Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Bitcoinminer and others not removing


  • This topic is locked This topic is locked
28 replies to this topic

#1 vipuladusa

vipuladusa

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 December 2017 - 06:23 PM

Hello all, I have recently been infected and have had really high memory usages on my PC. I initially tried to remove the viruses but am unable to do so with malwarebytes. I have posted the virus scan results with the viruses listed. Please help as these viruses cause my pc to go to 95%+ memory usage and makes me unable to really use the computer for anything. Thanks for the help!

Virus report from Malwarebytes:

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/20/17
Scan Time: 6:02 PM
Log File: e9c6dce2-e5d9-11e7-8674-1c872c767833.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3531
License: Premium
 
-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: ViP-PC\Invisibles
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370701
Threats Detected: 16
Threats Quarantined: 8
Time Elapsed: 10 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR, Removal Failed, [1245], [466343],1.0.3531
 
Registry Value: 2
PUM.Optional.CMDShell, HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, Quarantined, [13505], [464572],1.0.3531
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR|IMAGEPATH, Removal Failed, [1245], [466343],1.0.3531
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
Trojan.SmartService, C:\USERS\SIRVIP\APPDATA\LOCAL\IGFXMTC, Quarantined, [4370], [466344],1.0.3531
 
File: 12
Trojan.BitCoinMiner, C:\DISK\WEBSERVICE.EXE, Removal Failed, [71], [468095],1.0.3531
Trojan.SmartService, C:\USERS\SIRVIP\APPDATA\LOCAL\IGFXMTC\IGFXMTC.EXE, Quarantined, [4370], [466344],1.0.3531
Trojan.Yelloader, C:\USERS\VIP\APPDATA\LOCAL\TEMP\1510959056\SETUP0904.EXE, Removal Failed, [1317], [470698],1.0.3531
Adware.DotDo.Generic, C:\USERS\VIP\APPDATA\LOCAL\TEMP\QB27TJTMO\INSTALLER.EXE, Removal Failed, [1054], [471314],1.0.3531
Trojan.Yelloader, C:\USERS\VIP\APPDATA\LOCAL\TEMP\1510959056\SETUP0904.ZIP, Removal Failed, [1317], [470698],1.0.3531
Adware.DotDo.Generic, C:\USERS\VIP\APPDATA\LOCAL\TEMP\NSMB9A1.TMP\E0ZOO.EXE, Removal Failed, [1054], [471314],1.0.3531
Adware.DotDo.Generic, C:\USERS\VIP\APPDATA\LOCAL\TEMP\4F032A3637BF44A08D6DDE90FC31449D\INSTALLER.EXE, Removal Failed, [1054], [471314],1.0.3531
PUP.Optional.Conduit, C:\USERS\VIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [533], [454832],1.0.3531
PUP.Optional.Conduit, C:\USERS\VIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [533], [454832],1.0.3531
PUP.Optional.Conduit, C:\USERS\VIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [533], [454832],1.0.3531
PUP.Optional.Spigot, C:\USERS\VIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [600], [454814],1.0.3531
PUP.Optional.Spigot, C:\USERS\VIP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [600], [454814],1.0.3531
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by vipuladusa, 20 December 2017 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 December 2017 - 06:44 PM

Tried an ADWcleaner scan, here is the report:

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 20 23:40:42 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\S5
Deleted: C:\ProgramData\LCFApp
Deleted: C:\ProgramData\Application Data\LCFApp
Deleted: C:\Users\All Users\LCFApp
Deleted: C:\Users\ViP\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Deleted: C:\Users\ViP\AppData\Local\AdService
Deleted: C:\Users\ViP\AppData\Local\PCBooster
Deleted: C:\Program Files (x86)\BestCleanerW
Deleted: C:\ProgramData\DreamScreen
Deleted: C:\ProgramData\Application Data\DreamScreen
Deleted: C:\Users\All Users\DreamScreen
Deleted: C:\Users\ViP\AppData\Roaming\DreamScreen
Deleted: C:\ProgramData\DreamCompress
Deleted: C:\ProgramData\Application Data\DreamCompress
Deleted: C:\Users\All Users\DreamCompress
Deleted: C:\Users\ViP\AppData\Roaming\DreamCompress
 
 
***** [ Files ] *****
 
Deleted: C:\Windows\\rsrcs.dll
Deleted: C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: 91a5096c17785d0a439f22cabf8e56ee
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.qq.com
Deleted: [Key] - HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pop.yeawindows.com
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\ByteFence\Uninstall.exe
Deleted: [Key] - HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Software\SetupCompany
Deleted: [Key] - HKCU\Software\SetupCompany
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Software\Microsoft\Etsy
Deleted: [Key] - HKCU\Software\Microsoft\Etsy
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Amazon Assistant for Chrome - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [4439 B] - [2017/12/20 23:39:30]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 20 December 2017 - 07:16 PM

Hi vipuladusa :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 December 2017 - 07:18 PM

FRST Results:

FRST.TXT
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Invisibles (administrator) on VIP-PC (20-12-2017 18:56:00)
Running from D:\Downloads
Loaded Profiles: Invisibles (Available Profiles: Invisibles & SirViP & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\atkzoxrsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(Hi-Rez Studios) B:\Program Files (x86)\Hirez\HiPatchService.exe
(HTC Corporation) C:\Program Files\HTC Account\Htc.Identity.Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) B:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\ViP\AppData\Local\scaomwd\scaomwd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Corsair Components, Inc.) B:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe
() C:\Users\ViP\AppData\Local\igfxmtc\igfxmtc.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
() C:\Users\ViP\AppData\Local\scaomwd\sponezw.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => D:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-12-20] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCSSync] => "B:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Corsair Utility Engine] => "B:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [HTC Store User Content Helper] => B:\Program Files (x86)\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe [116968 2017-05-17] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\MountPoints2: {6680bd88-5255-11e5-9bc2-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\ProgramData\DreamScreen\DreamCompress.scr
Startup: C:\Users\ViP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-11-17]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ca077f9e-e996-42cc-be76-2bfb4452cecb}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> B:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-07] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\ViP\AppData\Roaming\Songbird2\Profiles\jn3uya1r.default [2017-11-11]
FF Extension: (Artwork Extras) - B:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (gonzo) - B:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (Philips addon manager) - B:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (Pink Martini) - B:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (Purple Rain) - B:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (Media Sharing) - B:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF Extension: (Songbird.me) - B:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [2015-08-03] [Legacy] [not signed]
FF ProfilePath: C:\Users\ViP\AppData\Roaming\Mozilla\Firefox\Profiles\vrq2806m.default-1475681909227 [2017-11-17]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-12-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> B:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> B:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ViP\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-17] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1189366699-3173439074-3564247890-1000: @my.com/Games -> C:\Users\ViP\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
CHR Extension: (Slides) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-19]
CHR Extension: (Adblock Plus) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-28]
CHR Extension: (OneTab) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (Google Search) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-15]
CHR Extension: (Sheets) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-10-06]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-12-20]
CHR Extension: (Gmail) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-09-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-15] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-09] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 Disc Soft Lite Bus Service; B:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-10] (EasyAntiCheat Ltd)
R2 HiPatchService; B:\Program Files (x86)\Hirez\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
R2 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [20712 2017-05-11] (HTC Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
S2 MBAMService; B:\Program Files (x86)\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Origin Client Service; B:\Program Files (x86)\Origin\OriginClientService.exe [2134848 2017-11-22] (Electronic Arts)
R2 Origin Web Helper Service; B:\Program Files (x86)\Origin\OriginWebHelperService.exe [3014472 2017-11-22] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-03-04] (Power Admin LLC)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; D:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-12-20] (Microsoft Corporation)
S3 Viveport; B:\Program Files (x86)\ViveSetup\PCClient\ViveportService.exe [74472 2017-05-17] ()
S3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [342264 2017-12-20] (Microsoft Corporation)
S2 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-12-20] (Microsoft Corporation)
S3 WMPNetworkSvc; D:\Program Files\Windows Media Player\wmpnetwk.exe [1177088 2017-12-20] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66136 2017-06-12] (Broadcom Corporation.)
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-19] (Samsung Electronics Co., Ltd.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [108608 2016-09-24] (Dokan Project)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-09-20] (Disc Soft Ltd)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-20] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinRing0_1_2_0; B:\Program Files (x86)\Nvidia\Precx\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-20] (Zemana Ltd.)
U3 idsvc; no ImagePath
R3 udiskMgr; system32\drivers\zdgjmq.sys [X]
S1 wvfilters64; \??\C:\Users\ViP\AppData\Local\Microsoft\Windows\Symbols\wvfilters64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-20 18:53 - 2017-12-20 18:56 - 000000000 ____D C:\FRST
2017-12-20 18:50 - 2017-12-20 18:50 - 000140112 ____N C:\WINDOWS\system32\Drivers\siapsvzc.sys
2017-12-20 18:29 - 2017-12-20 18:40 - 000000000 ____D C:\AdwCleaner
2017-12-20 18:26 - 2017-12-20 19:10 - 000186745 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-20 18:26 - 2017-12-20 19:10 - 000162852 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-20 18:26 - 2017-12-20 18:26 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-20 18:26 - 2017-12-20 18:26 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-12-20 18:26 - 2017-12-20 18:26 - 000001681 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-12-20 18:26 - 2017-12-20 18:26 - 000000000 ____D D:\Program Files (x86)\Zemana AntiMalware
2017-12-20 18:26 - 2017-12-20 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-12-20 18:25 - 2017-12-20 18:25 - 000000000 ____D C:\Users\ViP\AppData\Local\Zemana
2017-12-20 14:07 - 2017-12-20 14:09 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-20 13:47 - 2017-12-20 13:47 - 000317960 _____ C:\Users\ViP\Desktop\sfcdetails.txt
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Security
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Portable Devices
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Photo Viewer
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows NT
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Multimedia Platform
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Defender Advanced Threat Protection
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Windows Defender
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\Reference Assemblies
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files\MSBuild
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Windows Portable Devices
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Windows Photo Viewer
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Windows NT
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Windows Multimedia Platform
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Windows Defender
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\Reference Assemblies
2017-12-20 13:43 - 2017-12-20 13:43 - 000000000 ____D D:\Program Files (x86)\MSBuild
2017-12-19 21:39 - 2017-12-20 10:51 - 000000000 ____D C:\Users\ViP\Documents\Command and Conquer 4
2017-12-19 21:38 - 2017-12-19 22:22 - 000000000 ____D C:\Users\ViP\AppData\Roaming\Command and Conquer 4
2017-12-19 21:31 - 2017-12-19 21:31 - 000000990 _____ C:\Users\ViP\Desktop\CNC4 - Shortcut.lnk
2017-12-19 17:15 - 2017-12-19 17:15 - 000000000 ____D C:\Users\ViP\AppData\Roaming\FiraxisLive
2017-12-19 17:15 - 2017-12-19 17:15 - 000000000 ____D C:\Users\ViP\AppData\Local\My Games
2017-12-19 17:15 - 2017-12-19 17:15 - 000000000 ____D C:\ProgramData\Steam
2017-12-19 17:14 - 2017-12-19 17:14 - 000000967 _____ C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth Launcher.lnk
2017-12-19 17:14 - 2017-12-19 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-12-16 23:13 - 2017-12-16 23:13 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1189366699-3173439074-3564247890-1001
2017-12-16 23:13 - 2017-12-16 23:13 - 000000000 ____D C:\Users\SirViP\Documents\Heroes of the Storm
2017-12-16 23:12 - 2017-12-16 23:13 - 000002370 _____ C:\Users\SirViP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-16 23:12 - 2017-12-16 23:13 - 000000000 ___RD C:\Users\SirViP\OneDrive
2017-12-16 23:12 - 2017-12-16 23:13 - 000000000 ____D C:\Users\SirViP\AppData\Roaming\Battle.net
2017-12-16 23:12 - 2017-12-16 23:13 - 000000000 ____D C:\Users\SirViP\AppData\Local\Battle.net
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Roaming\Corsair
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Roaming\ControlCenter4
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Local\Corsair
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Local\Comms
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Local\CEF
2017-12-16 23:12 - 2017-12-16 23:12 - 000000000 ____D C:\Users\SirViP\AppData\Local\Blizzard Entertainment
2017-12-16 23:11 - 2017-12-16 23:13 - 000000000 ____D C:\Users\SirViP\AppData\Local\Packages
2017-12-16 23:11 - 2017-12-16 23:13 - 000000000 ____D C:\Users\SirViP\AppData\Local\NVIDIA Corporation
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Roaming\Adobe
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\VirtualStore
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\Publishers
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\NVIDIA
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\Logitech
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\Google
2017-12-16 23:11 - 2017-12-16 23:11 - 000000000 ____D C:\Users\SirViP\AppData\Local\ConnectedDevicesPlatform
2017-12-16 22:54 - 2017-12-20 18:13 - 000000000 ____D C:\Users\SirViP
2017-12-16 22:54 - 2017-12-18 18:52 - 000000000 ____D C:\Users\SirViP\AppData\Local\pscdvnw
2017-12-16 22:54 - 2017-12-16 22:54 - 000000020 ___SH C:\Users\SirViP\ntuser.ini
2017-12-16 22:54 - 2017-12-16 22:54 - 000000000 ____D C:\Users\SirViP\AppData\Local\TileDataLayer
2017-12-16 22:54 - 2017-01-21 13:11 - 000000000 ____D C:\Users\SirViP\AppData\Roaming\Media Center Programs
2017-12-16 22:25 - 2017-12-16 22:25 - 000000000 ____D C:\WINDOWS\pss
2017-12-10 09:29 - 2017-12-10 09:29 - 000000665 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-12-10 09:29 - 2017-12-10 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-12-10 09:00 - 2017-12-10 09:00 - 000000000 ____D C:\Users\ViP\AppData\Local\FortniteGame
2017-12-09 16:14 - 2017-12-09 16:14 - 000000000 ____D D:\Program Files\Epic Games
2017-12-09 16:09 - 2017-12-09 16:09 - 000000951 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-12-09 16:09 - 2017-12-09 16:09 - 000000951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-12-08 21:41 - 2017-12-10 15:13 - 000000000 ____D C:\Users\ViP\Documents\Heroes of the Storm
2017-12-07 19:29 - 2017-12-19 17:05 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-12-07 18:17 - 2017-12-07 18:17 - 000000000 ____D C:\Nexon
2017-12-07 17:55 - 2017-12-07 18:17 - 000000000 ____D C:\Users\ViP\AppData\Roaming\NexonLauncher
2017-12-07 13:17 - 2017-12-07 13:33 - 000000804 _____ C:\Users\Public\Desktop\Dungeon Siege 2.lnk
2017-12-07 13:17 - 2017-12-07 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Siege 2
2017-12-04 12:29 - 2017-12-04 12:29 - 000000615 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-12-04 12:29 - 2017-12-04 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-12-04 12:28 - 2017-12-17 00:13 - 000000000 ____D D:\Program Files (x86)\Battle.net
2017-12-04 12:06 - 2017-12-04 12:10 - 000000000 ____D D:\Program Files (x86)\Google
2017-12-03 18:40 - 2017-12-03 18:40 - 000000000 ____D D:\Program Files\NVIDIA Corporation
2017-12-03 12:29 - 2017-12-03 14:22 - 000000000 ____D C:\Users\ViP\AppData\Local\igfxmtc
2017-12-01 00:23 - 2017-12-01 00:23 - 000000559 _____ C:\Users\Public\Desktop\Fallout 4.lnk
2017-11-30 17:29 - 2017-11-30 17:29 - 000000000 ___HD C:\$Windows.~WS
2017-11-25 20:22 - 2017-11-25 20:22 - 000000000 ____D C:\Users\ViP\Documents\MercurySteam
2017-11-25 19:10 - 2017-11-30 18:58 - 000000000 ____D C:\ESD
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-20 19:09 - 2017-11-17 17:52 - 000000000 ____D C:\Users\ViP\AppData\Local\scaomwd
2017-12-20 18:57 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-20 18:54 - 2017-08-20 17:25 - 004502980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-20 18:51 - 2017-08-20 17:24 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-20 18:51 - 2015-07-29 02:07 - 001048576 _____ C:\WINDOWS\PE_Rom.dll
2017-12-20 18:50 - 2017-11-17 17:51 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\atkzoxrsvc.exe
2017-12-20 18:50 - 2017-08-20 17:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-20 18:50 - 2017-03-18 06:40 - 016252928 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-20 18:50 - 2017-03-18 06:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-12-20 18:49 - 2016-06-24 13:32 - 000000875 _____ C:\Users\ViP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-12-20 18:41 - 2017-08-20 17:23 - 000388424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-20 18:40 - 2015-08-18 20:57 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-20 18:38 - 2015-12-23 00:07 - 000000000 ____D C:\Users\ViP\AppData\Local\CrashDumps
2017-12-20 18:26 - 2017-08-20 17:31 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1BF6FFE7-CF6A-488C-BF99-C3FF7A7DF6CB}
2017-12-20 18:20 - 2015-07-29 02:12 - 000000000 _____ C:\WINDOWS\Path.idx
2017-12-20 18:08 - 2016-03-24 13:10 - 000000000 ____D C:\Users\ViP\AppData\Roaming\discord
2017-12-20 18:02 - 2017-11-17 22:52 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-20 17:18 - 2017-08-20 17:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-20 14:09 - 2017-11-17 18:36 - 000000000 ____D C:\WINDOWS\Panther
2017-12-20 14:09 - 2017-08-20 17:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-12-20 14:09 - 2017-08-20 17:33 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-12-20 13:53 - 2017-08-20 17:25 - 000000000 ____D C:\Users\ViP
2017-12-20 12:49 - 2017-08-20 17:31 - 000003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1491289388
2017-12-20 10:53 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-20 00:13 - 2015-07-29 05:58 - 000000000 ____D C:\Users\ViP\AppData\Roaming\uTorrent
2017-12-19 17:15 - 2015-07-28 15:23 - 000000000 ____D C:\Users\ViP\Documents\My Games
2017-12-19 17:05 - 2017-06-12 17:37 - 000000000 ____D C:\temp
2017-12-19 16:44 - 2017-08-20 17:25 - 000000000 ____D C:\Users\DefaultAppPool
2017-12-18 18:34 - 2017-06-02 00:45 - 000000000 ____D C:\Users\ViP\AppData\Local\Battle.net
2017-12-16 23:11 - 2016-11-20 13:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-16 22:54 - 2016-03-04 16:42 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-14 09:42 - 2015-09-03 11:16 - 000000000 ____D C:\Users\ViP\AppData\Local\Packages
2017-12-12 23:34 - 2017-11-17 23:07 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-12 10:31 - 2017-11-17 23:35 - 000001303 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-12 10:31 - 2017-11-17 23:35 - 000001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-11 22:16 - 2016-03-24 13:13 - 000000000 ____D C:\Users\ViP\AppData\Local\Discord
2017-12-10 15:12 - 2017-06-02 00:46 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-12-10 10:01 - 2015-11-06 15:18 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-12-10 09:00 - 2015-11-01 22:33 - 000000000 ____D C:\Users\ViP\AppData\Local\UnrealEngine
2017-12-09 16:10 - 2016-08-22 20:46 - 000000000 ____D C:\Users\ViP\AppData\Local\EpicGamesLauncher
2017-12-07 19:29 - 2017-05-20 21:59 - 000000922 _____ C:\Users\ViP\Desktop\MapleStory.lnk
2017-12-07 18:18 - 2017-05-21 00:05 - 000001140 _____ C:\Users\ViP\Documents\mapleaccs.txt
2017-12-04 15:36 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-03 18:13 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-03 18:12 - 2017-08-20 17:31 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:31 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-03 18:12 - 2017-08-20 17:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-03 18:12 - 2016-07-24 18:14 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-02 21:09 - 2017-11-17 18:38 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-01 21:25 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 21:25 - 2017-03-18 16:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 17:26 - 2015-09-03 11:17 - 000000000 ___RD C:\Users\ViP\OneDrive
2017-11-30 12:37 - 2015-07-30 23:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-25 19:08 - 2015-10-01 14:31 - 000000000 ____D C:\Users\ViP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-11-24 14:40 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-24 08:45 - 2017-06-30 09:51 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-21 11:11 - 2010-11-20 22:27 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-06-24 14:30 - 2016-06-27 02:30 - 000000071 _____ () C:\Users\ViP\AppData\Roaming\WB.CFG
2017-11-17 17:50 - 2017-11-17 17:50 - 000140800 _____ () C:\Users\ViP\AppData\Local\installer.dat
2016-02-01 20:13 - 2016-02-01 20:13 - 000007618 _____ () C:\Users\ViP\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Windows\Tasks\{13CCA715-9BA4-4D2E-6647-62690FCAE51B}.job
 
 
Some files in TEMP:
====================
2017-11-17 17:50 - 2017-11-17 17:50 - 000850432 _____ () C:\Users\ViP\AppData\Local\Temp\browser_air_setup.exe
2017-11-17 17:54 - 2017-11-17 17:54 - 000931128 _____ () C:\Users\ViP\AppData\Local\Temp\FastDataX.exe
2017-11-17 18:03 - 2017-10-30 22:22 - 001028096 _____ () C:\Users\ViP\AppData\Local\Temp\hexa_config.exe
2017-11-17 17:50 - 2017-11-17 17:52 - 005885952 _____ () C:\Users\ViP\AppData\Local\Temp\setup (1).exe
2017-11-17 17:50 - 2017-11-17 17:50 - 000000300 _____ () C:\Users\ViP\AppData\Local\Temp\xkom.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\siapsvzc.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2017-12-18 20:07
 
==================== End of FRST.txt ============================


Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Invisibles (20-12-2017 19:12:35)
Running from D:\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-08-20 22:42:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1189366699-3173439074-3564247890-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1189366699-3173439074-3564247890-503 - Limited - Disabled)
Guest (S-1-5-21-1189366699-3173439074-3564247890-501 - Limited - Disabled)
Invisibles (S-1-5-21-1189366699-3173439074-3564247890-1000 - Administrator - Enabled) => C:\Users\ViP
SirViP (S-1-5-21-1189366699-3173439074-3564247890-1001 - Administrator - Enabled) => C:\Users\SirViP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
Acquisition version 0.6a (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.6a - )
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
Amazon Kindle (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Attack.on.Titan.[v1.02+4Dlcs]-ALI213 version 1.02 (HKLM-x32\...\{00054C64-40C5-4538-BB25-1DEC9CE991F0}}_is1) (Version: 1.02 - Ali213.net)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brother MFL-Pro Suite MFC-J650DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 Digital Deluxe Edition Content (HKLM-x32\...\{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DC Universe Online (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\DGC-DC Universe Online) (Version: 1.0.3.191 - Daybreak Game Company)
DC Universe Online Live (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\DG0-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dokan Driver (x64) (HKLM\...\{C550A790-4D58-4918-824A-192461614F6B}) (Version: 1.1.0.2 - HTC Corp.) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version:  - Microsoft)
Epic Games Launcher (HKLM-x32\...\{AAA3417F-FEAD-4AF7-9C01-9FAE1BB44E3D}) (Version: 1.1.134.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.3.9 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HTC Account (HKLM\...\{17B9D00F-929D-481E-8D7D-0AB82DDDC967}) (Version: 1.1.4.0 - HTC Corporation) Hidden
IdleMaster (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Marvel Ultimate Alliance 2 (HKLM-x32\...\Marvel Ultimate Alliance 2_is1) (Version:  - )
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.10 - Electronic Arts)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth Shadow of War Gold Edition version final (HKLM-x32\...\Middle-earth Shadow of War Gold Edition_is1) (Version: final - The)
Middle-earth. Shadow of War - Gold Edition - Version 1.0 (HKLM-x32\...\Middle-earth. Shadow of War - Gold Edition_is1) (Version: 1.0 - RePack by VickNet)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Firefox 49.0.2 (x86 en-US) (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\MyComGames) (Version: 3.210 - My.com B.V.)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.56.0 - Black Tree Gaming)
Nitronic Rush (2012-12-21 .2) version 20121221.1 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20121221.1 - DigiPen)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.2.1.53862 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{b05517a5-78c9-4c02-86f4-5ad4db5b469d}) (Version: 2.2.1.53862 - Grinding Gear Games)
Pazera Free Audio Extractor 2.2 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 2.2 - Jacek Pazera)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PoESkillTree - Ascendancy (HKLM-x32\...\{B5012C21-ECA4-41AF-ABD1-F549D019B7A9}_is1) (Version: 2.2.5 - PoESkillTree Team)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.2.13009.198 - raidcall.com.ru)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Sid Meiers Civilization Beyond Earth version 1.1.2.4035 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: 1.1.2.4035 - Mr DJ)
Skyforge MyCom (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\Skyforge MyCom) (Version: 1.175 - My.com B.V.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.24.4493.1 - Hi-Rez Studios)
Songbird 2.2.0 (Build 2453) (HKLM-x32\...\Songbird-release-2453) (Version:  - )
Spotify (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
TP-LINK Archer T9E Driver (HKLM-x32\...\{59516745-D476-49FD-B281-371844FA1C21}) (Version: 1.3.1 - TP-LINK)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Vive (HKLM-x32\...\{4629c313-85a5-46e9-9828-e5929ad02d7d}) (Version: 1.0.8889.1047 - HTC Corp.) Hidden
Vive (HKLM-x32\...\{FEE07BD4-7193-4206-BF1F-8E5262FAE7A2}) (Version: 1.0.8889.1047 - HTC Corp.) Hidden
VIVE Software (HKLM-x32\...\VIVE Software) (Version: 1.0.1.109 - HTC)
ViveDriver (HKLM-x32\...\{8ff389b7-122a-494c-9d04-cb3165b8738d}) (Version: 1.1.0.8 - HTC Corp.)
ViveDummy (HKLM-x32\...\{1F9BDD9F-AB3D-4384-A080-80E713702ADE}) (Version: 0.9.0.4 - HTC) Hidden
VivePhoneServices (HKLM-x32\...\{51692281-D7BE-4F58-AA39-EC26FC082934}) (Version: 1.1.0.4 - HTC Corp.) Hidden
Viveport Companion (HKLM-x32\...\{10c7cec3-6b98-463d-8da7-f5a04870e20a}) (Version: 0.7.0.9 - HTC Corp.)
Viveport Companion (x86) (HKLM-x32\...\{8499FE70-D26B-44E6-9592-1627DB25BD60}) (Version: 0.7.0.9 - HTC Corp.) Hidden
Viveport Diagnosis (HKLM-x32\...\{cd75c1df-2543-47fa-adc9-bfef4d9bb823}) (Version: 1.2.0.25 - HTC Corp.)
Viveport Diagnosis (x86) (HKLM-x32\...\{C786A059-4953-4C54-9AE4-0F77CDEAED23}) (Version: 1.2.0.25 - HTC Corp.) Hidden
Viveport DirectX 9.0 (HKLM-x32\...\{be57836a-f280-46c1-ac84-5292ef323e92}) (Version: 1.1.0.3 - HTC Corp.)
Viveport DirectX 9.0 (x86/x64) (HKLM-x32\...\{58771A37-9B07-4B85-82D4-6189623F2255}) (Version: 1.1.0.3 - HTC Corp.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.33 - NCH Software)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
WordPress.com (HKLM-x32\...\WordPress.com) (Version:  - Automattic, Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1189366699-3173439074-3564247890-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\ViP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1189366699-3173439074-3564247890-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\ViP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1189366699-3173439074-3564247890-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\ViP\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-20] ()
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => B:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => B:\Program Files (x86)\Winzip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => B:\Program Files (x86)\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => B:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => B:\Program Files (x86)\Winzip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-20] ()
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => B:\Program Files (x86)\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => B:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-06-07] (Power Software Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => B:\Program Files (x86)\Winzip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02B4F3AD-3BDC-44BA-836E-23282271DA11} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {08C80426-1155-4F21-A136-6640875E5947} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08E64E77-AA46-4555-91FB-BE58744095BB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09D77B42-E48A-48BA-B032-1B414E7361C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CCE210E-D6A7-438E-8F70-3B85D0E1C2FF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F1F65D9-E4EE-4ED3-BCC2-0AAFBFE52D92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {12CF54F6-A199-464E-908C-5936DD77D621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)
Task: {17D4FF10-D456-47C5-9C72-3C1678443DF3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {180D6440-41BC-4E29-AEDE-871F92761AFE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1189366699-3173439074-3564247890-1001 => C:\Users\ViP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {1977279E-0B91-43E6-A372-B02911E8A5FF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1AA4AD6C-8642-4AC2-92E9-78909C9ED5AA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {1EBF9451-1A5D-40E7-9EF0-42D438045915} - System32\Tasks\MSI File Uploader => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MSI File Uploader\MSI File Uploader.dll",YDTxhFFVzx <==== ATTENTION
Task: {1FB339CD-D5CD-4935-B186-33FB85365645} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {25155A8E-6C14-47A5-AB54-35DD96734C8E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2667E666-7B5E-4D68-B2A9-A5959D82C8BF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2DB0EDDE-B202-41EA-BF4F-184143F650E2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2FE943EC-E425-40A1-B040-048B6FF19232} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {31EC347C-38D9-4B07-9B36-493C8D005337} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {32F3CFFF-57CD-4791-BC2A-3B7735E69FB4} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {3444506B-0788-4F47-B634-8DB10915BF81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {350311F8-672A-4F3E-8FA0-D45CE5093E1E} - System32\Tasks\{F397F98B-1B9A-4D91-AD3B-49EA8EE62813} => rundll32.exe "C:\Users\ViP\AppData\Local\Microsoft\Common Files\cache.dat",StaticCache
Task: {37C022A2-A8C2-40EA-8771-3E554EE420F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A15E67E-5592-4BA1-96FF-89854D8FE82A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3C176D4A-329F-45FC-AE3F-A1B10C9A0572} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4252904B-FA43-4E47-9C2C-C311FE111F91} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {45AA6E7A-5F6F-4594-920A-D758E6471E0D} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {460EA52B-3F3B-41F2-A5A6-953E8EDDDF4C} - System32\Tasks\{5DC18CEC-A5D6-48E3-AF2E-0B0465691F15} => C:\WINDOWS\Windows\ProgramData\svchost.exe <==== ATTENTION
Task: {4951DBB0-3C99-4A22-B2CB-003EBC0F99A7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4C3C5BDB-5B31-4A01-A2EF-FC95CF818136} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4D1DEE88-0205-49FB-925C-9E2A3ED60F71} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5F787A09-6496-4FA7-BD85-7408EA5BAB94} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {67E68BE7-D432-4FB0-AA67-3B66852A5E1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {69414AAF-75B4-438F-BD41-207CD7380AD9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C3FB866-DA17-4206-BAAE-028FA1EC4492} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {760300E7-609E-4E76-8C9F-1CCE9911AC19} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {8671D023-E0C2-4C94-ACF3-F0613D9F7F50} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8678531C-642F-46DD-964B-52C860900F86} - System32\Tasks\{13CCA715-9BA4-4D2E-6647-62690FCAE51B} => C:\Users\ViP\AppData\Roaming\{9D15A~1\helper.exe <==== ATTENTION
Task: {875C8DA1-CBD4-40C0-A171-B0AC732168B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {878086B9-2192-4136-8864-C38655EC49AA} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe [2013-08-26] (ASUSTeK Computer Inc.)
Task: {8F9D5065-FA01-40DE-9403-C96C86D02BD4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {92D8FA97-991B-4A59-A7A2-059CC85BA763} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9BC4556A-E4D2-4A07-A68B-288EEBE2FF91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A7EBDAD6-5BCB-473D-B798-DB2F0A4F7402} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {A981E837-CA01-4616-AFB1-6F555005EBC7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {AF373DA8-3CCD-414A-A694-46530969444F} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-10-18] ()
Task: {B247F6FE-1F58-4059-A96B-D0E712733EC9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2C822CF-DCB2-4DFF-9641-834F867AE8E1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B49FFFE2-E3BE-4A4A-9664-63F96D9CC0B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE7E3B05-A994-4053-B62A-F404587F9F54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-29] (Google Inc.)
Task: {C6D87C99-0D76-42B0-A04E-89233E9CA4B6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CEF9D00C-7B2A-46CB-A683-8C016184AA4F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D1799E1D-6195-4E99-9638-897797B07536} - System32\Tasks\Opera scheduled Autoupdate 1491289388 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {D89EBD6E-3AE5-49AA-953C-EDC14AB6BF9D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DB435169-33EF-49EC-A6A3-694784371D5A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E4236F23-7D84-4DFF-AF87-37B956CD7761} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E9B81B20-0D5D-4374-B985-4D1274FAC13A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EE0A2FCC-9D41-4474-810B-1C0868177E7C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F427F673-1253-4C7E-8E08-2AA7F22C0936} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {F4E19B0E-AAF8-4CCD-B1A8-FDA1C2F66777} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-14] (Microsoft Corporation)
Task: {FA56B0C3-92E9-45F5-9156-4B559C68A04C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB1E91B7-2350-4ECC-BD3C-0338F73DB52C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\{13CCA715-9BA4-4D2E-6647-62690FCAE51B}.job => C:\Users\ViP\AppData\Roaming\{9D15A~1\helper.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\ViP\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> B:\Program Files (x86)\Firefox\firefox.exe (Mozilla Corporation)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-12-04 12:13 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-03-15 14:09 - 2005-04-21 23:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-09-03 03:30 - 2015-09-03 03:29 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-12-20 18:26 - 2017-12-20 18:26 - 000155504 _____ () D:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-14 18:59 - 2014-01-21 18:40 - 000817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-04-28 17:49 - 2016-04-28 17:49 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-04-28 17:49 - 2016-04-28 17:49 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-11-17 23:35 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-17 23:35 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2015-09-03 03:36 - 2017-12-20 18:50 - 000037376 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-09-03 03:30 - 2015-09-03 03:29 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-12-04 12:13 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-29 01:09 - 2013-08-05 13:14 - 000176128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\DLCapPP.dll
2015-07-29 01:09 - 2012-05-02 20:04 - 000233472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\AudioProjection.dll
2015-07-29 01:09 - 2010-12-14 19:46 - 000067584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\CoreAudioCap.dll
2015-07-29 01:09 - 2013-06-11 14:06 - 000425984 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\awiscale.DLL
2015-07-29 01:09 - 2010-10-29 20:58 - 000221184 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\JpegCD.DLL
2015-07-29 01:09 - 2013-08-06 22:04 - 002502656 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\xH264E.DLL
2015-07-29 01:09 - 2012-01-12 18:44 - 000475136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFiGO_HookKey.dll
2015-07-29 01:09 - 2013-06-13 19:37 - 000156160 _____ () C:\Program Files (x86)\InstallShield Installation Information\{104BE4B8-D1DB-4170-977B-364960893DC8}\CloudAPI\CloudAPI.dll
2015-07-29 01:09 - 2013-03-21 21:38 - 000716800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiMoveHelp.dll
2015-07-29 01:09 - 2012-04-25 16:47 - 000659456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\PhoneCtrlAPI.dll
2015-07-29 01:10 - 2013-08-19 19:23 - 000043520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-07-29 01:10 - 2013-08-19 19:21 - 000253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-08-14 18:59 - 2014-01-21 18:40 - 000149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-07-29 01:09 - 2012-02-06 23:08 - 000253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\pngio.dll
2016-03-15 14:09 - 2009-02-27 18:38 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-03-23 13:04 - 2016-03-23 13:04 - 000091136 _____ () B:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 13:02 - 2016-03-23 13:02 - 000224256 _____ () B:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 13:02 - 2016-03-23 13:02 - 000200704 _____ () B:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2017-12-11 22:16 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\ViP\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-11 22:16 - 2017-12-11 22:16 - 001886712 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-11 22:16 - 2017-12-11 22:16 - 001773560 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-11 22:16 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\ViP\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 22:16 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\ViP\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-11 22:16 - 2017-12-11 22:16 - 009802232 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-11 22:16 - 2017-12-11 22:16 - 001505784 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-11 22:16 - 2017-12-11 22:16 - 000513016 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-11 22:16 - 2017-12-11 22:16 - 002662904 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-11 22:16 - 2017-12-11 22:16 - 001517048 _____ () \\?\C:\Users\ViP\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\ViP\AppData\Local\Temp:$DATA​ [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-12-20 18:40 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ViP\Pictures\npr_anesthesia_sarawong_wide-359e30574964e736cf445a3d02040ab7399c9e1a-s1600-c85.jpeg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Cmaudio8788"
HKLM\...\StartupApproved\Run32: => "HTC Store User Content Helper"
HKU\S-1-5-21-1189366699-3173439074-3564247890-1000\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 2540 series.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{317CABF6-F65D-4505-9097-EDA264897E73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{91700A5C-245F-4BD2-8AE7-180E21A6D119}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{5331A132-C39F-455A-A901-3CC525F398FA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{AB53B425-D299-45B0-99EA-A5696060103D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{331870FA-A08A-4B86-8D3A-EBB9C1C08FF3}] => (Allow) LPort=2869
FirewallRules: [{84EFA359-5298-4AA4-8293-D4F82D850468}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{274E5D9A-B563-4D24-A108-B43FFBE105A3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5BA7D99C-851E-4BB1-86F7-0B95E90CE681}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{EB908F1E-4E25-4A64-8064-8E7CFC499E1F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{2A713E37-74F0-47B7-9538-7053753C2424}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{584362DE-2329-41A0-86C1-6166254937FF}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\ASUSDMS.exe
FirewallRules: [{79012334-0B83-44F2-B681-44F9B2050197}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\ASUSDMS.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/20/2017 07:12:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-11-27T00:12:36Z. Error Code: 0x80070005.
 
Error: (12/20/2017 07:12:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
 
Error: (12/20/2017 07:12:33 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (3212) Catalog Database: An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/20/2017 07:12:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
 
Error: (12/20/2017 07:12:23 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (3212) Catalog Database: An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/20/2017 07:12:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
 
Error: (12/20/2017 07:12:13 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (3212) Catalog Database: An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/20/2017 07:12:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-11-27T00:12:05Z. Error Code: 0x80070005.
 
Error: (12/20/2017 07:12:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
 
Error: (12/20/2017 07:12:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (3212) Catalog Database: An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/20/2017 06:57:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 2017-12 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4053580).
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/20/2017 06:51:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-20 18:38:08.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-16 11:12:47.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-12 23:35:14.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-10 11:18:43.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-06 23:46:21.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 15:36:21.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-03 14:55:03.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 14:54:23.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-30 22:59:02.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-30 16:17:53.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-8370 Eight-Core Processor 
Percentage of memory in use: 38%
Total physical RAM: 16298.14 MB
Available physical RAM: 10026.91 MB
Total Virtual: 23722.14 MB
Available Virtual: 16271.13 MB
 
==================== Drives ================================
 
Drive b: (SSHD) (Fixed) (Total:1863.01 GB) (Free:41.17 GB) NTFS
Drive c: () (Fixed) (Total:110.85 GB) (Free:9.52 GB) NTFS
Drive d: (WDB) (Fixed) (Total:465.76 GB) (Free:134.73 GB) NTFS
Drive e: (J_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4C41266D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=861 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4850F503)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F04FC28E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


#5 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 20 December 2017 - 10:16 PM

I went to the file location of the trojan.bitcoinminer and the trojan.yelloader and deleted them and removed them from recycle bin. They don't show up on scan anymore, but the registry keys do despite malwarebytes having "quarantined" them. I'm still not 100% sure the bitcoinminer went away either, but I'm hoping it did as I'm seeing some performance changes. 



#6 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 06:22 AM

Did a scan with eset, this is log:
 

B:\win7.iso Win32/HackTool.WinActivator.J potentially unsafe application
C:\Users\ViP\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c JS/CoinMiner.F potentially unwanted application
C:\Users\ViP\AppData\Local\Microsoft\Windows\Symbols\multitask.dat a variant of Win32/Agent.YXG trojan
C:\Users\ViP\AppData\Local\Temp\browser_air_setup.exe a variant of Win32/SpeedBit.CD potentially unwanted application
C:\Users\ViP\AppData\Local\Temp\Injustice.2.Ultimate.EditionFULL.UNLOCKED.torrent a variant of MSIL/WebCompanion.A potentially unwanted application
C:\Users\ViP\AppData\Local\Temp\Pee24FC.tmp a variant of Win32/SpeedBit.CR potentially unwanted application
C:\Users\ViP\AppData\Local\Temp\Pee4068.tmp a variant of Win32/SpeedBit.CR potentially unwanted application
C:\Users\ViP\AppData\Local\Temp\Per4072.tmp a variant of Win32/SpeedBit.CI potentially unwanted application
C:\Users\ViP\AppData\Local\Temp\setup (1).exe a variant of Win64/BitCoinMiner.DC potentially unsafe application
C:\Users\ViP\AppData\Local\Temp\TIB4058.tmp a variant of Win32/SpeedBit.CI potentially unwanted application
C:\Users\ViP\AppData\Roaming\0ktpljzqemz\ow4vbwohvd0.exe a variant of Win32/Adware.Agent.NSU application
C:\Users\ViP\AppData\Roaming\gg5t5qtkeuf\1tjp0m33jop.exe a variant of Win32/Adware.Agent.NSU application
C:\Users\ViP\AppData\Roaming\GPUBoost\GPUBoost_nvidia.exe a variant of Win64/BitCoinMiner.CF potentially unsafe application
C:\Users\ViP\AppData\Roaming\kwsqmpwwlxi\ztekn2t5dz5.exe a variant of Win32/Adware.Agent.NSU application
C:\Users\ViP\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe a variant of Win64/BitCoinMiner.CZ potentially unsafe application
C:\Users\ViP\AppData\Roaming\ppisls5x2v2\00lvyieglsu.exe a variant of Win32/Adware.Agent.NSU application
C:\Users\ViP\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\Downloads\ccsetup538.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\ccsetup538pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\DJ2540_188.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\HoxHud P9.1.12 Self-installer.zipx a variant of Win32/Packed.Themida suspicious application
D:\Downloads\Injustice_2_Ultimate_EditionFULL_UNLOCKED.zip a variant of Win32/Kryptik.FZDU trojan
D:\Downloads\Marvel.Ultimate.Alliance.2.Update.v20160804-CODEX.rar a variant of Win32/HackTool.Crack.ES potentially unsafe application
D:\Downloads\uTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\Downloads\Marvel.Ultimate.Alliance.2.Update.v20160804-CODEX\Marvel.Ultimate.Alliance.2.Update.v20160804-CODEX\Update\Setup.exe a variant of Win32/HackTool.Crack.ES potentially unsafe application
D:\Downloads\maxpc\PowerISO6-x64.exe Win32/FusionCore.L potentially unwanted application
D:\MyGames\Mr DJ\Sid Meiers Civilization Beyond Earth\steamclient.dll a variant of Win32/HackTool.Crack.EA potentially unsafe application
D:\MyGames\Mr DJ\Sid Meiers Civilization Beyond Earth\steam_apir.dll a variant of Win32/HackTool.Crack.EN potentially unsafe application


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 21 December 2017 - 06:56 AM

Good! Now, open FRST and copy/paste the following inside the text area. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Copy/paste it in your next reply.
Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
End::

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 10:45 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Invisibles (21-12-2017 10:44:27) Run:1
Running from D:\Downloads
Loaded Profiles: Invisibles (Available Profiles: Invisibles & SirViP & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileCrypt             D:                                        141100     FileCrypt Instance        0     00000003  
FileInfo              E:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              C:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              D:                                         40500     FileInfo                  0     00000003  
FileInfo              B:                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000003  
WdFilter              E:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              D:                                        328010     WdFilter Instance         0     00000007  
WdFilter              B:                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   D:                                         40700     Wof Instance              0     00000003  
Wof                   B:                                         40700     Wof Instance              0     00000003  
ZAM                   E:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                                                              80681     ZAMDefaultFilter          0     00000000  
ZAM                   C:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                                                              80681     ZAMDefaultFilter          0     00000000  
ZAM                   D:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                   B:                                         80681     ZAMDefaultFilter          0     00000000  
ZAM                   \Device\Mup                                80681     ZAMDefaultFilter          0     00000000  
luafv                 C:                                        135000     luafv                     0     00000003  
luafv                 D:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
tngbxla               C:                                         45666     tngbxla Instance          0     00000000  
tngbxla               \Device\Mup                                45666     tngbxla Instance          0     00000000  
udiskMgr              E:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              C:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              D:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              B:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              \Device\Mup                                45888     udiskMgr Instance         0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  
wcifs                 D:                                        189900     wcifs Instance            0     00000000  
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C has no label.
 Volume Serial Number is 48D1-C3E2
 
 Directory of C:\Windows\system32\drivers
 
12/20/2017  11:23 PM    <DIR>          .
12/20/2017  11:23 PM    <DIR>          ..
03/18/2017  03:56 PM           238,080 1394ohci.sys
03/18/2017  03:56 PM           107,424 3ware.sys
07/28/2017  12:23 AM           723,360 acpi.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
09/05/2017  12:11 AM           610,720 afd.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
09/30/2017  12:40 AM           184,728 appid.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  09:30 PM           127,904 AppVStrm.sys
03/18/2017  09:30 PM           161,696 AppvVemgr.sys
03/18/2017  09:30 PM           143,776 AppvVfs.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
09/29/2017  02:32 AM            35,840 BasicRender.sys
03/18/2017  03:56 PM            36,256 battc.sys
06/12/2017  12:18 PM           109,252 BCM20703A1_001.001.005.0214.0481.hex
03/18/2017  03:56 PM             9,728 bcmfn2.sys
08/26/2015  05:33 PM         8,071,888 BCMWL664.SYS
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:56 PM           101,888 bowser.sys
07/27/2017  11:25 PM           115,712 bridge.sys
07/31/2012  06:56 AM            95,344 BrSerIb.sys
06/21/2012  08:59 PM            21,872 BrUsbSib.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
07/27/2017  11:08 PM            97,792 bthhfenum.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
06/12/2017  12:18 PM            73,984 btwsecfl.sys
06/12/2017  12:18 PM            66,136 btwusb.sys
09/04/2017  11:28 PM            39,424 buttonconverter.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:57 PM            77,216 CEA.sys
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
07/31/2017  09:38 PM           382,368 clfs.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
12/11/2013  01:09 PM         2,735,616 cmudaxp.sys
11/02/2017  12:12 AM           643,192 cng.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            56,224 condrv.sys
01/20/2016  06:10 PM            47,840 CorsairVBusDriver.sys
01/20/2016  06:10 PM            21,728 CorsairVHidDriver.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  09:30 PM           559,104 csc.sys
07/11/2017  12:40 AM           112,544 dam.sys
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:56 PM           102,816 disk.sys
11/02/2017  12:12 AM            38,808 Diskdump.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
09/24/2016  04:24 PM           108,608 dokan1.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
09/20/2015  10:16 PM            30,264 dtlitescsibus.sys
09/03/2015  03:29 AM             3,008 DTSU2P.DAT
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
09/05/2017  12:21 AM           189,344 dumpsd.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
11/01/2017  11:35 PM            25,600 Dumpstorport.sys
11/02/2017  12:13 AM         2,443,672 dxgkrnl.sys
10/15/2017  09:57 AM           409,496 dxgmms1.sys
10/15/2017  09:57 AM           712,600 dxgmms2.sys
12/10/2017  10:01 AM           807,464 EasyAntiCheat.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
08/20/2017  05:27 PM    <DIR>          en-US
03/18/2017  03:56 PM            13,824 errdev.sys
08/20/2017  05:31 PM    <DIR>          etc
03/18/2017  03:56 PM         3,419,040 evbda.sys
03/18/2017  03:57 PM           347,136 exfat.sys
07/11/2017  12:40 AM           363,424 fastfat.sys
03/18/2017  03:56 PM            32,768 fdc.sys
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
11/02/2017  12:12 AM           714,648 fvevol.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
07/11/2017  12:40 AM            86,528 hdaudbus.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
09/04/2017  11:26 PM           107,008 hidbth.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
07/11/2017  12:40 AM         1,106,848 http.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
03/18/2017  03:56 PM            19,360 intelide.sys
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:58 PM           390,144 ks.sys
09/30/2017  12:49 AM           135,576 ksecdd.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
07/11/2017  12:40 AM            27,136 ksthunk.sys
04/15/2016  12:32 PM            45,208 ladfGSS.sys
04/18/2016  08:09 PM            53,928 LGBusEnum.sys
04/18/2016  08:09 PM            85,160 LGJoyXlCore.sys
04/18/2016  08:09 PM            43,432 LGVirHid.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
11/01/2017  11:19 PM           124,928 luafv.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
12/12/2017  11:34 PM            77,432 mbae64.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM           575,904 megasr.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
08/20/2017  06:19 PM           177,664 mqac.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
09/29/2017  02:20 AM           286,208 mrxsmb10.sys
09/30/2017  12:41 AM           228,248 mrxsmb20.sys
03/18/2017  03:57 PM            31,744 msfs.sys
11/28/2012  05:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
07/28/2017  12:20 AM           279,968 msiscsi.sys
07/11/2017  12:40 AM            32,768 mskssrv.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  09:31 PM           230,816 mssecflt.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
12/20/2017  06:02 PM            94,144 mwac.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
11/02/2017  12:15 AM         1,239,448 ndis.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
02/21/2013  01:40 PM            32,840 ndisrd.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            57,760 netbios.sys
09/04/2017  11:23 PM           305,152 netbt.sys
09/05/2017  12:24 AM           519,584 netio.sys
07/11/2017  12:40 AM           118,784 netvsc.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
09/04/2017  11:25 PM            43,520 nsiproxy.sys
11/02/2017  12:16 AM         2,327,448 ntfs.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
11/09/2017  04:38 AM           233,904 nvhda64v.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
10/10/2017  08:05 PM            50,624 nvvad64v.sys
10/10/2017  08:05 PM            57,792 nvvhci.sys
09/29/2017  02:29 AM           550,400 nwifi.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:56 PM            97,792 parport.sys
09/05/2017  12:25 AM           159,648 partmgr.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:57 PM            52,640 pcw.sys
07/11/2017  12:40 AM           117,664 pdc.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
03/18/2017  09:30 PM           183,296 rdpdr.sys
03/18/2017  09:30 PM            30,624 rdpvideominiport.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM            14,336 registry.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
07/11/2017  12:40 AM            13,312 rootmdm.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
03/18/2017  03:56 PM           604,160 rt640x64.sys
03/18/2017  03:56 PM           110,496 sbp2port.sys
05/24/2016  06:06 PM           137,280 scdemu.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
09/05/2017  12:30 AM           287,648 sdbus.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
03/18/2017  03:56 PM            13,312 serscan.sys
05/18/2017  02:35 AM            57,792 SET123F.tmp
05/03/2017  03:21 PM            48,248 SETE207.tmp
03/18/2017  03:56 PM            18,432 sfloppy.sys
12/20/2017  06:50 PM           140,112 siapsvzc.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:57 PM            21,504 smclib.sys
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
09/29/2017  02:21 AM           414,208 srv.sys
09/29/2017  02:21 AM           722,944 srv2.sys
09/04/2017  11:11 PM           254,976 srvnet.sys
05/19/2017  12:17 AM           131,984 ssudbus.sys
05/19/2017  12:17 AM           166,288 ssudmdm.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
07/11/2017  12:40 AM           144,288 storahci.sys
11/02/2017  12:13 AM            95,640 stornvme.sys
11/02/2017  12:13 AM           546,712 storport.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            28,064 tbs.sys
09/30/2017  12:36 AM         2,672,024 tcpip.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            40,352 tdi.sys
07/31/2017  09:36 PM           119,712 tdx.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
07/11/2017  12:40 AM           130,464 tm.sys
07/11/2017  12:40 AM           219,040 tpm.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  09:30 PM           125,952 tsusbhub.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
09/04/2017  11:27 PM           104,960 UcmCx.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
07/27/2017  11:27 PM            51,712 UcmUcsi.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  09:31 PM            40,344 UevAgentDriver.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            57,856 umbus.sys
10/04/2017  11:59 AM    <DIR>          UMDF
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:56 PM           134,656 USBAUDIO.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
09/30/2017  12:40 AM           173,976 usbccgp.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
09/30/2017  12:45 AM           511,896 usbhub.sys
09/18/2017  06:09 PM           554,400 USBHUB3.SYS
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
03/18/2017  03:56 PM            47,104 usbscan.sys
09/04/2017  11:28 PM            71,680 usbser.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            35,328 usbuhci.sys
07/11/2017  12:40 AM           388,000 USBXHCI.SYS
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
07/11/2017  12:40 AM           730,016 vhdmp.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
07/31/2017  09:30 PM            82,336 vmbkmcl.sys
07/31/2017  08:44 PM            83,968 vmbkmclr.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            41,472 vwifimp.sys
05/20/2010  05:26 PM         2,060,144 VX3000.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
07/11/2017  12:40 AM           142,752 wcifs.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
11/12/2015  10:50 PM            26,880 wdcsam64.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
11/01/2017  11:29 PM           757,248 WdiWiFi.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
04/27/2010  06:57 PM            26,440 WmBEnum.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
04/27/2010  06:57 PM            16,200 WmVirHid.sys
04/27/2010  04:03 PM            77,512 WmXlCore.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
07/11/2017  12:40 AM           277,504 xboxgip.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
03/18/2017  03:56 PM            98,816 xusb22.sys
12/20/2017  06:26 PM           203,680 zam64.sys
12/20/2017  06:26 PM           203,680 zamguard64.sys
             423 File(s)     90,268,332 bytes
               5 Dir(s)   9,567,793,152 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 10:44:27 ====


#9 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 11:36 AM

Still getting hangs on my pc, every few minutes or so everything freezes for a couple of seconds. Makes playing games hard. 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 21 December 2017 - 12:03 PM

For the next step, you'll need to download FRST64.exe and the fixlist.txt on a clean computer and move them on your USB Flash Drive. Then, the USB can only be connected to the infected computer if it is either shut down, or in the Windows RE. If not, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 02:06 PM

Fixlist.txt log: (I'm not sure if it saved properly, I used a dvd+r instead of flash drive) 

DeleteKey: HKLM\System\ControlSet001\Services\tngbxla
DeleteKey: HKLM\System\ControlSet001\Services\udiskMgr
 
R3 udiskMgr; system32\drivers\zdgjmq.sys [X]
 
C:\ProgramData\ntuser.pol
C:\Users\ViP\AppData\Local\scaomwd
C:\Users\ViP\AppData\Local\igfxmtc
C:\Users\SirViP\AppData\Local\pscdvnw
C:\Users\ViP\AppData\Roaming\{9D15A~1
C:\WINDOWS\Windows
C:\Windows\System32\atkzoxrsvc.exe
C:\WINDOWS\system32\Drivers\sia*.sys


#12 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 02:13 PM

Was I supposed to do a scan first before the fix? The instructions said to just hit fix, so that's what I did. I did not scan first. 



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 21 December 2017 - 08:03 PM

Can you attach the fixlog.txt instead, since what you copy/paste is from an incomplete log? And no, you did well, I really asked for a Fix and not a Scan.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 vipuladusa

vipuladusa
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 21 December 2017 - 08:11 PM

This is the file I copied the log from, should be the same content. I used the same fixlist.txt that you attached previously, copied it to the disc, then replaced the file once I was done with the fix. 

Attached Files


Edited by vipuladusa, 21 December 2017 - 08:11 PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 21 December 2017 - 08:14 PM

This is the fixlist.txt. When you boot in the Windows RE and run the "Fix" with FRST, it'll delete the fixlist.txt and create a fixlog.txt file instead. The presence of the fixlist.txt means that you might have not run the fix.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users