Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with udiskmgr imagepath malware and unable to remove


  • This topic is locked This topic is locked
30 replies to this topic

#1 racedeno

racedeno

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 26 December 2017 - 03:51 PM

Hi, my machine as of lately had been seizing up on me after a few hours working on it. Mostly my disk and CPU usage would inexplicably go to 100% (or close to it), so I figured the system had to be compromised In some way. I found a very thorough guide on malware removal from Wintips and managed to find some junk on the system. The only problem I have left is regarding something called udiskmgr found with Malwarebytes. I remove it, but once I reboot, and scan again, it pops up. Even tried running everything in Safe Mode.

 

Something else I've noticed is that I can restart the Windows Defender protection. And for some reason, I can't boot/summon the recovery mode by Shift+Restart or any of the other methods I've searched. Only very sporadically can it be summoned after hard restarting the system by holding the power button of the laptop. I read somewhere that Chrome's sync options could be the culprit so I disabled all syncing, and went so far as to uninstall Chrome with Revo Uninstaller. Still can't remove the pesky udiskmgr.

 

I've ran FRST and these are the two logs/dumps below:

 

==================== Start of FRST.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Rafael Cedeno (administrator) on RCEDENO (26-12-2017 12:13:47)
Running from C:\Users\Rafael Cedeno\Downloads
Loaded Profiles: Rafael Cedeno (Available Profiles: Rafael Cedeno & Visitor)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\zanolktsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\ivi foundation\visa\WinNT\NIvisa\niLxiDiscovery.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxext.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxEM.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\2016\Brewery\V45\Printer Support\BBPrint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(16 Software (www.16software.com)) C:\Program Files (x86)\Breevy\Breevy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(f.lux Software LLC) C:\Users\Rafael Cedeno\AppData\Local\FluxSoftware\Flux\flux.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Corey) C:\Program Files (x86)\Seer\Seer.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
() C:\Program Files (x86)\Virtual Desktop Manager\VirtualDesktopManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\senxuch.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Rafael Cedeno\AppData\Local\igfxmtc\igfxmtc.exe
(ATERA Networks Ltd.) C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\lmbcsrg.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\lmbcsrg.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\lmbcsrg.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\lmbcsrg.exe
() C:\Users\Rafael Cedeno\AppData\Local\senxuch\lmbcsrg.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19636624 2016-06-21] (Entertainment Experience)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7824848 2016-07-20] (Dell Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [BbInstallUser_2016] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2016\Pushbutton PDF\Bluebeam Admin User.exe [50744 2016-02-20] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor_2016] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\2016\Brewery\V45\Printer Support\BBPrint.exe [261688 2016-02-20] (Bluebeam Software, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17652344 2017-06-26] (Logitech Inc.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-07-21] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.5\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [Breevy] => C:\Program Files (x86)\Breevy\Breevy.exe [1170584 2016-10-13] (16 Software (www.16software.com))
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8626064 2017-11-14] (Binary Fortress Software)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [Amazon Music] => C:\Users\Rafael Cedeno\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-08-11] (Amazon Services LLC)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [f.lux] => C:\Users\Rafael Cedeno\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [Launch AT&T Connect Participant web browser agent] => C:\Users\Rafael Cedeno\AppData\Local\ATT Connect\Participant\PaAgent.exe [162016 2016-02-24] (AT&T Inc.)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-19] (Piriform Ltd)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office16\lync.exe [27073200 2017-11-15] (Microsoft Corporation)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Run: [Seer] => C:\Program Files (x86)\Seer\Seer.exe [3219456 2016-10-17] (Corey)
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\DisplayFusion\DFSSaver.scr [5560320 2017-11-14] (Binary Fortress Software)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1902832 2017-11-27] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [380144 2017-11-27] (GP Software)
Startup: C:\Users\Rafael Cedeno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2017-09-18]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
Startup: C:\Users\Rafael Cedeno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Desktop Manager.lnk [2017-06-27]
ShortcutTarget: Virtual Desktop Manager.lnk -> C:\Program Files (x86)\Virtual Desktop Manager\VirtualDesktopManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{975b5759-b32d-43d8-bee0-eba60fcd923d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3f36db6-20f2-4cf2-9e18-6f4b50235ce7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cd0c0695-79e1-4c53-9704-5ee3fd201604}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e7685781-3450-4381-a4cc-5b2e988d90e6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e7685781-3450-4381-a4cc-5b2e988d90e6}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ea4a4f12-fc9c-44e6-9986-f1769d3600ce}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f7f6bda3-ee51-4ce1-8535-8bda2687fbb8}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f7f6bda3-ee51-4ce1-8535-8bda2687fbb8}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{fccd0adc-b059-4513-b2b7-197def30924a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{fccd0adc-b059-4513-b2b7-197def30924a}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001 -> {B42BBCB8-6412-455E-A8E9-FBA62BD5CCE5} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-10-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-20] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-20] (Webroot)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: uzmx8qbx.default
FF ProfilePath: C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default [2017-12-26]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2017-12-15]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default\Extensions\support@lastpass.com.xpi [2017-12-08]
FF Extension: (Video DownloadHelper) - C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-12-15]
FF Extension: (Adblock Plus) - C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-15]
FF Extension: (Tab Suspender (memory saver)) - C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Firefox\Profiles\uzmx8qbx.default\Extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-06-28] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-10-25] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-10-25] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2952742376-2490183954-2858449733-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Rafael Cedeno\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-16] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2952742376-2490183954-2858449733-1001: LWAPlugin15.8 -> C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Rafael Cedeno\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 AteraAgent; C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe [106656 2017-07-09] (ATERA Networks Ltd.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-16] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [122400 2017-10-13] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5291424 2017-11-14] (Binary Fortress Software)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2017-09-26] ()
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-07-21] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-07-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-26] (Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-07-16] (National Instruments Corporation)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [383352 2014-06-13] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2091496 2017-10-05] (Plex, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333320 2017-05-08] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [87040 2016-05-18] () [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-01] (Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-12] (Intel Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-12] (Intel Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-29] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-07-21] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [249104 2016-10-06] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-06-26] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-06-26] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-26] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-13] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-26] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 nidimk; C:\WINDOWS\system32\drivers\nidimkl.sys [15200 2014-03-12] (National Instruments Corporation)
S3 niorbk; C:\WINDOWS\system32\drivers\niorbkl.sys [15184 2014-03-12] (National Instruments Corporation)
S3 nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [15232 2014-06-05] (National Instruments Corporation)
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [773464 2014-06-05] (National Instruments Corporation)
S3 nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [15224 2014-06-05] (National Instruments Corporation)
R0 nipbcfk; C:\WINDOWS\System32\drivers\nipbcfk.sys [19288 2014-02-28] (National Instruments Corporation)
S3 NiViPciK; C:\WINDOWS\System32\drivers\NiViPciKl.sys [15200 2014-09-13] (National Instruments Corporation)
R2 NiViPxiK; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [15200 2014-09-13] (National Instruments Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_06be2a2ddf160ea8\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-10-19] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-12-22] ()
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (USBPcap)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [138576 2017-06-24] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-06-20] (Webroot)
S1 efihwhch; \??\C:\WINDOWS\system32\drivers\efihwhch.sys [X]
S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 pnmzpfff; \??\C:\WINDOWS\system32\drivers\pnmzpfff.sys [X]
R3 udiskMgr; system32\drivers\gknqtx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 12:14 - 2017-12-26 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\databases-incognito
2017-12-26 12:06 - 2017-12-26 12:06 - 000141112 ____N C:\WINDOWS\system32\Drivers\svbilosv.sys
2017-12-26 11:52 - 2017-12-26 11:52 - 000001290 _____ C:\Users\Rafael Cedeno\Downloads\boot_into_RE_2.zip
2017-12-26 11:52 - 2017-10-24 16:01 - 000003676 _____ C:\Users\Rafael Cedeno\Desktop\boot_into_RE_2.bat
2017-12-26 11:51 - 2017-12-05 09:07 - 000003262 _____ C:\Users\Rafael Cedeno\Desktop\boot_into_RE.bat
2017-12-26 11:50 - 2017-12-26 11:50 - 000001180 _____ C:\Users\Rafael Cedeno\Downloads\boot_into_RE.zip
2017-12-26 11:47 - 2017-12-26 11:47 - 009440768 _____ C:\Users\Rafael Cedeno\Downloads\PowerTool64.exe
2017-12-26 11:45 - 2017-12-26 11:45 - 000000028 _____ C:\WINDOWS\OutLog.txt
2017-12-26 10:53 - 2017-12-26 10:54 - 000074203 _____ C:\Users\Rafael Cedeno\Downloads\Addition.txt
2017-12-26 10:52 - 2017-12-26 12:14 - 000034969 _____ C:\Users\Rafael Cedeno\Downloads\FRST.txt
2017-12-26 10:52 - 2017-12-26 12:13 - 000000000 ____D C:\FRST
2017-12-26 10:37 - 2017-12-21 13:04 - 000007962 _____ C:\Users\Rafael Cedeno\Desktop\WinDefend.reg
2017-12-26 10:35 - 2017-12-26 10:36 - 000002702 _____ C:\Users\Rafael Cedeno\Downloads\FSS.txt
2017-12-26 10:32 - 2017-12-26 10:32 - 000001379 _____ C:\Users\Rafael Cedeno\Downloads\WinDefend.zip
2017-12-26 10:30 - 2017-12-26 10:30 - 000899584 _____ (Farbar) C:\Users\Rafael Cedeno\Downloads\FSS.exe
2017-12-26 10:22 - 2017-12-26 10:38 - 000000000 ____D C:\ESD
2017-12-26 10:18 - 2017-12-26 10:18 - 000000000 ___HD C:\$Windows.~WS
2017-12-26 10:18 - 2017-12-26 10:18 - 000000000 ____D C:\$WINDOWS.~BT
2017-12-26 10:16 - 2017-12-26 10:18 - 018617536 _____ (Microsoft Corporation) C:\Users\Rafael Cedeno\Downloads\MediaCreationTool.exe
2017-12-26 10:15 - 2017-12-26 10:16 - 006242320 _____ (Microsoft Corporation) C:\Users\Rafael Cedeno\Downloads\Windows10Upgrade9252.exe
2017-12-26 09:13 - 2017-12-26 09:13 - 002391552 _____ (Farbar) C:\Users\Rafael Cedeno\Downloads\FRST64.exe
2017-12-26 08:44 - 2017-12-26 10:56 - 000001811 _____ C:\Users\Rafael Cedeno\Downloads\Fixlog.txt
2017-12-22 15:30 - 2017-12-22 15:30 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Rafael Cedeno\Downloads\esetonlinescanner_enu.exe
2017-12-22 15:30 - 2017-12-22 15:30 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\ESET
2017-12-22 15:17 - 2017-12-22 15:17 - 001790024 _____ (Malwarebytes) C:\Users\Rafael Cedeno\Downloads\JRT.exe
2017-12-22 15:07 - 2017-12-22 15:10 - 000000000 ____D C:\AdwCleaner
2017-12-22 15:05 - 2017-12-22 15:05 - 008198432 _____ (Malwarebytes) C:\Users\Rafael Cedeno\Downloads\adwcleaner_7.0.6.0.exe
2017-12-22 15:00 - 2017-12-22 15:00 - 000448512 _____ (OldTimer Tools) C:\Users\Rafael Cedeno\Downloads\TFC.exe
2017-12-22 14:58 - 2017-12-22 15:00 - 000026446 _____ C:\TDSSKiller.3.1.0.15_22.12.2017_14.58.11_log.txt
2017-12-22 14:23 - 2017-12-22 14:23 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Rafael Cedeno\Downloads\tdsskiller.exe
2017-12-22 12:31 - 2017-12-22 14:10 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-22 12:31 - 2017-12-22 14:06 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-22 12:31 - 2017-12-22 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-22 12:30 - 2017-12-22 12:31 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-22 12:29 - 2017-12-22 12:30 - 036251728 _____ (Adlice Software ) C:\Users\Rafael Cedeno\Downloads\RogueKiller_setup.exe
2017-12-22 12:22 - 2017-12-22 12:23 - 000002116 _____ C:\Users\Rafael Cedeno\Desktop\Rkill.txt
2017-12-22 12:22 - 2017-12-22 12:22 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Rafael Cedeno\Downloads\rkill.exe
2017-12-22 12:16 - 2017-12-26 11:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-22 12:10 - 2017-12-22 12:10 - 000007597 _____ C:\Users\Rafael Cedeno\AppData\Local\Resmon.ResmonCfg
2017-12-21 14:36 - 2017-12-21 14:37 - 001738539 _____ C:\Users\Rafael Cedeno\Downloads\U-Update-300051_1.0.40_SDR_REV10_ONLY_1047.dat
2017-12-21 11:05 - 2017-12-21 11:06 - 004939080 _____ C:\Users\Rafael Cedeno\Desktop\EPC Head End Racks - ver8 10 13 2017.pdf
2017-12-21 10:38 - 2017-12-21 14:25 - 000115727 _____ C:\Users\Rafael Cedeno\Desktop\Starbucks Temp.xlsm
2017-12-20 13:57 - 2017-12-20 13:57 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-12-20 13:56 - 2017-12-20 13:57 - 000000000 ____D C:\1ec5a0faf73dc00247ebd3ef3e1f3b
2017-12-20 13:56 - 2017-12-20 13:56 - 015065792 _____ (Microsoft Corporation) C:\Users\Rafael Cedeno\Downloads\mseinstall.exe
2017-12-20 12:36 - 2017-12-22 16:03 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\TeamViewer
2017-12-20 12:35 - 2017-12-20 12:35 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2017-12-20 12:33 - 2017-12-20 12:33 - 019315456 _____ (TeamViewer GmbH) C:\Users\Rafael Cedeno\Downloads\TeamViewer_Setup(1).exe
2017-12-20 11:38 - 2017-12-20 11:38 - 004296779 _____ C:\Users\Rafael Cedeno\Downloads\Image-ExifTool-10.69.tar.gz
2017-12-20 10:56 - 2017-12-20 11:03 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Metadata++
2017-12-20 10:56 - 2017-12-20 10:56 - 000000000 ____D C:\Program Files (x86)\Metadata++
2017-12-20 08:48 - 2017-12-20 08:48 - 001997188 _____ C:\Users\Rafael Cedeno\Downloads\U-Update-ADXV-DAS-600063_1.0.51_CHC_3001_ODU_2601_POI_301F_POI_BT_100A_SHELF_3008_ORU_3014_RM_301F_AAI_1005_OEU_1000_1000.dat
2017-12-19 14:37 - 2017-12-21 10:17 - 000001403 _____ C:\Users\Rafael Cedeno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToMeeting.lnk
2017-12-19 14:31 - 2017-12-21 14:07 - 000000694 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2952742376-2490183954-2858449733-1001.job
2017-12-19 14:31 - 2017-12-21 14:07 - 000000598 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2952742376-2490183954-2858449733-1001.job
2017-12-19 14:31 - 2017-12-21 10:17 - 000003864 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2952742376-2490183954-2858449733-1001
2017-12-19 14:31 - 2017-12-21 10:17 - 000003768 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2952742376-2490183954-2858449733-1001
2017-12-19 14:31 - 2017-12-21 10:17 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting
2017-12-19 14:31 - 2017-12-19 14:31 - 000300984 _____ (LogMeIn, Inc.) C:\Users\Rafael Cedeno\Downloads\GoToMeeting Opener (1).exe
2017-12-19 14:31 - 2017-12-19 14:31 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\GoTo Opener
2017-12-19 10:50 - 2017-12-19 10:50 - 000367518 _____ C:\Users\Rafael Cedeno\Downloads\ADXV-HPR (20170102).pdf
2017-12-19 08:45 - 2017-12-19 08:45 - 000253192 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-12-19 08:41 - 2017-12-19 08:41 - 000010679 _____ C:\Users\Rafael Cedeno\Documents\KAV_2018.lic
2017-12-19 08:32 - 2017-12-20 09:29 - 000000000 ____D C:\Program Files\Common Files\AV
2017-12-19 08:31 - 2017-12-20 09:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-12-19 08:31 - 2017-12-19 08:31 - 000522736 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\SET92A1.tmp
2017-12-19 08:30 - 2017-12-19 08:32 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-12-18 08:37 - 2017-12-07 14:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-18 08:37 - 2017-12-07 14:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-18 08:35 - 2017-12-18 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-18 08:35 - 2017-12-18 08:35 - 000000000 ____D C:\Program Files\iPod
2017-12-18 08:34 - 2017-12-18 08:35 - 000000000 ____D C:\Program Files\iTunes
2017-12-18 08:10 - 2017-12-18 13:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-15 16:15 - 2017-12-15 16:22 - 000000000 ___HD C:\ProgramData\{736A1700-89AC-458B-8D8A-1BB864301BF9}
2017-12-15 16:02 - 2017-12-15 16:09 - 000000000 ___HD C:\ProgramData\{636AA1AB-75BA-4AD8-99BE-DB478D5A594B}
2017-12-15 09:25 - 2017-12-15 09:28 - 310741968 _____ () C:\Users\Rafael Cedeno\Downloads\iBwaveVIEWER_x64_9.0.2.162.exe
2017-12-15 09:14 - 2017-12-15 09:20 - 428743616 _____ () C:\Users\Rafael Cedeno\Downloads\iBwaveDesign_x64_9.0.2.162.exe
2017-12-15 09:13 - 2017-12-15 09:13 - 003801489 _____ C:\Users\Rafael Cedeno\Downloads\All.vex
2017-12-14 10:25 - 2017-12-14 10:30 - 000000000 ____D C:\Users\Rafael Cedeno\Downloads\Kaspersky Anti-Virus + Internet Security + Total Security 2018 18.0.0.405 + Activator [CracksNow]
2017-12-13 22:06 - 2017-12-26 10:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-13 22:06 - 2017-12-26 10:46 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-13 22:05 - 2017-12-13 22:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-13 13:55 - 2017-12-13 13:56 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\SolidDocuments
2017-12-13 13:55 - 2017-12-13 13:55 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\SolidDocuments
2017-12-13 11:52 - 2017-12-13 11:52 - 000000000 ____D C:\Program Files (x86)\Seer
2017-12-13 11:33 - 2017-12-13 11:33 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\cache
2017-12-13 11:32 - 2017-12-13 11:32 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Corey
2017-12-13 11:30 - 2017-12-13 11:30 - 000001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-12-13 11:30 - 2017-12-13 11:30 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\SumatraPDF
2017-12-13 11:30 - 2017-12-13 11:30 - 000000000 ____D C:\Program Files\SumatraPDF
2017-12-13 11:26 - 2017-12-13 11:26 - 005208720 _____ (Krzysztof Kowalczyk) C:\Users\Rafael Cedeno\Downloads\SumatraPDF-3.1.2-64-install.exe
2017-12-13 11:25 - 2017-12-13 11:25 - 003882783 _____ C:\Users\Rafael Cedeno\Downloads\SumatraPDF-3.1.2-64.zip
2017-12-13 11:16 - 2017-12-13 11:19 - 065859413 _____ (Alexandr Subbotin) C:\Users\Rafael Cedeno\Downloads\cerebro-setup-0.3.1.exe
2017-12-13 11:13 - 2017-12-13 11:13 - 051356616 _____ (Corey) C:\Users\Rafael Cedeno\Downloads\Seer-1.8.0.exe
2017-12-13 11:09 - 2017-12-13 11:10 - 006053888 _____ (happlebao) C:\Users\Rafael Cedeno\Downloads\Wox-1.3.424.exe
2017-12-13 10:54 - 2017-12-13 10:54 - 000094144 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-13 10:28 - 2017-12-13 10:28 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\KC Softwares
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\Logitech
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\ClassicShell
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\Wondershare
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\wdnazrt
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\NVIDIA Corporation
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\igfxmtc
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\ClassicShell
2017-12-13 09:51 - 2017-12-13 09:51 - 000000000 ____D C:\Users\Visitor\AppData\Local\CEF
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 __SHD C:\Users\Visitor\IntelGraphicsProfiles
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ___RD C:\Users\Visitor\3D Objects
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\Intel
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\Adobe
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Local\VirtualStore
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Local\Packages
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Local\NVIDIA
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Local\Google
2017-12-13 09:50 - 2017-12-13 09:50 - 000000000 ____D C:\Users\Visitor\AppData\Local\ConnectedDevicesPlatform
2017-12-13 09:47 - 2017-12-22 13:19 - 000000000 ____D C:\Users\Visitor
2017-12-13 09:47 - 2017-12-13 09:47 - 000000020 ___SH C:\Users\Visitor\ntuser.ini
2017-12-13 09:47 - 2017-11-28 16:10 - 000000000 ____D C:\Users\Visitor\AppData\Local\AVG
2017-12-13 09:47 - 2017-11-02 07:38 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\Intel Corporation
2017-12-13 09:47 - 2017-06-23 10:37 - 000000000 ____D C:\Users\Visitor\AppData\Roaming\Macromedia
2017-12-13 09:47 - 2017-06-19 07:18 - 000000000 ____D C:\Users\Visitor\AppData\Local\Microsoft Help
2017-12-08 15:04 - 2017-12-08 15:05 - 000000000 ____D C:\Program Files (x86)\Helge's Switchblade
2017-12-08 13:09 - 2017-12-08 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-12-08 13:08 - 2017-03-17 11:43 - 001250304 _____ (CineForm Inc.) C:\WINDOWS\system32\CFDecode64.ax
2017-12-07 15:45 - 2017-12-08 14:17 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\PopKey
2017-12-07 15:43 - 2017-12-08 14:16 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\popkey
2017-12-06 20:50 - 2017-12-06 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-12-06 20:50 - 2017-12-06 20:50 - 000000000 ____D C:\Program Files\qBittorrent
2017-12-06 20:42 - 2017-12-06 20:42 - 022149708 _____ (The qBittorrent project) C:\Users\Rafael Cedeno\Downloads\qbittorrent_4.0.2_x64_setup.exe
2017-12-06 10:25 - 2017-12-07 08:46 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Deployment
2017-12-06 07:08 - 2017-12-06 07:08 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-12-05 16:12 - 2017-12-05 16:12 - 004551972 _____ C:\Users\Rafael Cedeno\Downloads\drive-download-20171206T001229Z-001.zip
2017-12-05 08:33 - 2017-12-05 08:33 - 009605391 _____ C:\Users\Rafael Cedeno\Downloads\AD-PA-1900-2600-DIN.stp
2017-12-04 08:15 - 2017-12-18 13:01 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-30 12:05 - 2017-11-30 12:05 - 007876608 _____ C:\Users\Rafael Cedeno\Downloads\LWAPlugin64BitInstaller32 (1).msi
2017-11-30 12:03 - 2017-11-30 12:03 - 007876608 _____ C:\Users\Rafael Cedeno\Downloads\LWAPlugin64BitInstaller32.msi
2017-11-30 11:31 - 2017-11-30 11:31 - 000037140 _____ C:\Users\Rafael Cedeno\Downloads\LawDepot - Confidentiality Agreement.html
2017-11-30 10:32 - 2017-11-30 10:32 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\igfxmtc
2017-11-30 09:48 - 2017-11-30 09:48 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\OfficeBSCache-MyComputer
2017-11-30 08:45 - 2017-11-30 08:45 - 000898619 _____ C:\Users\Rafael Cedeno\Desktop\ADXV-HPR-PMK-ASS'Y(20171130).pdf
2017-11-30 08:31 - 2017-11-30 08:35 - 000008322 _____ C:\Users\Rafael Cedeno\Documents\cc_20171130_083142.reg
2017-11-29 14:49 - 2017-11-29 14:50 - 063307776 _____ C:\Users\Rafael Cedeno\Downloads\calibre-3.12.0.msi
2017-11-29 14:15 - 2017-11-29 14:15 - 000000769 _____ C:\Users\Rafael Cedeno\AppData\Local\recently-used.xbel
2017-11-28 16:22 - 2017-11-28 16:22 - 000000000 ____D C:\Intel
2017-11-28 16:07 - 2017-11-28 16:10 - 000000000 ____D C:\Users\Default\AppData\Local\AVG
2017-11-28 16:07 - 2017-11-28 16:10 - 000000000 ____D C:\Users\Default User\AppData\Local\AVG
2017-11-27 19:29 - 2017-11-27 19:29 - 000003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2017-11-27 16:13 - 2017-11-27 16:13 - 001129816 _____ (Google Inc.) C:\Users\Rafael Cedeno\Downloads\ChromeSetup.exe
2017-11-27 14:51 - 2017-11-27 14:51 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bubsctrd.sys
2017-11-27 14:30 - 2017-11-27 14:30 - 000053630 _____ C:\Users\Rafael Cedeno\Documents\cc_20171127_143004.reg
2017-11-27 10:56 - 2017-11-27 10:56 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\ioloGovernor
2017-11-27 10:55 - 2017-11-27 10:55 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\iolo
2017-11-27 10:55 - 2017-11-27 10:55 - 000000000 ____D C:\Program Files\Common Files\iolo
2017-11-27 10:54 - 2017-11-27 10:54 - 000074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2017-11-27 10:54 - 2017-11-27 10:54 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\iolo
2017-11-27 10:15 - 2017-11-29 21:23 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\audnblc
2017-11-27 10:15 - 2017-11-29 15:07 - 000000000 ____D C:\ProgramData\Avg
2017-11-27 10:15 - 2017-11-29 15:05 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\AvgSetupLog
2017-11-27 10:15 - 2017-11-27 10:24 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Avg
2017-11-27 10:12 - 2017-12-26 12:12 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\senxuch
2017-11-27 10:11 - 2017-12-26 12:06 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\zanolktsvc.exe
2017-11-27 10:11 - 2017-11-27 14:51 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\vrwekg
2017-11-27 10:11 - 2017-11-27 10:11 - 000000000 ____D C:\WINDOWS\SysWOW64\reaiosh
2017-11-27 10:11 - 2017-11-27 10:11 - 000000000 ____D C:\WINDOWS\system32\reaiosh
2017-11-27 10:11 - 2017-11-27 10:11 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\et
2017-11-27 09:40 - 2017-11-27 09:41 - 022084594 _____ (The qBittorrent project) C:\Users\Rafael Cedeno\Downloads\qbittorrent_4.0.1_x64_setup.exe
2017-11-27 09:06 - 2017-11-27 09:06 - 000165284 _____ C:\Users\Rafael Cedeno\Documents\cc_20171127_090600.reg
2017-11-27 08:17 - 2017-11-27 08:17 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 12:14 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-26 12:10 - 2017-06-16 11:51 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-26 12:09 - 2017-11-20 13:48 - 000002768 _____ C:\WINDOWS\System32\Tasks\WizMouse
2017-12-26 12:07 - 2017-11-20 13:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-26 12:07 - 2017-06-26 14:50 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\LocalLow\Mozilla
2017-12-26 12:07 - 2017-06-16 10:52 - 000000000 __SHD C:\Users\Rafael Cedeno\IntelGraphicsProfiles
2017-12-26 12:06 - 2017-09-29 00:45 - 022806528 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-26 12:06 - 2017-09-29 00:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-26 12:05 - 2017-06-19 07:52 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\Breevy
2017-12-26 12:00 - 2017-06-16 13:06 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\ClassicShell
2017-12-26 11:44 - 2017-11-20 13:48 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D62BD5E-D32C-4258-9A86-F7D7F7BC7B10}
2017-12-26 11:26 - 2017-11-20 13:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-26 10:58 - 2017-06-16 12:07 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Google
2017-12-26 10:58 - 2017-06-16 12:07 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-26 10:56 - 2017-06-23 11:03 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\TeraCopy
2017-12-26 10:38 - 2017-11-20 13:59 - 000012351 _____ C:\WINDOWS\diagwrn.xml
2017-12-26 10:38 - 2017-11-20 13:59 - 000009528 _____ C:\WINDOWS\diagerr.xml
2017-12-26 10:38 - 2017-11-17 15:52 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-26 10:36 - 2017-06-16 13:20 - 000000000 ____D C:\Users\Rafael Cedeno\Documents\Outlook Files
2017-12-26 10:08 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-26 10:06 - 2017-06-23 11:03 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\CrashDumps
2017-12-26 09:56 - 2017-07-29 17:29 - 000000000 ____D C:\Users\Rafael Cedeno\Desktop\Game of Thrones Season 1 (1080p x265 10bit Joy)
2017-12-22 16:03 - 2017-10-13 11:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-22 15:54 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-22 15:09 - 2017-11-22 08:19 - 000000000 ____D C:\ProgramData\Splashtop
2017-12-22 14:48 - 2017-10-03 10:51 - 000000000 ____D C:\Program Files (x86)\Kutools for Excel
2017-12-22 14:47 - 2017-11-20 13:46 - 001254398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-22 13:19 - 2016-07-16 03:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-22 12:14 - 2017-11-20 13:34 - 000000000 ____D C:\Users\Rafael Cedeno
2017-12-22 10:55 - 2017-11-20 13:35 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Packages
2017-12-22 08:04 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-21 10:21 - 2017-07-05 09:21 - 000000000 ____D C:\Users\Rafael Cedeno\Documents\ADRF
2017-12-21 08:35 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-21 08:35 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-21 08:26 - 2017-11-20 13:28 - 001671872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-20 14:54 - 2017-06-16 13:00 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Microsoft Help
2017-12-20 12:41 - 2017-10-13 11:36 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\TeamViewer
2017-12-20 09:29 - 2017-09-29 05:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-19 14:35 - 2017-06-25 09:58 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\DisplayFusion
2017-12-19 08:55 - 2017-06-20 08:42 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\iBwave
2017-12-15 16:15 - 2017-06-20 07:49 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\IIIQF
2017-12-15 16:10 - 2017-11-20 13:48 - 000003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-15 16:09 - 2017-06-20 07:54 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\iBwave Solutions inc
2017-12-15 16:09 - 2017-06-20 07:49 - 000000000 ____D C:\ProgramData\iBwave Solutions inc
2017-12-15 16:08 - 2017-06-20 07:53 - 000000000 ____D C:\Program Files\iBwave
2017-12-15 16:00 - 2017-06-20 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iBwave Solutions
2017-12-15 15:59 - 2017-06-28 09:13 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-12-15 15:45 - 2017-07-11 08:35 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Stimulsoft
2017-12-15 15:24 - 2017-06-26 14:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-15 09:05 - 2017-06-26 14:50 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-15 09:05 - 2017-06-26 14:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-14 16:36 - 2017-06-20 11:06 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\qBittorrent
2017-12-13 22:04 - 2017-11-21 15:20 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-13 10:38 - 2017-06-23 10:39 - 000000000 ____D C:\Program Files\TeraCopy
2017-12-13 10:23 - 2017-06-21 07:47 - 000000000 ____D C:\WINDOWS\pss
2017-12-13 09:50 - 2017-03-13 00:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-08 14:58 - 2017-11-01 10:12 - 000084360 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-12-08 14:18 - 2017-06-19 07:49 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\SquirrelTemp
2017-12-08 13:21 - 2017-08-21 12:16 - 000000000 ____D C:\Users\Rafael Cedeno\Documents\Wondershare Filmora
2017-12-07 16:56 - 2017-06-27 07:59 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\vlc
2017-12-06 07:07 - 2016-07-16 03:47 - 000000167 _____ C:\WINDOWS\win.ini
2017-12-05 12:50 - 2017-10-20 14:59 - 000000000 ____D C:\Users\Rafael Cedeno\Desktop\TV Shows
2017-12-04 08:38 - 2017-06-20 08:53 - 000000000 ____D C:\SharedDB
2017-12-03 14:38 - 2017-09-29 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-03 14:38 - 2017-09-29 05:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-30 13:16 - 2017-06-19 07:47 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 12:05 - 2017-06-26 14:50 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\Mozilla
2017-11-29 15:48 - 2017-06-20 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSoftware
2017-11-29 15:03 - 2017-11-20 13:48 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-11-29 14:57 - 2017-09-18 11:25 - 000000000 ____D C:\Users\Rafael Cedeno\Documents\Calibre Library
2017-11-29 14:52 - 2017-09-18 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-11-29 14:52 - 2017-09-18 11:24 - 000000000 ____D C:\Program Files (x86)\Calibre2
2017-11-29 14:15 - 2017-09-08 13:16 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Roaming\HexChat
2017-11-29 12:19 - 2017-07-25 13:25 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\gtk-2.0
2017-11-28 15:25 - 2017-07-07 12:04 - 000002250 ____H C:\Users\Rafael Cedeno\Documents\Default.rdp
2017-11-28 08:16 - 2017-06-29 10:31 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\ElevatedDiagnostics
2017-11-27 19:28 - 2017-11-01 08:06 - 000000000 ___HD C:\ProgramData\{406295CC-E15E-4CD6-AC9A-62868C57CEB2}
2017-11-27 19:28 - 2017-11-01 07:50 - 000000000 ___HD C:\ProgramData\{1DB19092-3D10-4A69-80B3-37DA5A1DAA56}
2017-11-27 19:28 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-27 19:28 - 2017-07-25 13:25 - 000000000 ____D C:\Users\Rafael Cedeno\.thumbnails
2017-11-27 14:43 - 2017-06-16 10:52 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\NVIDIA
2017-11-27 12:16 - 2017-03-12 23:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-27 11:07 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-27 10:55 - 2017-06-21 07:30 - 000000000 ____D C:\Users\Rafael Cedeno\AppData\Local\Downloaded Installations
2017-11-27 10:55 - 2017-03-12 23:54 - 000000000 ____D C:\Program Files (x86)\Dropbox

==================== Files in the root of some directories =======

2002-09-01 00:00 - 2002-09-01 00:00 - 000000000 _____ () C:\ProgramData\sdpsenv.dat
2017-10-13 12:29 - 2017-10-13 15:07 - 000000052 _____ () C:\Users\Rafael Cedeno\license.dat
2017-07-05 09:12 - 2017-07-05 09:12 - 000945479 _____ () C:\Program Files (x86)\ZCGPlot.exe
2017-06-26 10:41 - 2017-06-26 10:41 - 000037913 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\Comma Separated Values (Windows).ADR
2017-06-20 07:50 - 2017-12-15 16:06 - 000000000 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\ishyperv.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000000 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\ismodelvirtual.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000000 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\ismodelvmware.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000031 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\isothervm.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000000 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\ISSURFACE.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000020 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\ISVM.log
2017-06-20 07:50 - 2017-12-15 16:06 - 000000020 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\isvmware.log
2017-07-25 14:56 - 2017-07-25 14:56 - 000000058 _____ () C:\Users\Rafael Cedeno\AppData\Roaming\redline2stapler.tmp
2017-06-22 14:46 - 2017-06-22 14:46 - 000000058 _____ () C:\Users\Rafael Cedeno\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-11-29 14:15 - 2017-11-29 14:15 - 000000769 _____ () C:\Users\Rafael Cedeno\AppData\Local\recently-used.xbel
2017-12-22 12:10 - 2017-12-22 12:10 - 000007597 _____ () C:\Users\Rafael Cedeno\AppData\Local\Resmon.ResmonCfg
2017-06-20 11:10 - 2017-06-20 11:10 - 000000000 _____ () C:\Users\Rafael Cedeno\AppData\Local\{2C417E58-03F0-45ED-814A-09D47ED77444}

Some files in TEMP:
====================
2017-12-26 12:01 - 2017-09-29 05:42 - 000040448 _____ (Microsoft Corporation) C:\Users\Rafael Cedeno\AppData\Local\Temp\9925.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\svbilosv.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-21 12:41

==================== End of FRST.txt ============================

 

 

==================== Start of Addition.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Rafael Cedeno (26-12-2017 12:15:25)
Running from C:\Users\Rafael Cedeno\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-20 22:02:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2952742376-2490183954-2858449733-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2952742376-2490183954-2858449733-503 - Limited - Disabled)
Guest (S-1-5-21-2952742376-2490183954-2858449733-501 - Limited - Disabled)
Rafael Cedeno (S-1-5-21-2952742376-2490183954-2858449733-1001 - Administrator - Enabled) => C:\Users\Rafael Cedeno
Visitor (S-1-5-21-2952742376-2490183954-2858449733-1002 - Limited - Enabled) => C:\Users\Visitor
WDAGUtilityAccount (S-1-5-21-2952742376-2490183954-2858449733-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Music (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Amazon Amazon Music) (Version: 5.6.2.1097 - Amazon Services LLC)
Anritsu Software Tool Box (HKLM-x32\...\Anritsu Software Tool Box) (Version: 1.13.0000 - Anritsu Company)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AT&T Connect Participant Application v11.7.303 (HKLM-x32\...\{4DDBB234-AB68-4D47-BABA-2ED472E0B7A1}) (Version: 11.7.303 - AT&T Inc.)
AteraAgent (HKLM\...\{c17f829f-8914-4ea3-b220-25f59f8d6231}_is1) (Version: 1.7.2.2 - ATERA Networks)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Autodesk Advanced Material Library 2018 (HKLM-x32\...\{579A14AB-CDBB-4F48-BD4B-264853E1C386}) (Version: 16.11.1.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk Navisworks Freedom 2018 - English Language Pack (HKLM\...\{ECDBDF2B-DC3E-0409-A5F5-F0B376CB6B4A}) (Version: 15.0.1314.36 - Autodesk) Hidden
Autodesk Navisworks Freedom 2018 - English Language Pack (HKLM\...\Autodesk Navisworks Freedom 2018 - English Language Pack) (Version: 15.0.1314.36 - Autodesk)
Autodesk Navisworks Freedom 2018 (HKLM\...\{ECDBDF2B-DC3E-0000-A5F5-F0B376CB6B4A}) (Version: 15.0.1314.36 - Autodesk) Hidden
Autodesk Navisworks Freedom 2018 (HKLM\...\Autodesk Navisworks Freedom 2018) (Version: 15.0.1314.36 - Autodesk)
Bluebeam Localization x64 (HKLM\...\{F17DC148-CCF0-4734-8C5E-3D57A14DDE15}) (Version: 16.0.4 - Bluebeam Software, Inc.) Hidden
Bluebeam Revu x64 2016 (HKLM\...\{B7D0D8F8-CCF4-4199-9593-351FC71C8483}) (Version: 16.0.4 - Bluebeam Software, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Breevy 3.37 (HKLM-x32\...\Breevy) (Version: 3.37 - 16 Software)
calibre (HKLM-x32\...\{63A1E236-1A28-4457-B9BC-A380A89E2D67}) (Version: 3.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version:  - Piriform Ltd.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor Pro 1.28 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssist Remediation (HKLM\...\{4164FBBB-3428-4EFE-863F-30CAC3ADE51A}) (Version: 3.1.2.3837 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{80642b68-d76d-4777-a9dc-4ca30647e8a8}) (Version: 3.1.2.3837 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
DisplayFusion 9.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.1.0.0 - Binary Fortress Software)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
EaseUS Partition Master 12.5 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
easyMap Tools (HKLM-x32\...\easyMap Tools) (Version: 2.12.0001 - Anritsu Company)
easyTest Tools (HKLM-x32\...\easyTest Tools) (Version: 1.12.0002 - Anritsu Company)
f.lux (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\Flux) (Version:  - f.lux Software LLC)
FastStone Capture 8.6 (HKLM-x32\...\FastStone Capture) (Version: 8.6 - FastStone Soft)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.19.0.8126 (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\GoToMeeting) (Version: 8.19.0.8126 - LogMeIn, Inc.)
GoToMeeting Outlook Calendar Plug-in (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\3B25D2B33286413F6A1C2461CC49D78F8BED903A) (Version: 3.13.186.0 - LogMeIn, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 12.7 - GPSoftware)
Grammarly (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\GrammarlyForWindows) (Version: 1.5.29 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{844AD41C-BA7D-40F4-8DA1-2D96F82D50E2}) (Version: 6.6.110 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\{ae4e885d-2c92-4c8b-bff1-0dd8c19d26de}) (Version: 6.6.110 - Grammarly)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
iBuildNet Pro (HKLM-x32\...\iBuildNet Pro_is1) (Version: 4.1.0.507 - Ranplan)
iBwave Design (x64) (HKLM-x32\...\iBwave Design (x64)) (Version: 9.0.2.162 - iBwave Solutions inc.)
iBwave VIEWER (x64) (HKLM-x32\...\iBwave VIEWER (x64)) (Version: 9.0.2.162 - iBwave Solutions inc.)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.317 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4735 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.3.1019 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8431b7d7-59d1-4f45-8212-a2eac049528f}) (Version: 19.60.0 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
Kutools for Excel 16.50 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 16.50 - Addin Technology Inc.)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Line Sweep Tools (HKLM-x32\...\Line Sweep Tools) (Version: 1.66.0002 - Anritsu Company)
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.104 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Master Software Tools (HKLM-x32\...\Master Software Tools) (Version: 2.35.0000 - Anritsu Company)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI Certificates Deployment Support (HKLM-x32\...\{92AE2189-B5BF-409E-A6BB-BB2D390CCD8E}) (Version: 1.04.49153 - National Instruments) Hidden
NI Error Reporting Interface 14.0 (HKLM-x32\...\{1F426FD9-602A-4B37-9CEF-921C025AFEE0}) (Version: 14.0.241 - National Instruments) Hidden
NI Error Reporting Interface 14.0 for Windows (64-bit) (HKLM\...\{8C78715A-10D1-400F-A64A-55D85CE559CD}) (Version: 14.0.241 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{D5740A55-9C7A-4B09-BE79-7660944A3B27}) (Version: 3.30.276 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{46670743-06C7-4DE3-B9F6-16231F2ECF42}) (Version: 3.30.276 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (HKLM\...\{3A6898F6-9B23-40DE-9B2D-617DBDEFDBF9}) (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (HKLM-x32\...\{1F7F5330-D1C5-49D8-85A3-75E29C2434FE}) (Version: 2.20.49152 - National Instruments) Hidden
NI MXS 14.0.1 (HKLM-x32\...\{6DEE3C92-35EE-4B88-89E2-1A6B91CFEDB4}) (Version: 14.01.49152 - National Instruments) Hidden
NI MXS 14.0.1 for 64 Bit Windows (HKLM\...\{248F27F0-1814-4E12-BE87-DF7C5685C4F2}) (Version: 14.01.49152 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.5 (HKLM-x32\...\{5CE16272-2DA3-409F-8ACE-2C3A29DF9B7F}) (Version: 13.5.70 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{D9375B6F-C932-4149-8F99-B39DF2ACFB94}) (Version: 3.30.276 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NI Xerces Delay Load 2.7.6 (HKLM-x32\...\{F3E66B88-C518-412C-BCA3-577951F3E991}) (Version: 2.7.218 - National Instruments) Hidden
NI Xerces Delay Load 2.7.6 64-bit (HKLM\...\{C0A68BD4-6A7C-492D-84E1-7160AC970A23}) (Version: 2.7.228 - National Instruments) Hidden
NI-DIM 3.1.0f0 (HKLM-x32\...\{CE9E4DDF-D243-49F0-90AE-23C8B18DA3FA}) (Version: 3.10.49152 - National Instruments) Hidden
NI-DIM 3.1.0f0 for 64 Bit Windows (HKLM\...\{3033900F-BACB-4BD5-9643-3F1CDDDD8E3F}) (Version: 3.10.49152 - National Instruments) Hidden
NI-ORB 3.1 (HKLM-x32\...\{14EB9662-AF49-44B6-96DD-B8B48AB00E78}) (Version: 3.10.49152 - National Instruments) Hidden
NI-ORB 3.1 for 64-bit Windows (HKLM\...\{0380E75C-3CA1-44A3-98C1-B685DBB38E6D}) (Version: 3.10.49152 - National Instruments) Hidden
NI-PAL 14.0 64-Bit Error Files (HKLM\...\{2633EF4D-980A-4590-AD07-99A2AB8B0D6A}) (Version: 14.00.49152 - National Instruments) Hidden
NI-PAL 14.0 Error Files (HKLM-x32\...\{C30503BE-54F6-46E3-92FE-7B270DB7413C}) (Version: 14.00.49152 - National Instruments) Hidden
NI-PAL 14.0.0f0 (HKLM-x32\...\{D4F8AD45-AB36-4189-B3BE-CB9CC3DB9A1F}) (Version: 14.00.49152 - National Instruments) Hidden
NI-PAL 14.0.0f0 for 64 Bit Windows (HKLM\...\{435256E3-0EF1-401A-BAFD-D24DFDDB4B58}) (Version: 14.00.49152 - National Instruments) Hidden
NI-QPXI 1.0.0 (HKLM-x32\...\{5FB462CE-35FA-42ED-AD9D-4FC9E6B3EA6D}) (Version: 1.00.49152 - National Instruments) Hidden
NI-QPXI 1.0.0 for 64-bit Windows (HKLM\...\{36DDA1AF-2012-40BE-8B0E-442E361F3C4F}) (Version: 1.00.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 (HKLM-x32\...\{F2FD6CC8-82E5-4DD3-933A-DC7E0F636E55}) (Version: 14.00.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 for 64 Bit Windows (HKLM\...\{642EF411-1FD1-4AD3-8F9A-BA31E75C37AB}) (Version: 14.00.49152 - National Instruments) Hidden
NI-RPC 14.0.0f0 for Phar Lap ETS (HKLM-x32\...\{9B0E3671-ED4B-4D77-BE57-C1E4EFCD5912}) (Version: 14.00.49152 - National Instruments) Hidden
NI-VISA Runtime 14.0.1 (HKLM-x32\...\{C7E75B1A-9155-464A-840E-A1051C52EF2D}) (Version: 14.01.49152 - National Instruments) Hidden
NI-VISA x64 support 14.0.1 (HKLM\...\{E1CFA4AD-3BA1-4491-B113-E96A399A1969}) (Version: 14.01.49152 - National Instruments) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NoVirusThanks MAC Address Changer v1.0 (HKLM\...\NoVirusThanks MAC Address Changer_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)
NVIDIA 3D Vision Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
PDF Password Remover v6.0 (HKLM-x32\...\PDF Password Remover v6.0_is1) (Version:  - VeryPDF.com Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Plex Media Server (HKLM-x32\...\{56A684B4-7DF7-46A2-A28D-20FBC13C3FEB}) (Version: 1.9.4325 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{90e1b3d6-298c-4b85-907e-d78697e00393}) (Version: 1.9.4.4325 - Plex, Inc.)
PopKey (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\popkey) (Version: 1.0.0 - PopKey Inc)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Python 3.5.2 (64-bit) (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (64-bit) (HKLM\...\{2364A926-B4AC-4EA5-9838-BE88C2930E38}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.018 - Dell Inc.)
Quik (HKLM\...\{D6D98E38-D75D-4E9C-916E-F68ED43A1F2F}) (Version: 0.1.290 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{ed4c22dc-8424-496a-8732-a71d56b4b1cd}) (Version: 2.5.0.290 - GoPro, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.11.923.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.29.0 - Adlice Software)
Screenshot Captor 4.21.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Seer 0.8.1 (HKLM-x32\...\Seer) (Version: 0.8.1 - Corey)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Stopping Plex (HKLM-x32\...\{44BBE2BA-A279-42A1-BD53-58C962E71F88}) (Version: 1.9.4325 - Plex, Inc.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
TeraCopy version 3.12 (HKLM\...\TeraCopy_is1) (Version: 3.12 - Code Sector)
True Color (HKLM\...\{E4F67830-1729-4A6D-9D1F-4B241849222B}) (Version: 7.4.0.0 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{45cfcd1c-89bf-4581-a7e8-27a61fbf7fa6}) (Version: 7.4.0.0 - Entertainment Experience)
True Color XML Tables (HKLM\...\{3B88C9D5-DDFF-49E2-9053-530E30EAF02E}) (Version: 7.6.0.0 - Entertainment Experience LLC) Hidden
TrueColorXMLTables (HKLM-x32\...\{913f250b-a240-4d50-af60-98a6de25a8d8}) (Version: 7.6.0.0 - Entertainment Experience)
Universal Document Converter Server Edition (HKLM-x32\...\Universal Document Converter_is1) (Version: 6.2 - fCoder Group, Inc.)
Update for Skype for Business 2016 (KB4011563) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{2D441C76-7795-478E-86D0-4508242BC6AE}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011563) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{2D441C76-7795-478E-86D0-4508242BC6AE}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011563) 64-Bit Edition (HKLM\...\{90160000-012B-0419-1000-0000000FF1CE}_Office16.PROPLUS_{2D441C76-7795-478E-86D0-4508242BC6AE}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011563) 64-Bit Edition (HKLM\...\{90160000-012B-0422-1000-0000000FF1CE}_Office16.PROPLUS_{2D441C76-7795-478E-86D0-4508242BC6AE}) (Version:  - Microsoft)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
VectorDraw FileConverter 4 Evaluation (HKLM-x32\...\{8ADAF46C-2333-42F0-BCC9-92C840C47AC6}) (Version: 4 - VectorDraw)
VISA Shared Components 64-Bit (HKLM\...\{9FB0BB7E-7418-41EA-86AE-82A98317D52F}) (Version: 1.6.0 - IVI Foundation) Hidden
VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: 1.6 - IVI Foundation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireless Remote Tools 1.04 (HKLM-x32\...\Wireless Remote Tools) (Version: 1.04 - Anritsu Company)
Wireshark 2.4.2 32-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
WizMouse v1.7.0.3 (HKLM-x32\...\WizMouse_is1) (Version:  - Antibody Software)
Wondershare Filmora(Build 8.5.1) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
YI Home (HKLM-x32\...\YI Home) (Version: 1.0.0.0_201710161600 - XiaoYi)
Zoom (HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{0ECEEAC3-1269-4CC1-B2A9-EE3F17334140}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Rafael Cedeno\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.110\51E6F86C14\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{2B94C52C-14B0-45A0-830B-F0E888234722}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{339FA1D5-707F-4CE4-8291-B2AF27C34A74}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{3BC08E5C-64DF-48FE-B2ED-F38A1FD78770}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll ()
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{5165DA41-A93D-4610-A33D-90C2E48A018C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll ()
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{8010ACC7-4484-4169-8F98-080D0BAF3CE5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{BA2F773B-1CD1-47B1-91CB-64995A032D05}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{BB696CAD-C942-4EDF-8EC3-77E88703CC2D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{bd25ce30-43e9-509b-aa7e-8745810cca17}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{d47b60c9-26d3-5d0f-83f7-d85e9431f780}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{e214cc50-6840-5b77-8f72-e8c48e8f7b92}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{E2730F26-5F98-4631-A58F-96A9769E1C7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-2952742376-2490183954-2858449733-1001_Classes\CLSID\{E28226A2-AF5C-49DE-B696-BBE9AB0F0FD7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [ iBwaveDrive] -> {A5863E93-7583-4FC5-A2A3-1A318AB6AED6} => C:\Program Files\iBwave\iBwave Drive\iBwave.Drive.Shell64.dll [2017-11-23] (iBwave Solutions inc)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-28] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2017-06-20] (Webroot)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [ iBwaveDrive] -> {A5863E93-7583-4FC5-A2A3-1A318AB6AED6} => C:\Program Files\iBwave\iBwave Drive\iBwave.Drive.Shell64.dll [2017-11-23] (iBwave Solutions inc)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] ()
ContextMenuHandlers5: [ iBwaveDrive] -> {A5863E93-7583-4FC5-A2A3-1A318AB6AED6} => C:\Program Files\iBwave\iBwave Drive\iBwave.Drive.Shell64.dll [2017-11-23] (iBwave Solutions inc)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125170.inf_amd64_b4d72b8af850c069\igfxDTCM.dll [2017-11-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [ iBwaveDrive] -> {A5863E93-7583-4FC5-A2A3-1A318AB6AED6} => C:\Program Files\iBwave\iBwave Drive\iBwave.Drive.Shell64.dll [2017-11-23] (iBwave Solutions inc)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WRShellExt] -> [CC]{69D72956-317C-44bd-B369-8E44D4EF9802} =>  -> No File
ContextMenuHandlers1_S-1-5-21-2952742376-2490183954-2858449733-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2017-11-27] (GP Software)
ContextMenuHandlers4_S-1-5-21-2952742376-2490183954-2858449733-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2017-11-27] (GP Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B8A818-DF5D-47C3-A7B9-F1578DEF24BE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
Task: {06FDBB44-CC03-4B8F-801C-E35F6FD16E09} - System32\Tasks\G2MUploadTask-S-1-5-21-2952742376-2490183954-2858449733-1001 => C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting\8126\g2mupload.exe [2017-12-21] (LogMeIn, Inc.)
Task: {1EECCB4E-7034-4CC4-89F9-0FD88FAD1B1A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {2589FE4F-B3B7-4AE8-8C79-D3291DCF06DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {27099DDC-3225-49E1-8159-633DCD8718A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {309F52C5-720E-4963-BCAD-4014451D4938} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {3400A3EF-D1A5-4563-96B9-9DAD6DC94629} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-08] (Realtek Semiconductor)
Task: {377A931F-D01F-45C7-8162-5DA51665CB7E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {397317B3-B165-4156-8B1F-10373AC2ACBC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {3EE26CFA-B778-41F0-A900-E6D88D58F63E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {4ABDB9D5-9C04-42C2-8494-04F9F198810B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {588902B3-8BEE-4409-B290-97DE08376B40} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouseLaunch.exe [2013-09-22] ()
Task: {69E7F30F-0D28-4471-BDA9-693B0BB946A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {6AD5D724-B7C7-4130-A3D3-40BB7C5BFC77} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6DAE99D2-7A71-4BAE-81C0-62E8E439FC31} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05] (Oracle Corporation)
Task: {71832401-359B-4183-B57F-6CA838519556} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {78E14EB9-0605-4EE3-A07F-E63372416D50} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {89D20FAF-EA6B-4B3D-9244-77B3D1D46C4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {8E754062-BB26-46FD-8F27-21DA13F0DEEF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {98FAF470-9C89-4D2F-9767-406370786393} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {99847B45-60FE-4AC0-B761-603D4EC142E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {9B39B86B-ED39-42D2-9281-5A1E6AE73F4C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {9F550836-E7D5-481E-A14C-90EE3434952B} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
Task: {A0D33572-D145-4BE8-8940-AB34570B28F1} - System32\Tasks\G2MUpdateTask-S-1-5-21-2952742376-2490183954-2858449733-1001 => C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting\8126\g2mupdate.exe [2017-12-21] (LogMeIn, Inc.)
Task: {B0B46249-52DE-439E-A015-0B7B15E15C5C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-16] (Dropbox, Inc.)
Task: {B3D94010-C7BD-4E6C-97BF-5F4CB7FC4957} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-16] (Google Inc.)
Task: {B4F28BF0-DF8F-4961-AD9A-C4340332D207} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-16] (Google Inc.)
Task: {B54F6C6D-F4D4-4800-A957-2CA60966F229} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-19] (Piriform Ltd)
Task: {B9F8A5F8-D6E3-4364-AEF7-1A417EC05103} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {C2443A0A-E36A-4AE5-B4EF-A5183E143332} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-06-20] ()
Task: {D1BDC667-0A12-4E13-94F9-4021C6AC5C4F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {D9BD0E39-029F-4AEA-810D-563F4FD5B73D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {E40419A9-6B31-432B-8557-527013748C8D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {E491F695-166F-4172-97B0-884EA4C449F0} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {F25ACCAA-3EA0-4E74-9B6E-1E3E1CD93596} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F392B178-8FBE-4BFA-8DD2-F148953F7752} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-16] (Dropbox, Inc.)
Task: {FAFB835E-76F7-4111-879D-B4EE5E10E5A3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2952742376-2490183954-2858449733-1001.job => C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting\8126\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2952742376-2490183954-2858449733-1001.job => C:\Users\Rafael Cedeno\AppData\Local\GoToMeeting\8126\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\grv_icons.exe () <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\lyncicon.exe () <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-17 21:31 - 2016-05-17 21:31 - 000140288 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-14 14:00 - 2017-10-10 17:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-05-18 12:57 - 2016-05-18 12:57 - 000087040 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2017-07-11 07:03 - 2017-07-11 07:03 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-06-23 10:39 - 2016-12-07 14:40 - 003681104 _____ () C:\Program Files\TeraCopy\TERACO~2.DLL
2017-06-18 13:44 - 2017-06-18 13:44 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-09-29 05:42 - 2017-09-29 06:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 05:42 - 2017-09-29 06:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 08:10 - 2017-12-11 08:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-11 08:10 - 2017-12-11 08:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-11 08:10 - 2017-12-11 08:10 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-11 08:10 - 2017-12-11 08:10 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-11 08:10 - 2017-12-11 08:10 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-06-27 10:31 - 2016-10-25 15:45 - 000118784 _____ () C:\Program Files (x86)\Virtual Desktop Manager\VirtualDesktopManager.exe
2017-06-23 15:31 - 2013-09-22 09:27 - 000119000 _____ () C:\Program Files (x86)\WizMouse\wizmouse.exe
2017-07-28 08:00 - 2017-03-09 22:24 - 000171008 _____ () C:\Program Files\ATERA Networks\AteraAgent\PubNub-Messaging.dll
2017-09-26 18:50 - 2017-09-26 18:50 - 000038328 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2017-08-02 14:10 - 2017-06-15 06:16 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-08-02 14:10 - 2017-06-15 06:15 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-10-05 12:36 - 2017-10-05 12:36 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-10-05 12:36 - 2017-10-05 12:36 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-08-14 14:00 - 2017-10-10 17:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000156552 _____ () C:\Program Files (x86)\Breevy\libexpat.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000926376 _____ () C:\Program Files (x86)\Breevy\libcairo-2.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000487872 _____ () C:\Program Files (x86)\Breevy\libgio-2.0-0.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000108032 _____ () C:\Program Files (x86)\Breevy\libpangocairo-1.0-0.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000284064 _____ () C:\Program Files (x86)\Breevy\libfontconfig-1.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000540264 _____ () C:\Program Files (x86)\Breevy\freetype6.dll
2012-05-18 13:33 - 2012-05-18 13:33 - 000148096 _____ () C:\Program Files (x86)\Breevy\libexpat-1.dll
2012-05-18 13:34 - 2012-05-18 13:34 - 000060808 _____ () C:\Program Files (x86)\Breevy\zlib1.dll
2012-05-18 13:34 - 2012-05-18 13:34 - 000224312 _____ () C:\Program Files (x86)\Breevy\libpng14-14.dll
2012-05-18 13:34 - 2012-05-18 13:34 - 000095496 _____ () C:\Program Files (x86)\Breevy\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2010-05-06 15:10 - 2010-05-06 15:10 - 002240512 _____ () C:\Program Files (x86)\Seer\LIBZPLAY.DLL
2015-07-27 00:02 - 2015-07-27 00:02 - 001719808 _____ () C:\Program Files (x86)\Seer\poppler-qt5.dll
2015-09-17 04:03 - 2015-09-17 04:03 - 001435648 _____ () C:\Program Files (x86)\Seer\qscintilla2.dll
2014-11-06 02:59 - 2014-11-06 02:59 - 000359936 _____ () C:\Program Files (x86)\Seer\OpenAL32.dll
2015-07-26 23:51 - 2015-07-26 23:51 - 000228352 _____ () C:\Program Files (x86)\Seer\openjpeg.dll
2015-07-27 00:17 - 2015-07-27 00:17 - 000107520 _____ () C:\Program Files (x86)\Seer\zlib1.dll
2015-10-23 04:06 - 2015-10-23 04:06 - 000831134 _____ () C:\Program Files (x86)\Seer\icudt54.dll
2013-10-05 09:17 - 2013-10-05 09:17 - 000112142 _____ () C:\Program Files (x86)\Seer\libgcc_s_dw2-1.dll
2016-02-19 19:08 - 2016-02-19 19:08 - 000028672 _____ () C:\Program Files (x86)\Seer\imageformats\qpsd.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 13:46 - 2016-05-02 13:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-10-05 20:17 - 2016-10-05 20:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-08-14 14:00 - 2017-10-10 17:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bubsctrd.sys:changelist [1566]
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 03:47 - 2017-11-21 15:19 - 000000915 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 platform.wondershare.com
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rafael Cedeno\AppData\Local\DisplayFusion\Wallpaper_1.png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: WRSVC => 2
HKLM\...\StartupApproved\Run: => "BbInstallUser_2016"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\StartupApproved\Run: => "Launch AT&T Connect Participant web browser agent"
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2952742376-2490183954-2858449733-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BF81267F-FA31-4087-9F69-511E85C194ED}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{B3F3A621-B314-4A60-B038-35ADC457F539}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{96C3F5BB-1E25-411E-BB49-DF8924E9FF48}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{91632092-10CE-4D94-9023-10615A895BED}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{D0AABF9D-F7B5-481A-879C-87E2094D4E6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9BFC4376-E1A0-41F4-9695-B691D5D269BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DADC119C-3D7C-413B-8019-5F359FA167F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{93DD587A-4FA7-45AA-874E-C32D5FDD2685}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{70C18E14-B293-4C4C-960E-022C5B71932D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{349B61CC-FAA9-447F-8367-0EC697D16013}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{2118318A-EF52-463A-AF57-138B959D36C4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{17153546-A059-4B10-95FD-52F69D2DF7F5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{04A860DA-114C-4BB9-92FA-FF62A5B24544}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [UDP Query User{8194F891-21BB-483C-B69A-ED511962B7FF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{90F01D02-8657-4C32-9131-4F6F1F70E91E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{52549DAE-CB49-4584-B1E9-F9060F99A36D}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{59B6FFF3-44E9-40C2-A52B-44B7BFE83E34}] => (Allow) C:\Program Files\Wondershare\Filmora\Filmora.exe
FirewallRules: [{56205544-CF4A-49EA-8F9E-384D9BC63F60}] => (Allow) C:\Program Files\Wondershare\Filmora\Filmora.exe
FirewallRules: [UDP Query User{B62D8F3F-9FB0-4C0E-9822-07C47CA197B6}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe
FirewallRules: [TCP Query User{ABF73F8A-837A-4D49-BE7C-821CD02889A6}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe
FirewallRules: [{CB8CF255-DFEB-4AE9-9943-4FEEA69BAE16}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{2FB30B18-8E04-4574-9A87-BA7517DF36FA}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{D0ED9753-8BBD-4772-93C4-B28308C370A8}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{54AE9B8A-E97E-4650-A1A0-A3FDBA0AB078}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{3502E827-1534-48C3-B001-DB5BE578DFC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C525B42-E5A5-47AF-8A78-9B28307335B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2ED42CAB-29BD-427C-A5AD-B9E210FDDB6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3FBD9AFA-16DB-4D5F-BA6C-40F1A6BB05C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
FirewallRules: [UDP Query User{096B498B-FA86-4212-8B93-72CC2999763C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{6E578FB8-19B8-4119-A635-640AEA023DFE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{81C6C791-B6D6-41A3-8E02-196F7C495E74}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{CE3FD20E-ADBB-4D61-B3FA-BD0D99DCD77F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{07C2DF64-2F6C-4134-AACE-BEDEF3FDA1B7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{274CC94B-293E-4C2D-90BD-4E91EC41A321}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4BA9E80F-24B2-4DE9-AF51-16251B0C33B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E723B1E6-618B-4450-8EB8-9CD4C75DF4AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55089AE5-606A-494E-9F3B-67469967B3D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F781652-A85C-4070-867F-3B657F147891}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{FBEDF626-0DB9-43B7-9006-6C527A7713BD}C:\users\rafael cedeno\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\rafael cedeno\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{D4F0C897-7C09-4018-9342-B5371B1237A7}C:\users\rafael cedeno\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\rafael cedeno\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{B58077E5-9B55-4241-AD4B-FE02CBC819DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{582871EE-EB96-4B12-8EAA-9A88C3E1492E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2AD35ACB-AF8B-437A-9AFB-947530BAD1CB}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{71BB6B60-426B-48CB-A9D7-24418CE504E7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{F162BC85-A33B-46CE-A69D-4EC302CA9C06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{82A7DC1C-EF6A-45F6-A8A5-3D7316548641}C:\users\rafael cedeno\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rafael cedeno\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{3D468179-A1E5-42F3-B472-C41215489FB4}C:\users\rafael cedeno\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rafael cedeno\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{01CB71D5-5EF2-426D-9E6E-ADD87AF135A0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{0BAD79E9-E29E-4BA8-B9A9-4EB8CE0378E1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4488F24A-E79F-440B-904E-EFDA8A093520}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0CBAAAB1-197E-4D09-99FC-0F8231CA801F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{10758930-1A00-40E8-907C-2B19D26A6836}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{47601BEF-6F3C-4D35-9816-79F8DCCDBF2B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B2360051-D5A5-4AD3-A64D-75F36688511C}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{D2E1E67B-7E14-41D9-8A94-5802ABD7F0A4}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [{D6A3C628-83EC-40E1-99C6-929CC9A7CE80}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Restore Points =========================

26-12-2017 12:01:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2017 12:05:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x1328
Faulting application start time: 0x01d37e84b643bb87
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: ecaa78d7-40e2-47db-afc2-266a5fbf2039
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2017 12:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x128c
Faulting application start time: 0x01d37e80e1ce4210
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: f1a4a2de-bf41-4214-9af5-a51138b002c3
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2017 11:27:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.

Error: (12/26/2017 10:58:42 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = D:\Revo Uninstaller Pro (Portable)\x64\RevoUnPro.exe Uninstaller Pro (Portable)\x64\RevoUnPro.exe" ; Description = Revo Uninstaller Pro's restore point - Google Chrome; Error = 0x8007043c).

Error: (12/26/2017 10:46:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.

Error: (12/26/2017 10:41:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.

Error: (12/26/2017 10:41:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_cc9304e22215ca8f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.64_none_14403bb93691f395.manifest.

Error: (12/26/2017 10:39:45 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: Event-ID 4

Error: (12/26/2017 10:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x10c8
Faulting application start time: 0x01d37e7349cc966b
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 2c747ccb-e5c2-41b8-8fbb-c73ab19f14d2
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2017 10:37:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RCEDENO)
Description: Package Microsoft.Windows.SecHealthUI_10.0.16299.15_neutral__cw5n1h2txyewy+SecHealthUI was terminated because it took too long to suspend.


System errors:
=============
Error: (12/26/2017 12:07:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 12:07:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2017 12:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/26/2017 12:05:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service did not shut down properly after receiving a preshutdown control.

Error: (12/26/2017 12:05:39 PM) (Source: DCOM) (EventID: 10010) (User: RCEDENO)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/26/2017 12:05:39 PM) (Source: DCOM) (EventID: 10010) (User: RCEDENO)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/26/2017 12:05:39 PM) (Source: DCOM) (EventID: 10010) (User: RCEDENO)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/26/2017 12:05:39 PM) (Source: DCOM) (EventID: 10010) (User: RCEDENO)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/26/2017 12:05:38 PM) (Source: DCOM) (EventID: 10010) (User: RCEDENO)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/26/2017 12:04:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-12-26 12:14:36.996
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:14:36.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:14:36.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:14:36.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:19.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:19.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:19.497
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:19.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:08.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-26 12:13:08.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 70%
Total physical RAM: 8058.46 MB
Available physical RAM: 2410.11 MB
Total Virtual: 15994.46 MB
Available Virtual: 9660.92 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.78 GB) (Free:756.66 GB) NTFS
Drive d: (GOATLEY) (Removable) (Total:7.45 GB) (Free:6.94 GB) FAT32
Drive z: (SHARED) (Network) (Total:1862.37 GB) (Free:1235.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 665E11AF)

Partition: GPT.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 054A7A94)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Hope this helps!


Edited by racedeno, 26 December 2017 - 04:00 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 27 December 2017 - 08:18 AM

Hi racedeno :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Open FRST and copy/paste the following inside the text area. Once done, click on the Fix button. A file called fixlog.txt will appear on your desktop. Attach it in your next reply.
Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
End::

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 racedeno

racedeno
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 28 December 2017 - 11:45 AM

Hi Yoan. I appreciate the help. Here's the fixlog.txt dump:

 

==== Start of Fixlog 08:37:25 ====

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Rafael Cedeno (28-12-2017 08:37:24) Run:2
Running from C:\Users\Rafael Cedeno\AppData\Local\Temp
Loaded Profiles: Rafael Cedeno (Available Profiles: Rafael Cedeno & Visitor)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              C:                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              D:                                         40500     FileInfo                  0     00000007  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000007  
WRkrn                                                           321611     WRkrn                     0     00000004  
WRkrn                 C:                                        321611     WRkrn                     0     00000004  
WRkrn                                                           321611     WRkrn                     0     00000004  
WRkrn                                                           321611     WRkrn                     0     00000004  
WRkrn                 D:                                        321611     WRkrn                     0     00000004  
WRkrn                 \Device\Mup                               321611     WRkrn                     0     00000004  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              D:                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                   C:                                         40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
azvtdnb               C:                                         45666     azvtdnb Instance          0     00000000  
azvtdnb               \Device\Mup                                45666     azvtdnb Instance          0     00000000  
luafv                 C:                                        135000     luafv                     0     00000007  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              C:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              D:                                         45888     udiskMgr Instance         0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000007  
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is OS
 Volume Serial Number is E4CA-2236
 
 Directory of C:\Windows\system32\drivers
 
12/28/2017  08:18    <DIR>          .
12/28/2017  08:18    <DIR>          ..
03/13/2017  00:13             3,188 1028_Dell_INS_7567.mrk
09/29/2017  05:41           237,056 1394ohci.sys
09/29/2017  05:41           107,416 3ware.sys
09/29/2017  05:41           733,592 acpi.sys
09/29/2017  05:41            20,480 AcpiDev.sys
09/29/2017  05:41           127,896 acpiex.sys
09/29/2017  05:41            12,800 acpipagr.sys
09/29/2017  05:41            14,336 acpipmi.sys
09/29/2017  05:41            13,312 acpitime.sys
09/29/2017  05:41         1,135,512 adp80xx.sys
09/29/2017  05:41           614,296 afd.sys
09/29/2017  05:41           108,032 agilevpn.sys
09/29/2017  05:41           240,640 ahcache.sys
09/29/2017  05:41           180,224 amdk8.sys
09/29/2017  05:41           178,176 amdppm.sys
09/29/2017  05:41            83,352 amdsata.sys
09/29/2017  05:41           258,592 amdsbs.sys
09/29/2017  05:41            27,032 amdxata.sys
09/29/2017  05:41           191,008 appid.sys
09/29/2017  05:41            18,432 applockerfltr.sys
09/29/2017  05:41           131,992 arcsas.sys
09/29/2017  05:41            28,160 asyncmac.sys
09/29/2017  05:41            28,568 atapi.sys
09/29/2017  05:41           194,456 ataport.sys
09/29/2017  05:42            60,312 bam.sys
09/29/2017  05:41            58,880 BasicDisplay.sys
11/20/2017  11:26            34,816 BasicRender.sys
09/29/2017  05:41            39,832 battc.sys
09/29/2017  05:41             9,728 bcmfn2.sys
09/29/2017  05:42            10,240 beep.sys
09/29/2017  05:41           101,888 bowser.sys
09/29/2017  05:41           116,736 bridge.sys
09/29/2017  05:41            23,040 BtaMPM.sys
09/29/2017  05:41           191,488 BthA2DP.sys
09/29/2017  05:41            45,056 BthAvrcpTg.sys
09/29/2017  05:41           105,472 bthenum.sys
09/29/2017  05:41            46,592 BthHfAud.sys
09/29/2017  05:41           107,008 bthhfenum.sys
09/29/2017  05:41            31,232 BthhfHid.sys
09/29/2017  05:41            83,968 bthl2cap.sys
11/20/2017  11:26            67,584 bthmodem.sys
09/29/2017  05:41           129,536 bthpan.sys
11/20/2017  11:26         1,015,296 bthport.sys
09/29/2017  05:41            85,504 BTHUSB.SYS
09/29/2017  05:41            37,784 bttflt.sys
11/27/2017  14:51            72,816 bubsctrd.sys
09/29/2017  05:41            39,424 buttonconverter.sys
09/29/2017  05:41           533,912 bxvbda.sys
09/29/2017  05:40            60,312 CAD.sys
09/29/2017  05:41           122,368 capimg.sys
09/29/2017  05:41            93,184 cdfs.sys
09/29/2017  05:41           159,744 cdrom.sys
09/29/2017  05:41            78,744 CEA.sys
09/29/2017  05:41           141,208 cht4dx64.sys
09/29/2017  05:41           357,272 cht4sx64.sys
09/29/2017  05:41         1,723,288 cht4vx64.sys
09/29/2017  05:40            49,152 circlass.sys
09/29/2017  05:41           403,352 Classpnp.sys
09/29/2017  05:41           384,000 cldflt.sys
11/20/2017  11:26           373,656 clfs.sys
09/29/2017  05:41         1,007,512 ClipSp.sys
09/29/2017  05:41            29,696 CmBatt.sys
09/29/2017  05:41            28,568 cmimcext.sys
11/20/2017  11:26           677,280 cng.sys
09/29/2017  05:41            39,320 cnghwassist.sys
09/29/2017  05:41            55,704 condrv.sys
09/29/2017  05:41            85,912 crashdmp.sys
09/29/2017  05:42            81,304 dam.sys
05/18/2011  08:08            47,616 dc3d.sys
07/27/2017  09:52            32,960 DDDriver64Dcsa.sys
07/27/2017  09:52            32,568 DellProf.sys
09/29/2017  05:41            45,056 devauthe.sys
09/29/2017  05:41           151,040 dfsc.sys
09/29/2017  05:41            94,104 disk.sys
09/29/2017  05:41            38,808 Diskdump.sys
09/29/2017  05:41            15,360 Dmpusbstor.sys
09/29/2017  05:41            46,592 dmvsc.sys
08/12/2016  17:39            71,232 dptf_acpi.sys
08/12/2016  17:39            66,624 dptf_cpu.sys
09/29/2017  05:40            96,768 drmk.sys
09/29/2017  05:40            16,224 drmkaud.sys
09/29/2017  05:41            35,736 Dumpata.sys
09/29/2017  05:43            91,152 dumpfve.sys
11/20/2017  11:26           187,288 dumpsd.sys
09/29/2017  05:41            32,256 dumpsdport.sys
09/29/2017  05:41            25,600 Dumpstorport.sys
11/20/2017  11:26         2,573,208 dxgkrnl.sys
09/29/2017  05:41           408,096 dxgmms1.sys
09/29/2017  05:41           749,976 dxgmms2.sys
09/29/2017  05:41            87,960 EhStorClass.sys
09/29/2017  05:40           118,680 EhStorTcgDrv.sys
12/26/2017  10:41    <DIR>          en-US
09/29/2017  05:41            13,824 errdev.sys
08/12/2016  17:40           350,272 esif_lf.sys
11/21/2017  15:19    <DIR>          etc
09/29/2017  05:41         3,419,032 evbda.sys
09/29/2017  05:41           354,304 exfat.sys
09/29/2017  05:41           371,608 fastfat.sys
09/29/2017  05:41            32,768 fdc.sys
09/29/2017  05:41            55,808 filecrypt.sys
09/29/2017  05:41            85,400 fileinfo.sys
09/29/2017  05:41            36,864 filetrace.sys
09/29/2017  05:41            26,624 flpydisk.sys
09/29/2017  05:41           398,744 fltMgr.sys
09/29/2017  05:41            62,872 fsdepends.sys
09/29/2017  05:41            34,200 fs_rec.sys
09/29/2017  05:43           727,448 fvevol.sys
09/29/2017  05:41           441,240 FWPKCLNT.SYS
09/29/2017  05:41            20,992 genericusbfn.sys
09/29/2017  05:41         3,440,660 gm.dls
09/29/2017  05:41               646 gmreadme.txt
09/29/2017  05:41             8,192 gpuenergydrv.sys
09/29/2017  05:40            86,016 hdaudbus.sys
09/29/2017  05:41            38,296 hidbatt.sys
09/29/2017  05:41           114,688 hidbth.sys
09/29/2017  05:41           187,392 hidclass.sys
08/16/2016  12:09            54,800 HidEventFilter.sys
09/29/2017  05:41            52,224 hidi2c.sys
09/29/2017  05:41            50,584 hidinterrupt.sys
09/29/2017  05:40            46,592 hidir.sys
09/29/2017  05:41            45,568 hidparse.sys
09/29/2017  05:41            40,960 hidusb.sys
09/29/2017  05:41            63,520 HpSAMD.sys
09/29/2017  05:41         1,103,768 http.sys
09/29/2017  05:41            73,112 hvservice.sys
09/29/2017  05:41           129,432 hvsocket.sys
09/29/2017  05:41            29,592 hwpolicy.sys
09/29/2017  05:41            16,896 hyperkbd.sys
09/29/2017  05:41            28,160 HyperVideo.sys
09/29/2017  05:41           105,984 i8042prt.sys
09/29/2017  05:40            36,864 iagpio.sys
09/29/2017  05:40            91,648 iai2c.sys
09/29/2017  05:40            79,360 iaLPSS2i_GPIO2.sys
09/29/2017  05:40            88,576 iaLPSS2i_GPIO2_BXT_P.sys
09/29/2017  05:40           171,520 iaLPSS2i_I2C.sys
09/29/2017  05:40           174,592 iaLPSS2i_I2C_BXT_P.sys
08/29/2016  20:53            89,912 iaLPSS2_GPIO2.sys
08/29/2016  20:53           151,352 iaLPSS2_SPI.sys
08/29/2016  20:53           282,424 iaLPSS2_UART2.sys
09/29/2017  05:41            38,128 iaLPSSi_GPIO.sys
09/29/2017  05:40           113,152 iaLPSSi_I2C.sys
07/21/2017  18:21           897,032 iaStorA.sys
07/21/2017  18:21            70,664 iaStorAfs.sys
09/29/2017  05:41           674,200 iaStorAV.sys
09/29/2017  05:41           412,056 iaStorV.sys
09/29/2017  05:41           526,232 ibbus.sys
10/06/2016  10:51           249,104 ibtusb.sys
09/29/2017  05:41            39,424 IndirectKmd.sys
09/29/2017  05:41            19,352 intelide.sys
10/05/2016  17:14            18,720 IntelMEFWVer.dll
09/29/2017  05:41           130,640 intelpep.sys
09/29/2017  05:41           198,656 intelppm.sys
09/29/2017  05:41            38,912 invdimm.sys
09/29/2017  05:41            56,728 iorate.sys
09/29/2017  05:41            85,504 ipfltdrv.sys
09/29/2017  05:41            92,056 IPMIDrv.sys
09/29/2017  05:41           214,016 ipnat.sys
09/29/2017  05:41            26,112 ipt.sys
09/29/2017  05:42           119,808 irda.sys
09/29/2017  05:42            19,968 irenum.sys
09/29/2017  05:41            22,936 isapnp.sys
09/29/2017  05:41            63,384 kbdclass.sys
09/29/2017  05:41            40,448 kbdhid.sys
09/29/2017  05:41            23,040 kdnic.sys
10/12/2016  12:29            57,424 klim6.sys
12/21/2016  15:58            48,352 klkbdflt2.sys
12/19/2017  08:45           253,192 klupd_klif_klark.sys
09/29/2017  05:41           394,752 ks.sys
11/20/2017  11:26           139,672 ksecdd.sys
09/29/2017  05:41           170,904 ksecpkg.sys
09/29/2017  05:41            27,136 ksthunk.sys
06/17/2015  18:25            87,696 LEqdUsb.sys
06/26/2017  16:33            36,496 LGBusEnum.sys
06/26/2017  16:33            67,736 LGJoyXlCore.sys
06/26/2017  16:33            64,280 LGSHidFilt.Sys
06/17/2015  18:25            23,184 LHidEqd.sys
06/17/2015  18:25            86,672 LHidFilt.Sys
09/29/2017  05:41            65,024 lltdio.sys
06/17/2015  18:25            69,264 LMouFilt.Sys
12/15/2017  15:59            18,960 LNonPnP.sys
09/29/2017  05:41           108,064 lsi_sas.sys
09/29/2017  05:41           123,800 lsi_sas2i.sys
09/29/2017  05:41           103,320 lsi_sas3i.sys
09/29/2017  05:41            82,840 lsi_sss.sys
11/20/2017  11:26           124,928 luafv.sys
09/29/2017  05:41           505,240 mausbhost.sys
09/29/2017  05:41            55,840 mausbip.sys
12/13/2017  22:04            77,432 mbae64.sys
09/29/2017  05:42            23,552 mcd.sys
09/29/2017  05:41            59,800 megasas.sys
09/29/2017  05:41            63,520 MegaSas2i.sys
09/29/2017  05:41           575,896 megasr.sys
09/29/2017  05:41            78,848 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
09/29/2017  05:41           842,648 mlx4_bus.sys
09/29/2017  05:41            43,520 mmcss.sys
09/29/2017  05:42            42,496 modem.sys
09/29/2017  05:41            38,912 monitor.sys
09/29/2017  05:41            57,240 mouclass.sys
09/29/2017  05:41            32,768 mouhid.sys
09/29/2017  05:41           103,320 mountmgr.sys
09/29/2017  05:41            75,776 mpsdrv.sys
09/29/2017  05:42           143,872 mrxdav.sys
09/29/2017  05:41           496,536 mrxsmb.sys
11/20/2017  11:26           232,344 mrxsmb20.sys
09/29/2017  05:41            31,232 msfs.sys
07/16/2016  03:42                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
06/16/2017  11:50                 0 Msft_Kernel_esif_lf_01011.Wdf
06/16/2017  11:50                 0 Msft_User_esif_umdf2_02_00_00.Wdf
06/20/2017  10:51                 0 Msft_User_WpdFs_01_11_00.Wdf
06/30/2017  14:18                 0 Msft_User_WpdMtpDr_01_11_00.Wdf
09/29/2017  05:41           169,880 msgpioclx.sys
09/29/2017  05:41            49,048 msgpiowin32.sys
09/29/2017  05:41             8,704 mshidkmdf.sys
09/29/2017  05:41            11,776 mshidumdf.sys
09/29/2017  05:41            27,136 mshwnclx.sys
09/29/2017  05:41            18,840 msisadrv.sys
09/29/2017  05:41           279,448 msiscsi.sys
09/29/2017  05:41            33,280 mskssrv.sys
09/29/2017  05:41            84,480 mslldp.sys
09/29/2017  05:41            10,752 mspclock.sys
09/29/2017  05:41            10,752 mspqm.sys
09/29/2017  05:41           376,864 msrpc.sys
09/29/2017  05:41            40,856 mssmbios.sys
09/29/2017  05:41            12,800 mstee.sys
09/29/2017  05:41            16,896 MTConfig.sys
09/29/2017  05:41           123,800 mup.sys
09/29/2017  05:41            63,896 mvumis.sys
12/26/2017  12:20            94,144 mwac.sys
09/29/2017  05:41           108,952 ndfltr.sys
09/29/2017  05:41         1,278,872 ndis.sys
09/29/2017  05:42            50,688 ndiscap.sys
09/29/2017  05:41           128,000 NdisImPlatform.sys
09/29/2017  05:41            27,136 ndistapi.sys
09/29/2017  05:41            65,024 ndisuio.sys
09/29/2017  05:41            21,504 NdisVirtualBus.sys
09/29/2017  05:41           192,000 ndiswan.sys
09/29/2017  05:41            62,464 ndproxy.sys
09/29/2017  05:41           124,416 Ndu.sys
09/29/2017  05:41           132,608 NetAdapterCx.sys
09/29/2017  05:41            57,752 netbios.sys
09/29/2017  05:41           316,928 netbt.sys
09/29/2017  05:41           535,960 netio.sys
09/29/2017  05:41           192,512 netvsc.sys
09/29/2017  05:40        13,332,880 Netwfw04.dat
09/29/2017  05:40         7,689,728 Netwtw04.sys
03/12/2014  23:26           291,680 nidimk.dll
03/12/2014  23:26            15,200 nidimkl.sys
03/12/2014  22:28            72,016 niorbk.dll
03/12/2014  22:28            15,184 niorbkl.sys
06/05/2014  13:15            42,352 nipalfwed.sys
06/05/2014  13:15            15,232 nipalfwedl.sys
06/05/2014  13:15           773,464 nipalk.sys
06/05/2014  13:15            72,040 nipalusbed.sys
06/05/2014  13:15            15,224 nipalusbedl.sys
02/28/2014  14:26            19,288 nipbcfk.sys
09/13/2014  00:09            78,688 NiViPciK.sys
09/13/2014  00:09            15,200 NiViPciKl.sys
09/13/2014  00:09            14,688 NiViPciKw.sys
09/13/2014  00:09            38,752 NiViPxiK.sys
09/13/2014  00:09            15,200 NiViPxiKl.sys
02/28/2013  17:49            36,600 npf.sys
09/29/2017  05:41            73,216 npfs.sys
09/29/2017  05:41            26,112 npsvctrig.sys
09/29/2017  05:41            44,544 nsiproxy.sys
11/20/2017  11:26         2,400,664 ntfs.sys
09/29/2017  05:41            19,864 ntosext.sys
09/29/2017  05:41             7,168 null.sys
09/29/2017  05:41            88,576 nvdimmn.sys
11/14/2017  14:48           225,208 nvhda64v.sys
09/29/2017  05:41           150,424 nvraid.sys
09/29/2017  05:41           166,296 nvstor.sys
10/10/2017  17:05            50,624 nvvad64v.sys
11/14/2017  14:48            57,976 nvvhci.sys
11/20/2017  11:26           529,408 nwifi.sys
09/29/2017  05:41           152,984 pacer.sys
09/29/2017  05:41            98,816 parport.sys
09/29/2017  05:41           165,784 partmgr.sys
09/29/2017  05:41           362,904 pci.sys
09/29/2017  05:41            16,280 pciide.sys
09/29/2017  05:41            53,144 pciidex.sys
09/29/2017  05:40           119,704 pcmcia.sys
09/29/2017  05:41            53,144 pcw.sys
09/29/2017  05:41           123,288 pdc.sys
09/29/2017  05:42           723,968 PEAuth.sys
09/29/2017  05:41            58,776 percsas2i.sys
09/29/2017  05:41            61,848 percsas3i.sys
09/29/2017  05:41           100,352 pmem.sys
09/29/2017  05:41            16,896 pnpmem.sys
09/29/2017  05:40           379,392 portcls.sys
09/29/2017  05:41           177,152 processr.sys
09/29/2017  05:41            49,152 qwavedrv.sys
09/29/2017  05:41            39,832 ramdisk.sys
09/29/2017  05:41            17,920 rasacd.sys
09/29/2017  05:41           106,496 rasl2tp.sys
09/29/2017  05:41            82,944 raspppoe.sys
09/29/2017  05:41            97,280 raspptp.sys
09/29/2017  05:41            78,336 rassstp.sys
11/20/2017  11:26           428,952 rdbss.sys
09/29/2017  06:43            27,136 rdpbus.sys
09/29/2017  06:43           182,784 rdpdr.sys
09/29/2017  06:43            30,616 rdpvideominiport.sys
09/29/2017  05:42           282,520 rdyboost.sys
09/29/2017  05:41         1,849,752 refs.sys
09/29/2017  05:41           936,856 refsv1.sys
09/29/2017  05:41           189,440 rfcomm.sys
09/29/2017  05:41            43,008 RfxVmt.sys
09/29/2017  05:41           103,936 rhproxy.sys
09/29/2017  05:41           149,504 rmcast.sys
09/29/2017  05:42            35,328 RNDISMP.sys
09/29/2017  05:42            13,312 rootmdm.sys
09/29/2017  05:41            80,896 rspndr.sys
10/19/2016  12:14           946,696 rt640x64.sys
05/08/2017  04:55        12,671,647 RTAIODAT.DAT
09/29/2017  05:41            59,904 rteth.sys
05/08/2017  08:10         5,762,568 RTKVHD64.sys
08/04/2016  20:09           418,784 RtsUer.sys
05/08/2017  04:55         5,804,772 rtvienna.dat
09/29/2017  05:41           109,976 sbp2port.sys
09/29/2017  05:42            43,008 scfilter.sys
09/29/2017  05:41           118,168 scmbus.sys
09/29/2017  05:42           175,512 scsiport.sys
11/20/2017  11:26           285,080 sdbus.sys
09/29/2017  05:41            33,176 SDFRd.sys
09/29/2017  05:41            97,688 sdport.sys
09/29/2017  05:41            96,664 sdstor.sys
09/29/2017  05:41            74,784 SerCx.sys
09/29/2017  05:41           154,520 SerCx2.sys
09/29/2017  05:41            25,088 serenum.sys
09/29/2017  05:41            84,992 serial.sys
09/29/2017  05:41            28,160 sermouse.sys
01/20/2017  13:22            44,768 SET4D3D.tmp
12/19/2017  08:31           522,736 SET92A1.tmp
09/29/2017  05:41            17,920 sfloppy.sys
09/29/2017  05:41            44,952 sisraid2.sys
09/29/2017  05:41            81,816 sisraid4.sys
09/29/2017  05:41            34,200 SleepStudyHelper.sys
09/29/2017  05:42            21,504 smclib.sys
09/29/2017  05:41           171,416 spacedump.sys
09/29/2017  05:41           571,288 spaceport.sys
09/29/2017  06:43            56,216 SpatialGraphFilter.sys
09/29/2017  05:41            81,816 SpbCx.sys
11/20/2017  11:27           422,912 srv.sys
11/20/2017  11:26           726,016 srv2.sys
09/29/2017  05:41           258,560 srvnet.sys
05/18/2017  21:17           131,984 ssudbus.sys
05/18/2017  21:17           166,288 ssudmdm.sys
09/29/2017  05:41            31,128 stexstor.sys
09/29/2017  05:41           149,400 storahci.sys
09/29/2017  05:41           103,320 stornvme.sys
11/20/2017  11:26           559,512 storport.sys
09/29/2017  05:41            79,872 storqosflt.sys
11/20/2017  11:26            45,464 storufs.sys
09/29/2017  05:41            39,320 storvsc.sys
09/29/2017  05:42            75,264 stream.sys
12/26/2017  12:06           141,112 svbilosv.sys
09/29/2017  05:41            18,328 swenum.sys
09/29/2017  05:41            64,512 Synth3dVsc.sys
06/20/2017  13:07            27,136 tap0901.sys
09/29/2017  05:42            31,232 tape.sys
09/29/2017  05:41            28,056 tbs.sys
09/29/2017  05:41         2,773,400 tcpip.sys
09/29/2017  05:41            51,712 tcpipreg.sys
09/29/2017  05:41            40,344 tdi.sys
09/29/2017  05:41           121,240 tdx.sys
09/22/2016  22:40           204,896 TeeDriverW8x64.sys
09/29/2017  06:43            37,272 terminpt.sys
09/29/2017  05:41           128,408 tm.sys
09/29/2017  05:41           229,272 tpm.sys
12/22/2017  14:10            28,272 TrueSight.sys
09/29/2017  05:41            62,976 TsUsbFlt.sys
09/29/2017  05:41            35,328 TsUsbGD.sys
09/29/2017  05:41           106,496 tunnel.sys
09/29/2017  05:41            79,256 uaspstor.sys
11/20/2017  11:26           114,688 UcmCx.sys
09/29/2017  05:41           146,944 UcmTcpciCx.sys
11/20/2017  11:26            57,344 UcmUcsi.sys
09/29/2017  05:41           227,224 Ucx01000.sys
09/29/2017  05:41            45,056 Udecx.sys
09/29/2017  05:42           323,072 udfs.sys
09/29/2017  05:41            28,568 uefi.sys
09/29/2017  05:41           266,648 ufx01000.sys
09/29/2017  05:41            97,312 UfxChipidea.sys
09/29/2017  05:41           140,696 ufxsynopsys.sys
09/29/2017  05:41            56,320 umbus.sys
11/28/2017  16:27    <DIR>          UMDF
09/29/2017  05:41            14,336 umpass.sys
09/29/2017  05:41            28,568 urschipidea.sys
11/20/2017  11:26            60,824 urscx01000.sys
09/29/2017  05:41            27,544 urssynopsys.sys
09/29/2017  05:41            23,040 usb8023.sys
12/21/2016  12:20            54,784 usbaapl64.sys
09/29/2017  05:42            37,376 USBCAMD2.sys
09/29/2017  05:41           168,856 usbccgp.sys
09/29/2017  05:40           102,912 usbcir.sys
09/29/2017  05:41            32,152 usbd.sys
09/29/2017  05:41            95,640 usbehci.sys
09/29/2017  05:41           513,944 usbhub.sys
11/20/2017  11:26           555,416 USBHUB3.SYS
09/29/2017  05:41            30,720 usbohci.sys
08/20/2017  17:50            50,224 USBPcap.sys
09/29/2017  05:41           454,040 usbport.sys
09/29/2017  05:41            27,136 usbprint.sys
09/29/2017  05:41            71,680 usbser.sys
09/29/2017  05:41           130,968 USBSTOR.SYS
09/29/2017  05:41            35,328 usbuhci.sys
09/29/2017  05:41           280,576 usbvideo.sys
09/29/2017  05:41           437,656 USBXHCI.SYS
09/29/2017  05:41            54,680 vdrvroot.sys
09/29/2017  05:41           225,688 VerifierExt.sys
09/29/2017  05:41           713,624 vhdmp.sys
09/29/2017  05:41            34,816 vhf.sys
09/29/2017  05:41            44,544 videoprt.sys
09/29/2017  05:41            81,304 vmbkmcl.sys
09/29/2017  05:41            80,384 vmbkmclr.sys
09/29/2017  05:41           109,976 vmbus.sys
09/29/2017  05:41            25,088 VMBusHID.sys
09/29/2017  05:41            13,312 vmgencounter.sys
09/29/2017  05:41            10,240 vmgid.sys
09/29/2017  05:41             9,216 vms3cap.sys
09/29/2017  05:41            47,512 vmstorfl.sys
09/29/2017  05:41            43,008 vnvdimm.sys
09/29/2017  05:41            83,864 volmgr.sys
09/29/2017  05:41           373,144 volmgrx.sys
09/29/2017  05:42           401,304 volsnap.sys
09/29/2017  05:41            15,392 volume.sys
09/29/2017  05:41            75,160 vpci.sys
09/29/2017  05:41           166,808 vsmraid.sys
09/29/2017  05:41           305,560 VSTXRAID.SYS
09/29/2017  05:42            27,136 vwifibus.sys
09/29/2017  05:42            76,800 vwififlt.sys
09/29/2017  05:42            40,448 vwifimp.sys
09/29/2017  05:41            30,720 wacompen.sys
09/29/2017  05:41            80,896 wanarp.sys
09/29/2017  05:41            56,320 watchdog.sys
11/20/2017  11:26           147,864 wcifs.sys
09/29/2017  05:41            76,288 wcnfs.sys
12/18/2017  13:00    <DIR>          wd
09/29/2017  05:41            44,608 WdBoot.sys
09/29/2017  05:41           918,240 Wdf01000.sys
09/29/2017  05:41           309,144 WdFilter.sys
09/29/2017  05:41            61,664 WdfLdr.sys
09/29/2017  05:42           770,048 WdiWiFi.sys
09/29/2017  05:41           119,192 WdNisDrv.sys
09/29/2017  05:41            33,792 wdnsfltr.sys
09/29/2017  05:41            45,464 werkernel.sys
09/29/2017  05:41           163,736 wfplwfs.sys
09/29/2017  05:41            35,736 wimmount.sys
09/29/2017  05:41            71,248 WindowsTrustedRT.sys
09/29/2017  05:41            18,000 WindowsTrustedRTProxy.sys
09/29/2017  05:41            31,640 winhv.sys
09/29/2017  05:41            62,464 winhvr.sys
09/29/2017  05:41            32,152 winmad.sys
09/29/2017  05:41           225,280 winnat.sys
09/29/2017  05:41            92,672 winusb.sys
09/29/2017  05:41            64,920 winverbs.sys
09/29/2017  05:41            18,432 wmiacpi.sys
09/29/2017  05:41            20,376 wmilib.sys
09/29/2017  05:41           209,304 wof.sys
09/29/2017  05:41            30,104 WpdUpFltr.sys
09/29/2017  05:41            33,176 WppRecorder.sys
06/24/2017  16:44           138,576 WRkrn.sys
06/20/2017  13:44            66,328 wrUrlFlt.sys
09/29/2017  05:42            23,040 ws2ifsl.sys
09/29/2017  05:41            23,040 WSDPrint.sys
09/29/2017  05:41            25,088 WSDScan.sys
09/29/2017  05:41           115,200 WUDFPf.sys
09/29/2017  05:41           259,584 WUDFRd.sys
09/29/2017  05:41           281,600 xboxgip.sys
09/29/2017  05:41            46,592 xinputhid.sys
             465 File(s)    128,822,596 bytes
               6 Dir(s)  811,901,972,480 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 08:37:25 ====
 
==== End of Fixlog 08:37:25 ====


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 28 December 2017 - 11:51 AM

Alright. For the next steps, you'll need to download FRST64.exe and fixlist.txt from a clean computer and move them on your USB Flash Drive. From there, plug the USB in the infected computer ONLY when it is either shutdown, or in the Windows RE.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 racedeno

racedeno
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 28 December 2017 - 01:10 PM

Yoan, just so you know, I used another PC to download FRST64 and the fixlist.txt, move them onto a USB drive, and then booted the sick machine using the Enable Safe Mode with Command Prompt. I ran FRST64 from the USB, it gave me a message saying it needed to restart Windows in order to remove some items. After rebooting back to "Safe Mode with cmd", FRST immediately gave me a message saying the fixlog was saved. i'm just a bit concerned it says some items couldn't be moved:

 

==== Start of Fixlog 09:54:31 ====

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017

Ran by Rafael Cedeno (28-12-2017 09:52:22) Run:3
Running from f:\
Loaded Profiles: Rafael Cedeno (Available Profiles: Rafael Cedeno & Visitor)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\azvtdnb
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\udiskMgr
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
S1 efihwhch; \??\C:\WINDOWS\system32\drivers\efihwhch.sys [X]
S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 pnmzpfff; \??\C:\WINDOWS\system32\drivers\pnmzpfff.sys [X]
R3 udiskMgr; system32\drivers\gknqtx.sys [X]
 
C:\1ec5a0faf73dc00247ebd3ef3e1f3b
C:\Users\Rafael Cedeno\AppData\Local\{2C417E58-03F0-45ED-814A-09D47ED77444}
C:\Users\Rafael Cedeno\AppData\Local\senxuch
C:\Users\Rafael Cedeno\AppData\Local\igfxmtc
C:\Users\Rafael Cedeno\AppData\Local\vrwekg
C:\Users\Visitor\AppData\Local\igfxmtc
C:\Users\Rafael Cedeno\AppData\Roaming\et
C:\WINDOWS\system32\reaiosh
C:\Windows\System32\zanolktsvc.exe
C:\WINDOWS\system32\drivers\svb*.sys
C:\WINDOWS\SysWOW64\reaiosh
*****************
 
HKLM\SYSTEM\ControlSet001\Services\azvtdnb => key not found
"HKLM\SYSTEM\ControlSet001\Services\udiskMgr" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\System\CurrentControlSet\Services\efihwhch" => removed successfully
efihwhch => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
"HKLM\System\CurrentControlSet\Services\pnmzpfff" => removed successfully
pnmzpfff => service removed successfully
udiskMgr => service not found.
C:\1ec5a0faf73dc00247ebd3ef3e1f3b => moved successfully
C:\Users\Rafael Cedeno\AppData\Local\{2C417E58-03F0-45ED-814A-09D47ED77444} => moved successfully
 
"C:\Users\Rafael Cedeno\AppData\Local\senxuch" folder move:
 
Could not move "C:\Users\Rafael Cedeno\AppData\Local\senxuch" => Scheduled to move on reboot.
 
 
"C:\Users\Rafael Cedeno\AppData\Local\igfxmtc" folder move:
 
Could not move "C:\Users\Rafael Cedeno\AppData\Local\igfxmtc" => Scheduled to move on reboot.
 
C:\Users\Rafael Cedeno\AppData\Local\vrwekg => moved successfully
C:\Users\Visitor\AppData\Local\igfxmtc => moved successfully
C:\Users\Rafael Cedeno\AppData\Roaming\et => moved successfully
 
"C:\WINDOWS\system32\reaiosh" folder move:
 
Could not move "C:\WINDOWS\system32\reaiosh" => Scheduled to move on reboot.
 
C:\Windows\System32\zanolktsvc.exe => moved successfully
 
=========== "C:\WINDOWS\system32\drivers\svb*.sys" ==========
 
Could not move "C:\WINDOWS\system32\drivers\svbybfil.sys" => Scheduled to move on reboot.
 
========= End -> "C:\WINDOWS\system32\drivers\svb*.sys" ========
 
C:\WINDOWS\SysWOW64\reaiosh => moved successfully
 
Result of scheduled files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 28-12-2017 09:54:30)
 
C:\Users\Rafael Cedeno\AppData\Local\senxuch => Could not move
C:\Users\Rafael Cedeno\AppData\Local\igfxmtc => Could not move
C:\WINDOWS\system32\reaiosh => Could not move
C:\WINDOWS\system32\drivers\svbybfil.sys => Is moved successfully
 
==== End of Fixlog 09:54:31 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 28 December 2017 - 01:14 PM

This is because you didn't run the fix in the RE, but in Safe Mode.
Boot Mode: Safe Mode (minimal)
You'll need to download FRST and the fixlist again on the clean computer, move them on the USB and try again.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 racedeno

racedeno
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 28 December 2017 - 02:03 PM

Had to boot back into Safe Mode in order to send/paste the fixlog here. Not sure if that mattered or if the system might become compromised again by exiting the RE.
 
 
==== Start of Fixlog 10:28:45 ====
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by SYSTEM (28-12-2017 10:28:41) Run:4
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\azvtdnb
DeleteKey: HKLM\SYSTEM\ControlSet001\Services\udiskMgr
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
S1 efihwhch; \??\C:\WINDOWS\system32\drivers\efihwhch.sys [X]
S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S1 pnmzpfff; \??\C:\WINDOWS\system32\drivers\pnmzpfff.sys [X]
R3 udiskMgr; system32\drivers\gknqtx.sys [X]
 
C:\1ec5a0faf73dc00247ebd3ef3e1f3b
C:\Users\Rafael Cedeno\AppData\Local\{2C417E58-03F0-45ED-814A-09D47ED77444}
C:\Users\Rafael Cedeno\AppData\Local\senxuch
C:\Users\Rafael Cedeno\AppData\Local\igfxmtc
C:\Users\Rafael Cedeno\AppData\Local\vrwekg
C:\Users\Visitor\AppData\Local\igfxmtc
C:\Users\Rafael Cedeno\AppData\Roaming\et
C:\WINDOWS\system32\reaiosh
C:\Windows\System32\zanolktsvc.exe
C:\WINDOWS\system32\drivers\svb*.sys
C:\WINDOWS\SysWOW64\reaiosh
*****************
 
"HKLM\SYSTEM\ControlSet001\Services\azvtdnb" => removed successfully
"HKLM\SYSTEM\ControlSet001\Services\udiskMgr" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key not found
efihwhch => service not found.
MBAMSwissArmy => service not found.
pnmzpfff => service not found.
udiskMgr => service not found.
"C:\1ec5a0faf73dc00247ebd3ef3e1f3b" => not found
"C:\Users\Rafael Cedeno\AppData\Local\{2C417E58-03F0-45ED-814A-09D47ED77444}" => not found
C:\Users\Rafael Cedeno\AppData\Local\senxuch => moved successfully
C:\Users\Rafael Cedeno\AppData\Local\igfxmtc => moved successfully
"C:\Users\Rafael Cedeno\AppData\Local\vrwekg" => not found
"C:\Users\Visitor\AppData\Local\igfxmtc" => not found
"C:\Users\Rafael Cedeno\AppData\Roaming\et" => not found
C:\WINDOWS\system32\reaiosh => moved successfully
C:\Windows\System32\zanolktsvc.exe => moved successfully
 
=========== "C:\WINDOWS\system32\drivers\svb*.sys" ==========
 
C:\WINDOWS\system32\drivers\svbvybei.sys => moved successfully
 
========= End -> "C:\WINDOWS\system32\drivers\svb*.sys" ========
 
"C:\WINDOWS\SysWOW64\reaiosh" => not found
 
==== End of Fixlog 10:28:45 ====


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 28 December 2017 - 08:13 PM

Now the fix worked :) And the main infection is gone now, you should be able to boot into Windows normally. This time, Malwarebytes will work.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 02 January 2018 - 01:34 PM

Hi racedenom,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 racedeno

racedeno
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 02 January 2018 - 01:57 PM

Yes! Thank you so much for the help!



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 02 January 2018 - 04:51 PM

Can you follow the instructions in my previous post? I just want to make sure that your system is completely clean before letting you go :)

https://www.bleepingcomputer.com/forums/t/666479/infected-with-udiskmgr-imagepath-malware-and-unable-to-remove/#entry4410384

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 05 January 2018 - 08:10 AM

Hi racedeno,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 07 January 2018 - 10:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 racedeno

racedeno
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 12 January 2018 - 02:01 PM

Mod Edit:  Merged topics, reopened closed topic - Hamluis.

 

Aura,

 

I've attached the fixlog generated after trying to use the old fixlist from several days ago. The FRST.txt and Addition.txt are from today. 

Attached Files


Edited by hamluis, 12 January 2018 - 03:28 PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 13 January 2018 - 10:43 AM

Alright, follow the instructions below (they are a bit different from last time). Remember to download FRST from a clean computer, move it on your USB, and only insert that USB in the infected computer while it is either shutdown or in the Windows RE.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users