02 11:14 - 000013119 _____ C:\Users\Administrator\Downloads\club430hd.torrent
2017-12-02 11:13 - 2017-12-02 11:13 - 000034956 _____ C:\Users\Administrator\Downloads\juy317.torrent
2017-12-02 11:13 - 2017-12-02 11:13 - 000023867 _____ C:\Users\Administrator\Downloads\juy331.torrent
2017-12-02 11:12 - 2017-12-02 11:12 - 000061235 _____ C:\Users\Administrator\Downloads\juy323.torrent
2017-11-26 07:33 - 2017-11-26 07:34 - 000258296 _____ C:\TDSSKiller.3.1.0.12_26.11.2017_07.33.42_log.txt
2017-11-25 10:05 - 2017-11-25 10:05 - 000000000 ____D C:\Users\Administrator\Downloads\[HQIS-045] ヘンリー塚本原作 ふしだらな妻 濡れた局部は麻薬色 本真ゆり 白石蓮
2017-11-22 19:56 - 2017-11-22 19:58 - 000258296 _____ C:\TDSSKiller.3.1.0.12_22.11.2017_19.56.49_log.txt
2017-11-19 18:12 - 2017-11-19 18:15 - 000258910 _____ C:\TDSSKiller.3.1.0.12_19.11.2017_18.12.30_log.txt
2017-11-18 20:05 - 2017-11-18 20:18 - 000258780 _____ C:\TDSSKiller.3.1.0.12_18.11.2017_20.05.38_log.txt
2017-11-15 01:30 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 01:30 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 01:30 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 01:30 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 01:30 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 01:30 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 01:30 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 01:30 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 01:30 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 01:30 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 01:30 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 01:30 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 01:30 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 01:30 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 01:30 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 01:30 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 01:30 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 01:30 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 01:30 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 01:30 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 01:30 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 01:30 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 01:30 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 01:30 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 01:30 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 01:30 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 01:30 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 01:30 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 01:30 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 01:30 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 01:30 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 01:30 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 01:30 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 01:30 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 01:30 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 01:30 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 01:30 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 01:30 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 01:30 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 01:30 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 01:30 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 01:30 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 01:30 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-15 01:30 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 01:30 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 01:30 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-15 01:30 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-15 01:30 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-15 01:30 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-15 01:30 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 01:30 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-15 01:30 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-15 01:30 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-15 01:30 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 01:30 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-15 01:30 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-15 01:30 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-15 01:30 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-15 01:30 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-15 01:30 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-15 01:30 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 01:30 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-15 01:30 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-15 01:30 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-15 01:30 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-15 01:30 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 01:30 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 01:30 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 01:30 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 01:30 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-15 01:30 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 01:30 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 01:30 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 01:30 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 01:30 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 01:30 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 01:30 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 01:30 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 01:30 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 01:30 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 01:30 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 01:30 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 01:30 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 01:30 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 01:30 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 01:30 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 01:30 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 01:30 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 01:30 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 01:30 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 01:30 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 01:30 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 01:30 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 01:30 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 01:28 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 01:28 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 01:28 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 01:28 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 01:28 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-12 12:42 - 2017-11-12 12:42 - 000258296 _____ C:\TDSSKiller.3.1.0.12_12.11.2017_12.42.16_log.txt
2017-11-12 12:41 - 2017-11-12 12:41 - 000000492 _____ C:\TDSSKiller.3.1.0.12_12.11.2017_12.41.54_log.txt
2017-11-12 12:41 - 2017-11-12 12:41 - 000000492 _____ C:\TDSSKiller.3.1.0.12_12.11.2017_12.41.45_log.txt
2017-11-12 03:33 - 2017-11-12 03:33 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-12 03:33 - 2017-11-12 03:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-12 03:33 - 2017-11-12 03:33 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-12 03:33 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-11 11:33 - 2017-11-11 11:33 - 000259868 _____ C:\TDSSKiller.3.1.0.12_11.11.2017_11.33.10_log.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-05 04:48 - 2014-07-23 17:07 - 000000000 ____D C:\FRST
2017-12-04 19:24 - 2009-07-13 23:45 - 000026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 19:24 - 2009-07-13 23:45 - 000026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-04 19:22 - 2013-02-07 22:14 - 000422490 _____ C:\Windows\system32\perfh011.dat
2017-12-04 19:22 - 2013-02-07 22:14 - 000124338 _____ C:\Windows\system32\perfc011.dat
2017-12-04 19:22 - 2013-02-03 12:05 - 000406734 _____ C:\Windows\system32\prfh0404.dat
2017-12-04 19:22 - 2013-02-03 12:05 - 000117328 _____ C:\Windows\system32\prfc0404.dat
2017-12-04 19:22 - 2013-02-03 12:03 - 000389662 _____ C:\Windows\system32\prfh0804.dat
2017-12-04 19:22 - 2013-02-03 12:03 - 000121830 _____ C:\Windows\system32\prfc0804.dat
2017-12-04 19:22 - 2009-07-14 00:13 - 002348114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-04 19:22 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-04 19:18 - 2012-06-11 16:48 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-04 19:16 - 2015-02-22 17:36 - 000000000 ____D C:\ProgramData\VMware
2017-12-04 19:16 - 2014-04-26 20:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2017-12-04 19:16 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-04 19:15 - 2013-04-07 08:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-12-04 05:53 - 2012-06-11 16:50 - 000000000 ____D C:\Users\Administrator
2017-12-04 04:35 - 2009-07-13 21:34 - 000000215 _____ C:\Windows\system.ini
2017-12-03 21:20 - 2014-07-23 07:17 - 000000000 ____D C:\AdwCleaner
2017-12-03 15:07 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2017-12-03 12:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-02 19:47 - 2017-09-11 18:22 - 000000000 ____D C:\Users\Administrator\Desktop\krypton
2017-12-02 08:09 - 2015-07-02 20:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-20 15:32 - 2010-11-20 22:27 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 22:37 - 2013-08-16 03:26 - 000001117 _____ C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2017-11-18 20:42 - 2014-10-15 14:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-11-18 20:41 - 2012-09-02 09:22 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-18 20:41 - 2012-08-12 15:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-18 20:41 - 2012-06-23 22:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-18 20:41 - 2012-06-23 22:39 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-17 00:52 - 2014-12-23 17:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 01:41 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-15 01:40 - 2013-02-06 22:34 - 000411504 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 01:39 - 2015-04-16 00:13 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 01:38 - 2012-06-11 16:53 - 002347532 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-15 01:36 - 2013-07-09 22:14 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 01:33 - 2016-05-30 11:24 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 01:31 - 2017-10-10 18:30 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-15 01:30 - 2012-06-29 15:44 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-08 22:37 - 2016-05-30 11:23 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-08 22:37 - 2016-05-30 11:23 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2012-11-22 11:29 - 2014-06-24 16:33 - 000000954 _____ () C:\Users\Administrator\AppData\Roaming\coreavc.ini
2012-06-12 09:41 - 2012-06-12 09:41 - 000003072 _____ () C:\Users\Administrator\AppData\Local\file__0.localstorage
2015-12-21 12:19 - 2017-07-20 13:13 - 000000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2012-06-30 17:47 - 2015-04-22 20:56 - 000007634 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2012-06-29 15:46 - 2017-07-09 12:20 - 000001955 _____ () C:\Users\Administrator\AppData\Local\Temp1.html
2017-07-09 12:20 - 2017-07-09 12:20 - 000002708 _____ () C:\Users\Administrator\AppData\Local\Temp2.html
2012-07-02 18:38 - 2012-11-21 20:58 - 000026657 _____ () C:\Users\Administrator\AppData\Local\Temp20.html
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-11-20 01:56
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Administrator (05-12-2017 04:48:50)
Running from C:\Users\Administrator\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-06-11 21:50:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-37779939-3967571366-2390344075-500 - Administrator - Enabled) => C:\Users\Administrator
eb1 (S-1-5-21-37779939-3967571366-2390344075-1005 - Administrator - Enabled) => C:\Users\eb1
eb2 (S-1-5-21-37779939-3967571366-2390344075-1006 - Administrator - Enabled)
eb3 (S-1-5-21-37779939-3967571366-2390344075-1007 - Administrator - Enabled)
Guest (S-1-5-21-37779939-3967571366-2390344075-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-37779939-3967571366-2390344075-1001 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Aimersoft Video Converter Ultimate(Build 4.1.0.2) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version:  - Aimersoft Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Demonbuddy (HKLM-x32\...\{4D8FB164-2A7D-43B2-A59E-E16BF568ACB0}) (Version: 1.0.1898.362 - Bossland GmbH) Hidden
Demonbuddy (HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\{21058957-e558-44be-a264-ca553515f382}) (Version: 1.0.1898.362 - Bossland GmbH)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )
FM Genie Scout 15 version 1.0 15.3.2 beta 13 (HKLM-x32\...\FM Genie Scout 15_is1) (Version: 1.0 15.3.2 beta 13 - )
FM Genie Scout 15g version 1.0 15.3.2 beta 13 (HKLM-x32\...\FM Genie Scout 15g_is1) (Version: 1.0 15.3.2 beta 13 - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IHA_MessageCenter (HKLM-x32\...\{329445EA-EBA3-45A0-A7A7-B6A6555DB881}) (Version: 1.8.53 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCSetup_Chrome version 1.5 (HKLM-x32\...\{A9B30652-6C72-41EC-8075-74DC91E3A854}_is1) (Version: 1.5 - KOG Games)
MCSetup_OneClick version 1.5 (HKLM-x32\...\{3D42651D-DCD5-40DB-8E20-D22F60E425C3}_is1) (Version: 1.5 - KOG Games)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MPlayer for Windows (Full Package) (HKLM-x32\...\{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}) (Version:  - LoRd MuldeR)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Path of Diablo Launcher (HKLM-x32\...\{DE70C6E8-1803-4AF4-8F94-B39062688E21}) (Version: 1.0.0 - Path of Diablo)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.2.2.56756 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{c230e92b-403e-419d-a09e-2f615180741e}) (Version: 2.2.2.56756 - Grinding Gear Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.97.0 - Verizon)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{16735242-65D7-4F79-AEF3-41F4B16D288F}) (Version: 2.4.15.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WhoCrashed 3.05 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
虾歌 (HKLM-x32\...\{E404B9A1-C81F-4A5F-9BB0-FCD77456F9E4}) (Version: 1.0.4.2 Unicode - 虾米网)
虾米音乐 (HKLM-x32\...\XMusic) (Version: 2.0.2.1618 - 虾米网)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-37779939-3967571366-2390344075-500_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ContextMenuHandlers1-x32: [AimersoftUltimateFileOpreation] -> {8E1459F9-DF5B-42A1-9217-32EDD944778F} => C:\Windows\SysWow64\AI_ContextMenu.dll [2010-12-16] ()
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-02-12] ()
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-04-12] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers1-x32-x32: [{4C5A0DA6-C2DA-422D-89E1-457978AB87B5}] -> {4C5A0DA6-C2DA-422D-89E1-457978AB87B5} => C:\Windows\system32\kindling.dll [2013-02-22] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-04-12] ()
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-04-12] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-04-12] ()
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-04-12] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00792661-1927-413E-9A73-E5B4E6E15168} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {0D792D12-64B0-4818-968E-15031448ADA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {106288D5-C7C7-4A89-9E0C-3C65733948BF} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
Task: {2B66E563-CCD5-403F-89AC-35A74ABD5664} - System32\Tasks\{6581E762-B06C-4D06-A3B9-BE081C98C80B} => F:\Program Files (x86)\Diablo II\Diablo II.exe [2013-12-23] (Blizzard North)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3C7505EC-6562-4D78-864D-9C4CBEAC30AD} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {4B5875E8-D804-491E-A31D-20A788F5FEE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {5033BBC5-089B-44E4-B032-49D161FA413A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-18] (NVIDIA Corporation)
Task: {53C616BE-B5A7-4948-BA5E-7F5709BE25CE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5750A670-106E-45CA-89A0-3CEC1169B125} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {5C86BE93-01A0-48FB-8533-318EEE5BB202} - System32\Tasks\{E293EB90-48AE-4302-8CDB-2444CA5C7F17} => F:\Program Files (x86)\Diablo II\Diablo II.exe [2013-12-23] (Blizzard North)
Task: {65B62C3A-80DC-477F-8D87-F80EBAD5D01A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {67156711-A8C7-40B6-928C-CC9A5FA33241} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {69C83683-13B5-4A47-9031-F7611367519A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {6F7DDDDB-836F-4ED0-AC3A-4C60C27B9E9C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {73D19F5B-4F0B-446B-BE16-341D33185EC0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {899BEA7D-F764-4B68-97AA-96F1B30F5956} - System32\Tasks\{99919516-064A-44CE-B4AB-AC5B2F8AE1FA} => C:\Users\Administrator\D2-1.12A-enUS\Installer.exe [2013-11-28] ()
Task: {8B4CAD70-B01D-4B64-82DB-BEC10FE6A522} - System32\Tasks\{D9713665-AF45-4ACA-ABE6-BCD9ED39C25E} => F:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
Task: {8E9895A8-F32C-43F0-9FA1-5ECB983B6663} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {91BB4723-51FA-481B-A168-9209004740A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A01D4CF8-6EE0-4A66-8875-CFD8D7B38A39} - System32\Tasks\{4BB66F7E-3687-440C-B1D6-6FDBA76DB44D} => F:\Program Files (x86)\Diablo II\Diablo II.exe [2013-12-23] (Blizzard North)
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {A746D821-45EF-4C8A-A964-CF77DD2F0EF8} - System32\Tasks\{C148D5F8-F30C-4D72-B913-B7B055079FF3} => F:\Program Files (x86)\Diablo II\Game.exe [2016-03-30] (Blizzard Entertainment)
Task: {A9EC0EFD-F1FA-48C9-91F3-5627914B4A8F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B1009CB6-374D-4D55-8BE7-F9C942CAB7E6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-18] (NVIDIA Corporation)
Task: {B24118EA-EAA2-45FA-AE27-2F9D5903AC28} - System32\Tasks\{1CD63D3D-1792-484C-A895-3757D234E7C2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {BA61AA6F-6EE8-4F3C-A136-30319415CAD9} - System32\Tasks\{8D83E2BB-A2EA-437A-86EC-78A3E9E82C4A} => C:\Windows\system32\pcalua.exe -a "F:\bitcomet downloads\eMulePlus-1.2e.Installer.exe" -d "F:\bitcomet downloads"
Task: {C02AFA22-DB05-4AC0-8B58-2F5972AC1116} - System32\Tasks\{70AA0366-8CB5-4F2A-90B9-0AAD57F6A58F} => F:\Program Files (x86)\Diablo II\Diablo II.exe [2013-12-23] (Blizzard North)
Task: {C289E848-8E37-470E-A20A-226A39516D80} - \Funshion\FSPlatform -> No File <==== ATTENTION
Task: {CE113BD5-3ACB-4218-B717-A97F539EF394} - System32\Tasks\{36C6F915-07EB-46F1-9BF8-C50043247A83} => F:\Program Files (x86)\Diablo II\Game.exe [2016-03-30] (Blizzard Entertainment)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D456477B-C1E0-4989-B887-49E2BC4CE2A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DDDE4AB1-CFED-4107-B321-56B478538718} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {E094A933-AA0C-4B58-9155-87E39B7ED573} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {E1ABD6AC-DF27-449A-8E59-AD539E699246} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {E77F15E6-A2D4-4C94-8046-6D1E3919A583} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-18] (NVIDIA Corporation)
Task: {EC5879F6-AB21-4382-BA1B-94BC9DDB613D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F2BD2AC7-AC04-4BB3-914C-EC41F99664BB} - System32\Tasks\{AF45498D-6DE9-40E6-B7C4-4DF7EE7F3A15} => F:\Program Files (x86)\Diablo II\Diablo II.exe [2013-12-23] (Blizzard North)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-19 19:53 - 2012-06-01 16:42 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-05-14 16:55 - 2017-05-18 02:33 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-11 22:20 - 2016-11-11 22:20 - 012472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-04-12 13:48 - 2014-04-12 13:48 - 000076016 _____ () F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 000088816 _____ () F:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-22 02:23 - 2013-02-22 02:23 - 002584912 _____ () C:\Windows\system32\kindling.dll
2015-02-25 21:17 - 2011-03-02 12:40 - 000164864 _____ () F:\Program Files\WinRAR\rarext.dll
2017-02-12 17:31 - 2017-02-12 17:31 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 002173120 _____ () C:\Program Files (x86)\TREZOR Bridge\trezord.exe
2017-11-15 01:33 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 01:33 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-12 03:33 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-12 03:33 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-15 01:49 - 2017-11-03 15:02 - 031229952 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\27.0.0.187\pepflashplayer.dll
2015-09-19 19:53 - 2017-12-04 19:16 - 000030208 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-09-19 19:53 - 2010-06-29 09:58 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-07-22 20:50 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-22 20:50 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-11 22:20 - 2016-11-11 22:20 - 000199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-11-11 22:20 - 2016-11-11 22:20 - 000396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-11-11 22:20 - 2016-11-11 22:20 - 000173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2017-05-14 16:55 - 2017-05-18 02:33 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-11-03 16:02 - 2017-09-09 14:25 - 000688416 _____ () F:\Program Files (x86)\Steam\SDL2.dll
2015-01-24 07:08 - 2016-08-31 20:02 - 004969248 _____ () F:\Program Files (x86)\Steam\v8.dll
2015-01-24 07:08 - 2016-08-31 20:02 - 001563936 _____ () F:\Program Files (x86)\Steam\icui18n.dll
2015-01-24 07:08 - 2016-08-31 20:02 - 001195296 _____ () F:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 20:27 - 2017-10-30 22:22 - 002546976 _____ () F:\Program Files (x86)\Steam\video.dll
2014-09-05 11:08 - 2016-01-27 02:49 - 002549760 _____ () F:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-05 11:08 - 2016-01-27 02:49 - 000442880 _____ () F:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-05 11:08 - 2016-01-27 02:49 - 000491008 _____ () F:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-05 11:08 - 2016-01-27 02:49 - 000332800 _____ () F:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-05 11:08 - 2016-01-27 02:49 - 000485888 _____ () F:\Program Files (x86)\Steam\libswscale-3.dll
2013-11-03 16:02 - 2017-10-30 22:22 - 000901408 _____ () F:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 23:52 - 2016-07-04 17:17 - 000266560 _____ () F:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 18:37 - 2017-08-16 17:28 - 073130272 _____ () F:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-11 12:24 - 2017-09-06 21:04 - 000678400 _____ () F:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2015-01-24 07:08 - 2015-09-24 18:52 - 000119208 _____ () F:\Program Files (x86)\Steam\winh264.dll
2014-04-12 12:45 - 2014-04-12 12:45 - 000065776 _____ () F:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-04-12 12:45 - 2014-04-12 12:45 - 000071920 _____ () F:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000400915 _____ () C:\Program Files (x86)\TREZOR Bridge\libcurl-4.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000099328 _____ () C:\Program Files (x86)\TREZOR Bridge\libgcc_s_sjlj-1.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000082963 _____ () C:\Program Files (x86)\TREZOR Bridge\zlib1.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000204307 _____ () C:\Program Files (x86)\TREZOR Bridge\libidn-11.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000027667 _____ () C:\Program Files (x86)\TREZOR Bridge\iconv.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000145939 _____ () C:\Program Files (x86)\TREZOR Bridge\libssh2-1.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000587283 _____ () C:\Program Files (x86)\TREZOR Bridge\libgcrypt-20.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000036883 _____ () C:\Program Files (x86)\TREZOR Bridge\libgpg-error-0.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 001123347 _____ () C:\Program Files (x86)\TREZOR Bridge\libgnutls-30.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000416275 _____ () C:\Program Files (x86)\TREZOR Bridge\libgmp-10.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000157715 _____ () C:\Program Files (x86)\TREZOR Bridge\libhogweed-4-2.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000218131 _____ () C:\Program Files (x86)\TREZOR Bridge\libnettle-6-2.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000316435 _____ () C:\Program Files (x86)\TREZOR Bridge\libp11-kit-0.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000029213 _____ () C:\Program Files (x86)\TREZOR Bridge\libffi-6.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 000070675 _____ () C:\Program Files (x86)\TREZOR Bridge\libtasn1-6.dll
2017-03-14 11:33 - 2017-03-14 11:33 - 001368064 _____ () C:\Program Files (x86)\TREZOR Bridge\libstdc++-6.dll
2015-09-19 20:05 - 2012-02-06 20:08 - 000253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2014-07-22 20:50 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-17 10:03 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-17 10:03 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-09-13 06:03 - 2017-09-13 06:03 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f203ecbdc8e8f4f836e1627efb89f9ae\IsdiInterop.ni.dll
2012-06-14 18:23 - 2011-11-29 22:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-14 18:16 - 2012-06-25 09:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7902 more sites.
 
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-37779939-3967571366-2390344075-500\...\123simsen.com -> www.123simsen.com
 
There are 7900 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-12-04 04:35 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-37779939-3967571366-2390344075-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 192.168.74.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: dlbxmon.exe => "C:\Program Files (x86)\Dell Photo AIO Printer 962\dlbxmon.exe"
MSCONFIG\startupreg: PPAP => "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE"  -background
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BEC7FCB2-FAE1-432E-91FE-E48E98ADB6D8}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{A6905B98-E8A6-474B-89B7-49E22E41E453}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{8519087D-0E8A-4773-A4F9-4B08042B556D}] => (Allow) LPort=2869
FirewallRules: [{0AA22185-6548-4C94-8B1A-0AB729C1BD89}] => (Allow) LPort=1900
FirewallRules: [{603FACA6-1DE2-4C1E-A825-6334386E443D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{37A4D04A-784D-4FC7-8680-259354AA681F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{B0CC3638-276B-4C43-A11D-C86F611150DE}] => (Allow) F:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{B005DB8A-0C2B-4E04-9934-47CD26C45D84}] => (Allow) F:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{91B1DE32-4CEC-41D0-8B99-3B25FEF540F8}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09F754B8-48A4-496D-8461-3E8C787D898A}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1551F37B-5061-4DF5-BA50-B7ED20578EA3}] => (Allow) LPort=50000
FirewallRules: [TCP Query User{2827363F-1B21-4208-AFFF-7607A5650B8F}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{DFE7BB45-959A-445C-B631-F02F04BE87CA}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{C3ABFC8B-DFB3-4A72-90D6-54119729CEC4}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{C360EFE3-4C55-4376-BE15-2C4430994415}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{26ACC7AD-5963-4EF2-8C2A-8DB2806D7B43}F:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D5E9F325-5A25-4F40-B817-7529C0BD9C7D}F:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{883750CA-328A-40F3-BF72-BFAEB0EEBCB0}] => (Allow) LPort=50000
FirewallRules: [{8DC9D82E-C2F9-45F3-9649-5DA15B2A7017}] => (Allow) LPort=2869
FirewallRules: [{80DD51BA-3A04-4B4C-A0CF-A768633F9809}] => (Allow) LPort=1900
FirewallRules: [{1F78FEC3-25CC-43F6-8894-C703EF0F3CD7}] => (Allow) LPort=50001
FirewallRules: [{ABFA1492-0239-476F-8170-40A45A29EFC3}] => (Allow) LPort=6001
FirewallRules: [{7D410114-831D-4DAC-AA03-A4141E8F2CBE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{110E28A9-35E1-44AF-A490-3D914F3168F4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{548F45D0-9709-42F6-8389-E6ACE5C0CB64}] => (Allow) LPort=17815
FirewallRules: [{188D9BBB-576F-4E44-846E-8D08BB5177F4}] => (Allow) LPort=17815
FirewallRules: [TCP Query User{1E023429-2982-404B-AC32-9BBA4A14C6B1}F:\program files\bitcomet\plugin_emule\plugin_emule.exe] => (Allow) F:\program files\bitcomet\plugin_emule\plugin_emule.exe
FirewallRules: [UDP Query User{3C1F288D-1D91-454B-B0F1-1AB1A9DB45CC}F:\program files\bitcomet\plugin_emule\plugin_emule.exe] => (Allow) F:\program files\bitcomet\plugin_emule\plugin_emule.exe
FirewallRules: [{4A866401-9D67-4235-81D7-2985FD917EA5}] => (Allow) LPort=8904
FirewallRules: [{94C99767-5504-446C-A794-40C77F58F799}] => (Allow) LPort=8904
FirewallRules: [TCP Query User{15CBA445-CFE4-4BD5-9809-5A0EC377533F}F:\program files (x86)\guild wars 2\gw2.exe] => (Allow) F:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{387E333D-49BF-4761-B14E-2E1804682671}F:\program files (x86)\guild wars 2\gw2.exe] => (Allow) F:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{0475E482-D599-4C9A-A90E-28694135B13B}] => (Allow) LPort=17815
FirewallRules: [{2E458FFE-BD91-4F02-B5EC-2F0FECF60630}] => (Allow) LPort=17815
FirewallRules: [{2C94D68E-94A1-4437-A6F5-BAFCBA66CEB1}] => (Allow) LPort=8904
FirewallRules: [{909589A0-6BE1-474E-BBE5-6E3AB2EFCB9A}] => (Allow) LPort=8904
FirewallRules: [{C5C322E2-3CB0-483C-9435-BF3E423A3C0F}] => (Allow) QIYICLIENT
FirewallRules: [{B40C2887-8469-48A6-900D-0F76B263150E}] => (Allow) QiyiKernel
FirewallRules: [{E1003B66-95AF-4F81-84C8-C4A218987291}] => (Allow) QiyiMediaCenter
FirewallRules: [{29768D5B-DE6F-4F7F-8A46-C9126F1E949F}] => (Allow) QiyiMediaCenter
FirewallRules: [{60E1BCF6-AF4C-4233-8B79-F33A8E952441}] => (Allow) QiyiKernel
FirewallRules: [{82A042DD-5B0F-4FB6-9F66-BC710305C76B}] => (Allow) QIYICLIENT
FirewallRules: [{FB4D16A6-230D-41E6-9A25-A15301B0140C}] => (Allow) LPort=50004
FirewallRules: [{30B37BF6-5438-44EC-8C38-AEBD2E8B0371}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{2C3C7DF1-30BC-45E6-A33D-D7CA4D32DE7F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{60F46185-ED7E-4C11-B14C-C270199830E9}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{BFCB054E-8BEA-4EC4-8843-9A5ADC2CFDA9}] => (Allow) C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
FirewallRules: [{D5396541-6BAD-46EC-9853-1C626B94176F}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [{91A40F1D-C700-4F90-A138-97AAAD1FD2DF}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\PluginInstaller.exe
FirewallRules: [TCP Query User{96BAF196-684A-46BB-826B-C3405FFAEAA2}F:\program files (x86)\shark\shark.exe] => (Allow) F:\program files (x86)\shark\shark.exe
FirewallRules: [UDP Query User{45D34955-7F96-4BC5-9263-68E5F4DFDA58}F:\program files (x86)\shark\shark.exe] => (Allow) F:\program files (x86)\shark\shark.exe
FirewallRules: [TCP Query User{54EFC4E8-20AC-40BF-B9E5-C57C4C6EC828}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [UDP Query User{9AF71749-A32D-4D2D-9B9F-74D644200B4E}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [{1CA39024-7183-4EEC-982A-2B2D598D5C83}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B0E58BED-3F65-477E-83BB-E5CBEA1FA833}F:\program files (x86)\steam\steam.exe] => (Allow) F:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{16AEFA52-85B6-4BE0-A49B-FB2BA1E305DE}F:\program files (x86)\steam\steam.exe] => (Allow) F:\program files (x86)\steam\steam.exe
FirewallRules: [{C8B0136E-1417-4097-BD21-6CD460736188}] => (Allow) F:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6D84AC80-7B78-4C0B-8D5C-FA6AEE45A04F}] => (Allow) F:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1BC7DA56-0D1B-4553-BCDA-5026F4FC97A3}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0ADB0F56-6585-4B26-8AFE-87846C094348}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{64A6EF9F-04BA-429B-B8A5-88F84A5762E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{53E3AC43-7DD8-4A53-B3E4-4C132A13EC97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{000AAA81-4F1D-446B-B4E3-C4CE7F6245E3}] => (Allow) C:\Windows\System32\dlbxcoms.exe
FirewallRules: [{7E75ECD2-9170-4248-9C04-729387A4C1C4}] => (Allow) C:\Windows\System32\dlbxcoms.exe
FirewallRules: [{17E94707-06AD-472F-9AD5-9D51373D7A31}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbxpswx.exe
FirewallRules: [{A1A1A6FF-9104-4D99-8032-344B59F66F31}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbxpswx.exe
FirewallRules: [{72353A5F-2731-4507-A215-4F6F819C5BB6}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbxpswx.exe
FirewallRules: [{29792388-741C-4F73-BD2B-83C51A73B60A}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbxpswx.exe
FirewallRules: [TCP Query User{44590E86-071E-45D9-9116-1CE7DF49CFA2}F:\program files (x86)\xiami\xmusic\xmusic.exe] => (Allow) F:\program files (x86)\xiami\xmusic\xmusic.exe
FirewallRules: [UDP Query User{CC4A9A30-E2DD-4C95-AC12-DB20173D505E}F:\program files (x86)\xiami\xmusic\xmusic.exe] => (Allow) F:\program files (x86)\xiami\xmusic\xmusic.exe
FirewallRules: [{0968C8EE-A2A3-4429-82F0-D6E8EA9522F8}] => (Block) F:\program files (x86)\xiami\xmusic\xmusic.exe
FirewallRules: [{0F6CB1B1-5783-4E0A-AB49-EDF8E7A49421}] => (Block) F:\program files (x86)\xiami\xmusic\xmusic.exe
FirewallRules: [{B28C7E00-8851-4A56-86C0-1966198989AA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{DC4BE2D4-4303-4243-B504-7B794EE35E63}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [TCP Query User{BA528E66-93F1-4764-B86A-475A63B1BDC9}F:\program files (x86)\diablo iii v2\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii v2\diablo iii.exe
FirewallRules: [UDP Query User{DE390CD8-058C-40CD-9115-A40726918300}F:\program files (x86)\diablo iii v2\diablo iii.exe] => (Allow) F:\program files (x86)\diablo iii v2\diablo iii.exe
FirewallRules: [{F4D097B2-D4D5-4BFF-A1C4-C7EAE4020186}] => (Block) F:\program files (x86)\diablo iii v2\diablo iii.exe
FirewallRules: [{9D61E471-5839-49BA-8A8B-199DEA956C0C}] => (Block) F:\program files (x86)\diablo iii v2\diablo iii.exe
FirewallRules: [TCP Query User{42EB229F-B085-4727-AC61-C25CDFA366E0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CDEB304F-2A93-489E-9F46-A2B4642B63C3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1B4E45F4-72BC-4648-BDB9-17DCE32262DE}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C16874C7-DD16-4895-A6BA-EA0CDD4FDD85}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4F9AA2F9-B570-45F2-9DF5-940798AAA9DB}F:\program files\comicrack\comicrack.exe] => (Allow) F:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{ED5F4BD8-BF97-4B9D-950D-5431063AC3F7}F:\program files\comicrack\comicrack.exe] => (Allow) F:\program files\comicrack\comicrack.exe
FirewallRules: [{1B71FB29-5AFE-4E64-90BD-6D47F6DBB762}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5150AE84-ED52-4AB4-8E3E-1252F63E1787}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C956D6E3-C59E-48DC-903E-36E5315486A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D68D443-51FD-47F8-8240-5F0D3DEECE4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F1293DE4-FB31-47AA-89EE-37E606B40E98}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E259AFA-0A42-45FA-8732-1044DCA55758}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF9D285D-35E6-45F1-8FF8-8C1E5AAA228E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2016 myClub\PES2016.exe
FirewallRules: [{9EADAE14-9B3F-44B6-B69C-DAA80554E232}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2016 myClub\PES2016.exe
FirewallRules: [{73F4CE43-16E5-4A45-92D6-EE0152389782}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing Final Cut\VanHelsing.exe
FirewallRules: [{7E3B0B57-5A2E-4217-902E-7E71F5EDA09E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Incredible Adventures of Van Helsing Final Cut\VanHelsing.exe
FirewallRules: [{C3AC94A0-37FA-4696-936F-75C2D4335246}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{5ABEB9BC-2BB8-4790-9810-6C0397B1C4D1}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{FEC2EBA9-7446-411A-86E4-2C95BF83BF34}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{0C037374-147E-42C6-B4C9-FBFC863FC868}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [TCP Query User{EDA56541-30DC-4DB1-B0F0-8777C964CBF0}C:\koggames\herowarz\binaries\win32\mcgame-final.exe] => (Allow) C:\koggames\herowarz\binaries\win32\mcgame-final.exe
FirewallRules: [UDP Query User{E1696AB4-5004-41CA-968A-61BB637E3B63}C:\koggames\herowarz\binaries\win32\mcgame-final.exe] => (Allow) C:\koggames\herowarz\binaries\win32\mcgame-final.exe
FirewallRules: [{1E19140B-3222-4016-9F41-2B5AFA501400}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5755C238-BDBD-4CB4-A729-268CE7EA4C36}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{887FD9B5-D2C3-4626-A327-DB8705EF3E80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C45B646A-C1B4-45FF-B569-A6064C871C67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CEE9B0D0-C763-4E33-BD0B-9D707044C820}] => (Allow) F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B648A90-5721-4B20-8CC2-E770A1BB052B}] => (Allow) F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9699BC3-7C2A-465B-BAAC-C72397132CF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{577FB65A-B959-4698-BA33-291BEBFB5423}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{086F9B66-BF32-4CEA-8B10-C0B108522421}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{86DA7598-7D9B-439F-9AC8-E97DFF49AE22}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{1EDB0FC5-1CA0-4E9A-BCBE-5D790704175D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{D42568E3-FE9D-4E04-907D-95BEC197A690}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5AF60857-89AF-4C09-A7F1-8784139F4BB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C42CBC5-B498-409E-8A88-3E5EEAC49B14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EBC76FF-ED62-47E9-BD47-ADED318EF31D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60983643-2EA8-460D-8E50-AB07F1B47E17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-12-2017 05:19:31 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® 82579V Gigabit Network Connection
Description: Intel® 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/04/2017 07:16:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/04/2017 07:09:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (12/04/2017 07:09:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (12/04/2017 07:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0x75c
Faulting application start time: 0x01d36d5bb3d897b6
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: b5baaad0-d94f-11e7-acd1-94dbc98ab436
 
Error: (12/04/2017 06:58:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/04/2017 05:56:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/04/2017 04:47:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/04/2017 04:38:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (12/04/2017 04:29:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/04/2017 04:18:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/04/2017 09:05:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.257.1340.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14306.0
 
Error code: 0x80248015
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (12/04/2017 07:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (12/04/2017 07:21:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/04/2017 07:21:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (12/04/2017 07:21:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/04/2017 07:21:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (12/04/2017 07:21:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/04/2017 07:21:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (12/04/2017 07:21:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/04/2017 07:21:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
CodeIntegrity:
===================================
  Date: 2017-12-05 04:31:39.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 19:17:00.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 19:15:09.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 18:58:23.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 06:46:05.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 05:42:35.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 05:12:31.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 04:44:42.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 04:37:06.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-04 04:35:33.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 32%
Total physical RAM: 32719.16 MB
Available physical RAM: 22245.65 MB
Total Virtual: 81795.34 MB
Available Virtual: 69587.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.03 GB) (Free:182.22 GB) NTFS
Drive f: () (Fixed) (Total:1863.01 GB) (Free:1570.9 GB) NTFS
Drive g: (SAMSUNG 850 EVO) (Fixed) (Total:931.51 GB) (Free:41.93 GB) NTFS
Drive j: (Mushkin Enhanced Reactor) (Fixed) (Total:931.51 GB) (Free:23.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: E26B6B0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 26313F41)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E66C2E5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 876DD853)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 05 December 2017 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> F:\Users\Administrator\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
S3 AIDA64Driver; \??\C:\Users\Administrator\Desktop\! Black OPS StormDisk V5.5\Programs\AIDA64\kerneld.x64 [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
ContextMenuHandlers1-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {53C616BE-B5A7-4948-BA5E-7F5709BE25CE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {8E9895A8-F32C-43F0-9FA1-5ECB983B6663} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C289E848-8E37-470E-A20A-226A39516D80} - \Funshion\FSPlatform -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Nothing was idenfitied as a NDISRD driver.

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
NDISRD 
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Let me know if the problem persists.

Edited by nasdaq, 05 December 2017 - 08:32 AM.


#3 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 05 December 2017 - 08:19 PM

Hi Nasdaq, thanks for taking the time to help me. I am attaching the logs below. I also ran Rkill and it is still identifying and terminating NDISRD.SYS which in turn kills my internet connection. Thanks again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Administrator (05-12-2017 19:22:50) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: eb1 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> F:\Users\Administrator\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @qvod.com/QvodInsert -> f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin HKU\S-1-5-21-37779939-3967571366-2390344075-500: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
S3 AIDA64Driver; \??\C:\Users\Administrator\Desktop\! Black OPS StormDisk V5.5\Programs\AIDA64\kerneld.x64 [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
ContextMenuHandlers1-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers4-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {53C616BE-B5A7-4948-BA5E-7F5709BE25CE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {8E9895A8-F32C-43F0-9FA1-5ECB983B6663} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C289E848-8E37-470E-A20A-226A39516D80} - \Funshion\FSPlatform -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodInsert => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk => key removed successfully
HKU\S-1-5-21-37779939-3967571366-2390344075-500\Software\MozillaPlugins\@qvod.com/QvodInsert => key removed successfully
f:\Program Files (x86)\QvodPlayer\npQvodInsert.dll => not found.
HKU\S-1-5-21-37779939-3967571366-2390344075-500\Software\MozillaPlugins\@xunlei.com/npxluser => key removed successfully
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll => not found.
HKLM\System\CurrentControlSet\Services\AIDA64Driver => key removed successfully
AIDA64Driver => service removed successfully
HKLM\System\CurrentControlSet\Services\btwampfl => key removed successfully
btwampfl => service removed successfully
HKLM\System\CurrentControlSet\Services\btwaudio => key removed successfully
btwaudio => service removed successfully
HKLM\System\CurrentControlSet\Services\btwavdt => key removed successfully
btwavdt => service removed successfully
HKLM\System\CurrentControlSet\Services\btwl2cap => key removed successfully
btwl2cap => service removed successfully
HKLM\System\CurrentControlSet\Services\btwrchid => key removed successfully
btwrchid => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\GPU-Z => key removed successfully
GPU-Z => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
ContextMenuHandlers1-x32-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} =>  -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\YunShellExt => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790} => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53C616BE-B5A7-4948-BA5E-7F5709BE25CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C616BE-B5A7-4948-BA5E-7F5709BE25CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E9895A8-F32C-43F0-9FA1-5ECB983B6663} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E9895A8-F32C-43F0-9FA1-5ECB983B6663} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C289E848-8E37-470E-A20A-226A39516D80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C289E848-8E37-470E-A20A-226A39516D80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funshion\FSPlatform => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17435651 B
Java, Flash, Steam htmlcache => 490504333 B
Windows/system/drivers => 68626 B
Edge => 0 B
Chrome => 961976791 B
Firefox => 93360554 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82338 B
systemprofile32 => 10997859 B
LocalService => 66228 B
NetworkService => 17180874 B
UpdatusUser => 0 B
eb1 => 50060 B
UpdatusUser => 0 B
Administrator => 8008104 B
 
RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:23:19 ====
 
Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Administrator (05-12-2017 20:13:36)
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
 
================== Search Registry: "NDISRD" ===========
 
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\NetworkDriverBackup\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}]
"LocDescription"="@oem179.inf,%ndisrd_desc%;WinpkFilter LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\NetworkDriverBackup\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}]
"ComponentId"="nt_ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\NetworkDriverBackup\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}\Ndi]
"Service"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\NetworkDriverBackup\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}\Ndi]
"CoServices"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}]
"LocDescription"="@oem179.inf,%ndisrd_desc%;WinpkFilter LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}]
"ComponentId"="nt_ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}\Ndi]
"Service"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{5CBF81BD-5055-47CD-9055-A76B2B4E3697}\Ndi]
"CoServices"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD\0000]
"Service"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD\0000\Control]
"ActiveService"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
"ImagePath"="system32\DRIVERS\ndisrd.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd\Enum]
"0"="Root\LEGACY_NDISRD\0000"
 
====== End of Search ======
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 06 December 2017 - 08:42 AM


Hi,

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
"ImagePath"=-


Restart the computer when completed.

You can delete the fixme.reg file when done.

===

How is it now?

#5 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 06 December 2017 - 09:22 PM

Hi, I lost my internet connection after trying this. Restarting did not help.

#6 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 06 December 2017 - 09:54 PM

i was able to restore my internet connection by unchecking "WinpkFilter Lightweight Filter" under the properties tab for Realtek PCIe GBE Family Controller network adapter.

 

Attached File  Capture.PNG   30.32KB   0 downloads 

 

   



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 07 December 2017 - 07:47 AM

Hi,

Is the internet still holding up?

Any issues pending?

#8 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 07 December 2017 - 10:28 AM

The internet is holding up and Rkill no longer kills any process. Just not sure what I should do with this WinpkFilter.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 07 December 2017 - 01:59 PM



Hi,

It's a function of a router.
https://www.nat32.com/v2/install.htm

Are you using such a router?

More information.
http://www.nat32.com/v2/about.htm

If you need additional help I suggest you ask in the Networking forum.
https://www.bleepingcomputer.com/forums/f/21/networking/

This is not malware and not my forte.

#10 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 08 December 2017 - 02:26 AM

i uninstalled it.

 

The ndisrd.sys is still sitting in my Windows\system32\drivers directory. Should i be concerned? 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 08 December 2017 - 08:39 AM

No, but if you have issues with the computer then check with the Networking helpers.

#12 whistlingswordsman

whistlingswordsman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 December 2017 - 09:33 PM

Thanks for all the help, nasdaq!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users