Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD random popup


  • This topic is locked This topic is locked
36 replies to this topic

#1 Ducting

Ducting

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 07:08 AM

Hello there, recently my colleuge office just download something randomly and something happen. CMD popup saying "2 files download" and i closed before its download. IE also randomly popup "Mail.Ru", is there any solution. i dont want to format back all the files work

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by user (administrator) on USER-PC (28-12-2017 20:05:01)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\ASGT.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fsorsp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
() C:\Program Files (x86)\Nemu\EmulatorShell\NemuBooter.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fshoster64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Pub\PubMonitor.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\XMLDRSpawner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822008 2017-12-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2017-12-18] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724912 2016-09-13] (Waves Audio Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-26] (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-03-21] (Autodesk, Inc.)
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-14] (Piriform Ltd)
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-03-21] (Autodesk, Inc.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-10-07]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-12-27]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\user\AppData\Local\Facebook\Games\FacebookGameroom.exe (No File)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A4B3B6AE-0E43-42E8-B906-067A149D7ABE}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCTE
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B9864673A-7FC7-4891-9D8B-B3E2EA5C7B70%7D&gp=811139
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> {C346EACF-76D8-4852-B842-6731B64BC783} URL = 
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B9864673A-7FC7-4891-9D8B-B3E2EA5C7B70%7D&gp=811139
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\browser\install\fs_ie_https\fs_ie_https64.dll [2017-12-02] (F-Secure Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-08] (Google Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\browser\install\fs_ie_https\fs_ie_https.dll [2017-12-02] (F-Secure Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-08] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-08] (Google Inc.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-08] (Google Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
 
FireFox:
========
FF DefaultProfile: 0kpyan3v.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0kpyan3v.default [2017-12-28]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-12-02]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://ifndkcehbcmmeogjlobfnobdkbihflpo/newtab/blank.html"
CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> {searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-12-28]
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-07]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-07]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-07]
CHR Extension: (Search for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifndkcehbcmmeogjlobfnobdkbihflpo [2017-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [184800 2017-06-21] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [184800 2017-06-21] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fshoster64.exe [343008 2017-11-20] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fsorsp64.exe [78304 2017-11-20] (F-Secure Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-08-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [5714568 2017-09-12] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [1314008 2017-12-22] (Mail.Ru)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310008 2017-12-18] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [198792 2017-09-12] (Invincea, Inc.)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4099256 2017-12-22] (Mail.Ru)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-23] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-23] (Samsung Electronics Co., Ltd.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fsulgk.sys [221888 2017-11-20] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\fshs.sys [100032 2017-11-20] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [73928 2017-11-10] ()
R3 fsni; C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\nif\1512041808\fsni64.sys [120520 2017-12-02] (F-Secure Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-12-16] (REALiX™)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [41480 2017-12-16] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2679808 2017-12-18] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [89736 2017-09-12] (Invincea, Inc.)
S3 InvProtectDrvNet; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrvNet64.sys [33928 2017-09-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2017-12-22] (Intel Corporation)
R1 NemuDrv; C:\Program Files (x86)\Nemu\Hypervisor\NemuDrv.sys [299240 2016-09-14] (NetEase Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2212496 2014-07-04] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-18] (NVIDIA Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [205448 2017-09-12] (Invincea, Inc.)
R3 sssmbus; C:\Windows\System32\DRIVERS\sssmbus.sys [32520 2017-12-18] (SteelSeries ApS)
U1 staport; C:\Windows\System32\Drivers\staport.sys [45704 2017-12-28] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2017-12-12] (SlimWare Utilities, Inc.)
S1 zroqpkbt; C:\Windows\system32\drivers\zroqpkbt.sys [72816 2017-12-28] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\user\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-28 20:05 - 2017-12-28 20:05 - 000021511 _____ C:\Users\user\Desktop\FRST.txt
2017-12-28 19:56 - 2017-12-28 20:01 - 000000000 ____D C:\Users\user\Desktop\MIZAH 2017-12-28 19;56;26 (Full)
2017-12-28 19:47 - 2017-12-28 20:05 - 000000000 ____D C:\FRST
2017-12-28 19:40 - 2017-12-28 19:40 - 002391552 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-12-28 19:20 - 2017-12-28 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-12-28 19:20 - 2017-12-28 19:20 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-12-28 19:16 - 2017-12-28 19:16 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\user\Downloads\cbSetup.exe
2017-12-28 16:10 - 2017-12-28 16:10 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zroqpkbt.sys
2017-12-28 15:43 - 2017-12-28 16:03 - 150461200 _____ (Microsoft Corporation) C:\Users\user\Downloads\msert.exe
2017-12-28 08:51 - 2017-12-28 08:51 - 000000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2017-12-28 08:49 - 2017-12-28 08:49 - 000045704 _____ () C:\Windows\system32\Drivers\staport.sys
2017-12-28 08:49 - 2017-12-28 08:49 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-28 08:49 - 2017-12-28 08:48 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa64d72d3c104cc32.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\asw10d2c59fa6359a70.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4668efb362c38b70.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw650e791bcf2cc495.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw429a473bc570f512.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw99e89bc654c605d8.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw704045423ba8aa58.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7744dcf8b2da9720.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdb5f15d9767e8ea4.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe6f3dfc2027154ad.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7848dc6712bc6ac2.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd00f07388d281eb1.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1670b656d308970c.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9a35a82fca48dacc.tmp
2017-12-28 08:47 - 2017-12-28 08:47 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-28 08:46 - 2017-12-28 08:48 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-28 08:46 - 2017-12-28 08:46 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-28 08:46 - 2017-12-28 08:46 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-12-28 08:46 - 2017-12-28 08:46 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-28 08:46 - 2017-12-28 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-28 08:46 - 2017-12-28 08:46 - 000000000 ____D C:\Program Files\CCleaner
2017-12-28 08:42 - 2017-12-28 12:53 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (user)
2017-12-27 18:45 - 2017-12-27 19:21 - 000000000 ____D C:\Users\user\AppData\Local\Facebook
2017-12-27 18:29 - 2017-12-27 18:29 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-27 18:29 - 2017-12-27 18:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-27 18:29 - 2017-12-27 18:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-27 18:21 - 2017-12-27 21:04 - 000000000 ____D C:\Users\user\AppData\LocalLow\Unity
2017-12-27 18:21 - 2017-12-27 21:04 - 000000000 ____D C:\Users\user\AppData\Local\Unity
2017-12-27 18:21 - 2017-12-27 18:21 - 000003072 _____ C:\Windows\System32\Tasks\MailRuUpdater
2017-12-27 18:21 - 2017-12-27 18:21 - 000002307 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2017-12-27 18:21 - 2017-12-27 18:21 - 000002307 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk
2017-12-27 18:21 - 2017-12-27 18:21 - 000002225 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
2017-12-27 18:16 - 2017-12-28 14:40 - 000003266 _____ C:\Windows\System32\Tasks\jaoyOkH
2017-12-27 18:16 - 2017-12-28 08:40 - 000003484 _____ C:\Windows\System32\Tasks\KYis
2017-12-27 18:16 - 2017-12-27 18:21 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
2017-12-27 18:16 - 2017-12-27 18:16 - 000003602 _____ C:\Windows\System32\Tasks\rQLuERW
2017-12-27 18:16 - 2017-12-27 18:16 - 000000001 _____ C:\Users\user\AppData\Local\WMI.ini
2017-12-27 18:16 - 2016-04-22 06:12 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zagEQFIoa.exe
2017-12-27 18:16 - 2010-11-21 11:24 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\YuBQoUKCx.exe
2017-12-27 18:16 - 2009-07-14 09:14 - 000001150 _____ C:\Users\user\AppData\Local\ottIlI
2017-12-27 18:16 - 2009-07-14 09:14 - 000001067 _____ C:\Users\user\AppData\Local\AAYHtAYOIYrZ
2017-12-27 18:16 - 2009-07-14 09:14 - 000000064 _____ C:\Program Files (x86)\iEYzAalvDAoYq
2017-12-27 18:15 - 2017-12-27 18:15 - 000003582 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2017-12-27 18:15 - 2017-12-27 18:15 - 000000000 ____D C:\ProgramData\Mail.Ru
2017-12-27 17:25 - 2017-12-27 17:48 - 000000000 ____D C:\Users\user\AppData\Roaming\Visual Studio Setup
2017-12-27 17:25 - 2017-12-27 17:25 - 000001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-12-27 17:25 - 2017-12-27 17:25 - 000000000 ____D C:\Users\user\AppData\Roaming\vstelemetry
2017-12-27 17:25 - 2017-12-27 17:25 - 000000000 ____D C:\Users\user\AppData\Local\ServiceHub
2017-12-27 17:25 - 2017-12-27 17:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-12-25 10:19 - 2017-12-25 10:20 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-12-23 21:15 - 2017-12-25 11:16 - 000000000 ____D C:\Users\user\AppData\Local\Troubleshooter
2017-12-23 20:35 - 2017-12-23 20:35 - 000000000 ____D C:\Users\user\AppData\Local\Macromedia
2017-12-23 20:33 - 2017-03-03 16:49 - 000000570 _____ C:\Users\user\AppData\Local\TroubleshooterConfig.json
2017-12-23 20:30 - 2017-12-28 08:41 - 000000000 ____D C:\Users\user\AppData\Local\Bluestacks
2017-12-23 19:50 - 2017-12-23 19:50 - 000007592 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2017-12-23 12:45 - 2017-12-25 11:11 - 000000000 ____D C:\Users\user\Documents\MuMu共享文件夹
2017-12-23 12:45 - 2017-12-23 12:45 - 000000000 ____D C:\Users\user\AppData\Local\CrashRpt
2017-12-23 12:42 - 2017-12-23 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuMuÄ£ÄâÆ÷
2017-12-23 12:41 - 2017-12-27 19:26 - 000000000 ____D C:\Users\user\.NEMU
2017-12-23 12:41 - 2017-12-23 12:58 - 000000000 ____D C:\Program Files (x86)\Nemu
2017-12-23 12:21 - 2017-12-23 12:21 - 000131984 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2017-12-22 14:55 - 2017-12-22 14:55 - 000000000 ____D C:\Users\user\Downloads\vismat_material_collection
2017-12-22 08:40 - 2017-12-22 08:40 - 000201296 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2017-12-20 19:38 - 2017-12-20 19:40 - 000000000 ____D C:\Users\user\AppData\Roaming\Opera Software
2017-12-20 19:38 - 2017-12-20 19:40 - 000000000 ____D C:\Users\user\AppData\Local\Opera Software
2017-12-20 19:37 - 2017-12-20 19:37 - 000004044 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1513769871
2017-12-18 11:44 - 2017-12-18 11:50 - 000000000 ____D C:\Users\user\Downloads\VSCO
2017-12-18 09:04 - 2017-12-18 09:04 - 000824848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2017-12-18 09:02 - 2017-12-18 09:02 - 001804672 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-12-18 09:02 - 2017-12-18 09:02 - 000032520 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sssmbus.sys
2017-12-18 09:02 - 2017-12-18 09:02 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_sssmbus_01011.Wdf
2017-12-18 08:46 - 2017-12-18 08:46 - 000050808 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-12-18 08:42 - 2017-12-18 08:42 - 000000000 ____D C:\Windows\system32\RTCOM
2017-12-18 08:41 - 2017-12-18 08:41 - 000000000 ____D C:\Program Files\Waves
2017-12-18 08:40 - 2017-12-18 08:40 - 072121864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-12-18 08:40 - 2017-12-18 08:40 - 013186976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 012079528 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO40.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 012016264 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 003700352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2017-12-18 08:40 - 2017-12-18 08:40 - 003271904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 003198712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 003133848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 002679808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTDVHD64.sys
2017-12-18 08:40 - 2017-12-18 08:40 - 002201600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001978592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001745664 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001570552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTDSnM64.cpl
2017-12-18 08:40 - 2017-12-18 08:40 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001356496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001213648 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000914008 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000768808 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000642912 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000577832 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000410024 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000174328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000149752 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000074600 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000069920 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2017-12-18 08:40 - 2017-12-18 08:40 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-12-18 08:39 - 2017-12-18 08:39 - 000480800 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2017-12-16 09:56 - 2017-12-16 09:56 - 000905736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2017-12-16 09:56 - 2017-12-16 09:56 - 000041480 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2017-12-16 09:54 - 2017-12-27 18:43 - 000000000 ____D C:\ProgramData\ProductData
2017-12-16 09:54 - 2017-12-16 09:54 - 000000000 ____D C:\Windows\IObit
2017-12-16 09:48 - 2017-12-16 09:54 - 000000000 ____D C:\Users\user\AppData\LocalLow\IObit
2017-12-16 09:48 - 2017-12-16 09:48 - 000027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-12-16 09:48 - 2017-12-16 09:48 - 000003250 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-12-16 09:48 - 2017-12-16 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2017-12-16 09:48 - 2017-12-16 09:48 - 000000000 ____D C:\Program Files (x86)\IObit
2017-12-16 09:47 - 2017-12-23 20:21 - 000000000 ____D C:\ProgramData\IObit
2017-12-16 06:38 - 2017-12-16 06:38 - 000000000 ____D C:\Program Files (x86)\GUMDE0F.tmp
2017-12-12 08:48 - 2017-12-12 08:48 - 000000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2017-12-12 08:46 - 2017-12-12 09:03 - 000000000 ____D C:\Users\user\AppData\Local\SlimWare Utilities Inc
2017-12-12 08:46 - 2017-12-12 08:46 - 000016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2017-12-12 08:46 - 2017-12-12 08:46 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-12-11 13:47 - 2017-12-12 20:49 - 000001465 _____ C:\Users\user\Desktop\Item Build.txt
2017-12-11 01:32 - 2017-12-11 01:32 - 000000000 ____D C:\Users\user\Desktop\Portable_Adobe_Photoshop_CS6_Extended
2017-12-10 22:40 - 2017-12-14 22:28 - 000000000 ____D C:\Windows\pss
2017-12-10 22:26 - 2017-12-10 22:28 - 000000624 _____ C:\Users\user\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-12-09 09:41 - 2017-12-09 09:41 - 000233315 _____ C:\Users\user\Downloads\General_Tanking_tips.pdf
2017-12-08 16:51 - 2017-12-08 16:57 - 000000000 ____D C:\Users\user\AppData\Roaming\Easeware
2017-12-07 16:18 - 2017-12-07 16:18 - 000000000 ____D C:\Users\user\.android
2017-12-07 16:17 - 2017-12-23 22:26 - 000000000 ____D C:\Users\user\.TianTianVM
2017-12-07 16:16 - 2017-12-07 16:16 - 000000000 ____D C:\Users\Public\Thunder Network
2017-12-07 16:16 - 2017-12-07 16:16 - 000000000 ____D C:\ProgramData\Thunder Network
2017-12-07 14:25 - 2017-12-23 16:21 - 000000000 ____D C:\Users\user\Desktop\Hazieq 2017-12-28 19;41;28 (Full)
2017-12-07 14:25 - 2017-12-23 16:21 - 000000000 ____D C:\Users\user\Desktop\Hazieq
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-28 19:45 - 2009-07-14 12:45 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-28 19:45 - 2009-07-14 12:45 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-28 19:23 - 2016-04-21 15:37 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-28 11:51 - 2016-10-08 15:49 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-12-28 08:57 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-12-28 08:53 - 2017-09-06 12:14 - 000000000 ____D C:\Users\user\AppData\Roaming\PhotoScape
2017-12-28 08:53 - 2011-02-10 22:25 - 000000000 ____D C:\Windows\panther
2017-12-28 08:42 - 2009-07-14 11:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-28 08:39 - 2016-10-06 19:33 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-28 08:39 - 2016-10-06 19:33 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-12-28 08:37 - 2016-10-06 19:57 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-28 08:37 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-27 19:21 - 2016-10-06 21:55 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-27 18:31 - 2017-10-04 19:50 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-12-27 18:29 - 2017-10-04 19:49 - 000000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-12-27 18:29 - 2017-10-04 19:49 - 000000000 ____D C:\Users\user\AppData\Local\Mozilla
2017-12-27 08:44 - 2017-08-30 18:03 - 000000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-12-22 08:43 - 2009-07-14 13:13 - 000785364 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-18 10:59 - 2016-10-10 09:55 - 000000000 ____D C:\Users\user\AppData\Local\cache
2017-12-18 09:23 - 2017-10-04 19:49 - 000000000 ____D C:\Users\user\AppData\Roaming\IObit
2017-12-18 08:42 - 2016-04-21 15:42 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-12-18 08:41 - 2016-04-21 15:42 - 000003146 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton
2017-12-16 06:50 - 2017-01-17 16:33 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-12-16 06:48 - 2016-10-06 19:52 - 000000000 ____D C:\Program Files\Google
2017-12-16 06:40 - 2016-10-06 19:52 - 000000000 ____D C:\ProgramData\Google
2017-12-16 06:40 - 2016-10-06 19:51 - 000000000 ____D C:\Users\user\AppData\Local\Google
2017-12-16 06:38 - 2016-04-21 15:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-14 09:33 - 2016-10-06 19:52 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 09:33 - 2016-10-06 19:52 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 12:14 - 2017-10-04 17:03 - 000000000 ____D C:\Users\user\Desktop\RSPO 2017-12-28 19;54;29 (Full)
2017-12-13 12:14 - 2017-10-04 17:03 - 000000000 ____D C:\Users\user\Desktop\RSPO
2017-12-11 12:07 - 2017-11-22 14:17 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
2017-12-11 11:55 - 2017-03-22 19:05 - 000000000 ____D C:\ProgramData\Adobe
2017-12-11 10:45 - 2017-08-30 17:56 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-12-11 10:21 - 2016-10-10 09:51 - 000000000 ____D C:\ProgramData\FLEXnet
2017-12-08 19:00 - 2016-10-12 15:39 - 000000000 ____D C:\temp
2017-12-02 16:39 - 2017-08-16 14:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-02 16:28 - 2017-11-24 18:32 - 000000000 ____D C:\Users\user\Desktop\MKRS KAJANG
 
==================== Files in the root of some directories =======
 
2017-12-27 18:16 - 2009-07-14 09:14 - 000000064 _____ () C:\Program Files (x86)\iEYzAalvDAoYq
2009-07-14 09:14 - 2009-07-14 09:14 - 000000064 _____ () C:\Program Files (x86)\iEYzAalvDAoYq.bat
2017-12-27 18:16 - 2009-07-14 09:14 - 000000070 _____ () C:\Program Files (x86)\Common Files\ureoIeei
2009-07-14 09:14 - 2009-07-14 09:14 - 000000070 _____ () C:\Program Files (x86)\Common Files\ureoIeei.bat
2017-02-24 12:37 - 2017-11-22 15:08 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-12-10 22:26 - 2017-12-10 22:28 - 000000624 _____ () C:\Users\user\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-12-27 18:16 - 2009-07-14 09:14 - 000001067 _____ () C:\Users\user\AppData\Local\AAYHtAYOIYrZ
2009-07-14 09:14 - 2009-07-14 09:14 - 000001067 _____ () C:\Users\user\AppData\Local\AAYHtAYOIYrZ.bat
2017-12-27 18:16 - 2009-07-14 09:14 - 000001150 _____ () C:\Users\user\AppData\Local\ottIlI
2009-07-14 09:14 - 2009-07-14 09:14 - 000001150 _____ () C:\Users\user\AppData\Local\ottIlI.bat
2017-12-23 19:50 - 2017-12-23 19:50 - 000007592 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2017-12-23 20:33 - 2017-03-03 16:49 - 000000570 _____ () C:\Users\user\AppData\Local\TroubleshooterConfig.json
2017-12-27 18:16 - 2017-12-27 18:16 - 000000001 _____ () C:\Users\user\AppData\Local\WMI.ini
 
Some files in TEMP:
====================
2017-12-28 03:15 - 2017-12-28 03:15 - 000388201 _____ (                                                            ) C:\Users\user\AppData\Local\Temp\2094310460.exe
2017-12-28 08:41 - 2017-04-04 21:25 - 000782872 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-Common.dll
2017-12-28 08:41 - 2017-04-04 21:25 - 000464920 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-InstallerUtils.dll
2017-12-28 08:41 - 2017-04-04 21:22 - 000187416 _____ (BlueStack Systems) C:\Users\user\AppData\Local\Temp\HD-LibraryHandler.dll
2017-12-28 08:41 - 2017-04-04 21:21 - 000246808 _____ (BlueStack Systems) C:\Users\user\AppData\Local\Temp\HD-Logger-Native.dll
2017-12-28 08:41 - 2017-04-04 21:25 - 000385048 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-Uninstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-19 10:04
 
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by user (28-12-2017 20:06:06)
Running from C:\Users\user\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-10-06 11:32:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2259160459-1683329611-3773819030-500 - Administrator - Disabled)
Guest (S-1-5-21-2259160459-1683329611-3773819030-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2259160459-1683329611-3773819030-1002 - Limited - Enabled)
user (S-1-5-21-2259160459-1683329611-3773819030-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: F-Secure SAFE (Disabled - Up to date) {35BE5FA4-2DEA-00F8-DC55-FD8AF743F44F}
AS: F-Secure SAFE (Disabled - Up to date) {8EDFBE40-0BD0-0F76-E6E5-C6F88CC4BEF2}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD Raster Design 2014 (HKLM\...\{5783F2D7-D031-0409-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.32.100 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD Raster Design 2014 (HKLM\...\AutoCAD Raster Design 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk Mudbox 2014 (HKLM\...\{F9BE7B54-D322-43D6-83DD-CD132E4B8EEE}) (Version: 8.0.0.1010 - Autodesk) Hidden
Autodesk Mudbox 2014 (HKLM\...\Autodesk Mudbox 2014) (Version: 8.0.0.1010 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap Language Pack-English (HKLM\...\{31ABA3F2-0010-1033-0102-111D43815377}) (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Showcase 2014 (HKLM\...\{0BB716E0-1400-0410-0000-097DC2F354DF}) (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Revit Interoperability for Showcase 2014 (HKLM\...\Autodesk Revit Interoperability for Showcase 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Showcase 2014 64-bit (HKLM\...\{42FCE681-2220-4EAA-8E39-20B527585547}) (Version: 8.0.0.314 - Autodesk) Hidden
Autodesk Showcase 2014 64-bit (HKLM\...\Autodesk Showcase 2014 64-bit) (Version: 8.0.0.314 - Autodesk)
Autodesk SketchBook Designer 2014 (HKLM\...\{4057E6CF-C9AC-45D7-87D4-A8FAE305AAC1}) (Version: 4.00.0000 - Autodesk) Hidden
Autodesk SketchBook Designer 2014 (HKLM\...\Autodesk SketchBook Designer 2014) (Version: 4.00.0000 - Autodesk)
Autodesk SketchBook Designer for AutoCAD 2014 (HKLM\...\{8BFDC12D-7F32-4F77-95DE-D1A42BAC91DD}) (Version: 4.00.0000 - Autodesk) Hidden
Autodesk SketchBook Designer for AutoCAD 2014 (HKLM\...\Autodesk SketchBook Designer for AutoCAD 2014) (Version: 4.00.0000 - Autodesk)
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Computer Security 17.193.128.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.193.128.0 - F-Secure Corporation) Hidden
Create Recovery Media (HKLM-x32\...\{10F3CD89-8A7E-48D4-9101-B44E5ACFEFDC}) (Version: 1.0.0.1 - Dell)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 6.2.24674 - Invincea, Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
FARO LS 1.1.500.1 (64bit) (HKLM-x32\...\{AC7FAF34-D67B-428E-B65B-82209180D3C5}) (Version: 5.0.1.28807 - FARO Scanner Production)
F-Secure CCF Reputation (HKLM-x32\...\{D864A15F-64B4-49B1-832C-21EDB46843B7}) (Version: 100.0.0.0 - F-Secure) Hidden
F-Secure CCF Scanning Dummy 3.0.12 (release) (HKLM-x32\...\{99924D6C-E069-4C91-AB86-1722282FC858}) (Version: 3.0.12 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.266 (HKLM-x32\...\{A61B6381-E40A-4C8C-BB38-FD9E95F70E02}) (Version: 1.04.266 - F-Secure Corporation) Hidden
F-Secure SAFE (HKLM-x32\...\{ABA4F20E-E0C1-40E9-9B98-3D369F6E27BD}) (Version: 2.93.175.0 - F-Secure Corporation) Hidden
F-Secure SAFE (HKLM-x32\...\F-Secure ServiceEnabler 6661000) (Version: 2.93.175.0 - F-Secure Corporation)
F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden
F-Secure Ultralight 1.0.5438.0 (release) (cc0c4f981bd2f23d1e5e325af11ed0a0ecf2a348) (HKLM-x32\...\{C75644E8-5FB5-4B8F-8FD2-08CC5D7ECD87}) (Version: 1.0.5438.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
IMVU Avatar Chat Software (HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8776.0 - Waves Audio Ltd.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
MuMuÄ£ÄâÆ÷ (HKLM-x32\...\Nemu) (Version: 1.19.3 - Netease)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Safety 2.193.6267.3648 (HKLM-x32\...\{3ABED170-C353-4842-8F95-0126442245BE}) (Version: 2.193.6267.3648 - F-Secure Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6117 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-07-03] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F47B442-4B13-44A5-8D66-3206161CD1DC} - System32\Tasks\KYis => C:\Program Files (x86)\Common Files\ureoIeei.bat [2009-07-14] () <==== ATTENTION
Task: {27DEF88D-F78A-4517-A531-639D6C1AB283} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" bltopn.com/hohoj <==== ATTENTION
Task: {3678B50C-A487-4D66-9867-800BEBA865B0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-14] (Piriform Ltd)
Task: {3A1C0E05-474D-4101-B37C-4420C1AE8752} - System32\Tasks\MailRuUpdater => C:\Users\user\AppData\Local\Mail.Ru\MailRuUpdater.exe <==== ATTENTION
Task: {4EB6D1A5-89CA-4AC4-AC55-946142B09C53} - System32\Tasks\jaoyOkH => C:\Program Files (x86)\iEYzAalvDAoYq.bat [2009-07-14] () <==== ATTENTION
Task: {52D62EB3-2944-4E03-AF99-00B9D5F0E3CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-07] (Google Inc.)
Task: {79A7597C-D7CE-4518-879C-EEF92A4F8131} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-07] (Google Inc.)
Task: {80EF19A4-FF69-43FD-8B22-49DBA02E27DC} - System32\Tasks\{40A1142A-7B8F-4536-B40C-EDE49A99AD92} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\MS_2007_Office_Portable.exe -d C:\Users\user\Downloads
Task: {81637844-D9A6-4D56-B203-D13A75A49F74} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {8E755636-6FC2-417B-82AA-1721B8580FB2} - System32\Tasks\Opera scheduled Autoupdate 1513769871 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe
Task: {90DE8497-3821-4F93-BD66-9F3161615667} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {95991D95-569E-40E9-A816-F156EBAE085F} - System32\Tasks\rQLuERW => C:\Windows\SysWOW64\zagEQFIoa.exe [2016-04-22] (Microsoft Corporation)
Task: {99560F31-2D0F-430E-A242-A6E6417821D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-21] (Adobe Systems Incorporated)
Task: {B9D8BC4F-47BB-4E41-B861-1A468EF99EC6} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-11-16] (IObit)
Task: {C5BAE43A-86F9-488B-B0B6-6E6B1B1988B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {DB6983FC-544A-46FD-A9F9-320F72F56964} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-14] (Piriform Ltd)
Task: {EAB3A0DA-CBAA-48DB-9B1D-3E4096B7C22E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-18] (Realtek Semiconductor)
Task: {F295C97C-838A-4AB4-99CB-D18E78A063AA} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe [2017-10-24] (IObit)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
 
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811144"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-06 19:57 - 2014-07-03 02:55 - 000116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 000055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-11-20 16:59 - 2017-11-20 16:59 - 000328160 _____ () C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\daas2_x64.dll
2017-12-23 12:41 - 2017-11-27 15:26 - 000673136 ____N () C:\Program Files (x86)\Nemu\EmulatorShell\NemuBooter.exe
2016-10-07 14:53 - 2014-09-10 10:13 - 000847872 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-11-20 16:59 - 2017-11-20 16:59 - 000319968 _____ () C:\Program Files (x86)\F-Secure\SAFE\apps\Ultralight\ulcore\1511165593\senddump_fshoster_plugin64.dll
2017-12-28 08:48 - 2017-12-28 08:48 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-28 08:48 - 2017-12-28 08:48 - 000067920 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2016-10-20 21:22 - 2016-10-20 21:22 - 000959168 _____ () C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-12-14 09:33 - 2017-12-06 12:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 09:33 - 2017-12-06 12:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2016-10-06 22:02 - 2014-11-14 06:32 - 004949504 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\XMLDRSpawner.exe
2016-10-06 22:03 - 2014-11-01 02:33 - 007651840 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtGui.pyd
2016-10-06 22:02 - 2014-11-11 07:32 - 000097792 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\sip.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 002120192 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtCore.pyd
2016-10-06 22:02 - 2014-11-14 06:27 - 000008704 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\Win32HookMsgProc.pyd
2016-10-06 22:02 - 2014-11-14 06:31 - 005615616 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\PyVRay.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000008704 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\Qt.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000127488 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtHelp.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000119296 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtMultimedia.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000512512 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtNetwork.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000253440 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtDeclarative.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000169984 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtScript.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000025088 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtScriptTools.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000246272 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtXml.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000253440 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtOpenGL.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000312832 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtSql.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000109056 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtSvg.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000026112 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtTest.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000411648 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtWebKit.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000142336 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtXmlPatterns.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000416256 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\phonon.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000321536 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QtDesigner.pyd
2016-10-06 22:03 - 2014-11-01 02:33 - 000316928 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\lib\site-packages\PyQt4\QAxContainer.pyd
2016-10-06 22:02 - 2014-11-01 02:33 - 000047616 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Python27\DLLs\_socket.pyd
2016-10-06 22:02 - 2014-11-14 06:19 - 000095232 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_AAFilters.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000089600 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_ASGVISNode.dll
2016-10-06 22:02 - 2014-11-14 06:19 - 004629504 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BitmapBuffer.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000104960 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFDiffuse.dll
2016-10-06 22:02 - 2014-11-14 06:19 - 000093184 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFLight.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000149504 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFReflection.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000165888 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFRefraction.dll
2016-10-06 22:02 - 2014-11-14 06:19 - 000114176 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFSampled.dll
2016-10-06 22:02 - 2014-11-14 06:19 - 000257024 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_BRDFVRayMtl.dll
2016-10-06 22:02 - 2014-11-14 06:19 - 000162304 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_CameraPhysical.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000117760 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomInfinitePlane.dll
2016-10-06 22:02 - 2014-11-14 06:20 - 000809472 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomMeshFile.dll
2016-10-06 22:02 - 2014-11-14 06:20 - 000118784 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomPlane.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000131072 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomSphere.dll
2016-10-06 22:02 - 2014-11-14 06:16 - 000538112 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomStaticDisplacedMesh.dll
2016-10-06 22:02 - 2014-11-14 06:16 - 000395776 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomStaticMesh.dll
2016-10-06 22:02 - 2014-11-14 06:16 - 000794112 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_GeomStaticSmoothedMesh.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 003537920 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_lenseffects.dll
2016-10-06 22:02 - 2014-11-14 06:20 - 000177664 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightDome.dll
2016-10-06 22:02 - 2014-11-14 06:20 - 000187392 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightIES.dll
2016-10-06 22:02 - 2014-11-14 06:20 - 000148992 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightOmni.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000211456 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightRectangle.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000164864 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightSphere.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000157696 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_LightSpot.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000111616 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MayaLightDirect.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000096256 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_Mtl2Sided.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000092160 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlAngleBlend.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000162816 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlASGVIS.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000101888 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlBump.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000087552 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlDoubleSided.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000091136 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlLayeredBRDF.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000087040 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlMaterialID.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000074752 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlMulti.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000093184 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlRoundEdges.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000073728 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlSingleBRDF.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000070144 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlSkp2Sided.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000081408 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlToon.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000165888 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_MtlWrapper.dll
2016-10-06 22:02 - 2014-11-14 06:16 - 000121344 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_Node.dll
2016-10-06 22:02 - 2014-11-14 06:15 - 000179200 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_RenderChannelColor.dll
2016-10-06 22:02 - 2014-11-14 06:15 - 000106496 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_RenderView.dll
2016-10-06 22:02 - 2014-11-14 06:22 - 000668160 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_RTEngine.dll
2016-10-06 22:02 - 2014-11-14 06:16 - 000575488 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_Settings.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000068096 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_SettingsDR.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000069120 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_SettingsImageFilter.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000170496 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_SettingsRenderChannels.dll
2016-10-06 22:02 - 2014-11-14 06:21 - 000168448 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_sunsky.dll
2016-10-06 22:02 - 2014-11-14 06:23 - 000071168 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexAColor.dll
2016-10-06 22:02 - 2014-11-14 06:23 - 000154112 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexBitmap.dll
2016-10-06 22:02 - 2014-11-14 06:23 - 000081920 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexBlend.dll
2016-10-06 22:02 - 2014-11-14 06:23 - 000145408 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexBulge.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000172032 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexCellular.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000154112 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexChecker.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000150016 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexCloth.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000095232 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexDirt.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000153088 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexFalloff.dll
2016-10-06 22:02 - 2014-11-14 06:28 - 000072704 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexFresnel.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000156160 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexGranite.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000147968 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexGrid.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000072704 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexInvert.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000156160 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexLeather.dll
2016-10-06 22:02 - 2014-11-14 06:24 - 000154624 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexMarble.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000672768 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexMax.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 001034752 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexMaya.dll
2016-10-06 22:02 - 2014-11-14 06:29 - 000076288 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexNoise.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000146944 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexRock.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000197632 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexSampler.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000146944 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexSnow.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000070144 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexUVW.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000110592 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexWater.dll
2016-10-06 22:02 - 2014-11-14 06:25 - 000157696 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_TexWood.dll
2016-10-06 22:02 - 2014-11-14 06:26 - 000099840 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_UVWGenChannel.dll
2016-10-06 22:02 - 2014-11-14 06:26 - 000087040 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_UVWGenEnvironment.dll
2016-10-06 22:02 - 2014-11-14 06:26 - 000075776 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_UVWGenObject.dll
2016-10-06 22:02 - 2014-11-14 06:26 - 000084480 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_UVWGenPlanarWorld.dll
2016-10-06 22:02 - 2014-11-14 06:26 - 000083456 _____ () C:\ProgramData\ASGVIS\Common\x64\vc101\Distributed Rendering\vrayplugins\vray_VolumeFog.dll
2014-07-14 15:25 - 2014-07-14 15:25 - 000278528 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2014-06-16 17:25 - 2014-06-16 17:25 - 000053248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2016-10-07 14:53 - 2014-08-26 08:48 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-10-07 14:53 - 2014-08-26 08:48 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-10-07 14:53 - 2014-09-10 10:12 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-10-07 14:53 - 2014-08-26 08:48 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2016-10-20 21:22 - 2016-10-20 21:22 - 000679624 _____ () C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 000155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-09-04 20:34 - 2015-09-04 20:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-12-16 09:48 - 2017-10-16 10:14 - 000442144 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madExcept_.bpl
2017-12-16 09:48 - 2017-10-16 10:14 - 000210720 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madBasic_.bpl
2017-12-16 09:48 - 2017-10-16 10:14 - 000059680 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\madDisAsm_.bpl
2017-12-16 09:48 - 2016-08-01 10:48 - 000899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\5.1.0\webres.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1008 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:104 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1086 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1165 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:141 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:147 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:149 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:215 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:224 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:271 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:291 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:303 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:835 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:876 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:960 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:974 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:98 [0]
AlternateDataStreams: C:\Windows\system32\Drivers\zroqpkbt.sys:changelist [1370]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2017-09-26 10:04 - 000000857 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2259160459-1683329611-3773819030-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: NemuBooter => C:\Program Files (x86)\Nemu\EmulatorShell\NemuBooter.exe
MSCONFIG\startupreg: WavesSvc => "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2048102F-F474-4EB0-B892-8B0517C5F203}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC069FA2-DB5F-4EE7-8ECE-12FCFFBAEAB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC5BB664-538F-4FA4-B772-635DE648E0E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8A19B242-58CA-4448-B84D-FFF3E865DEDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F57F6A4B-CEC5-4785-9BC8-80D4C00477D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC60A52C-E2FF-423B-B548-6F7FA202076F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADA519A0-D6FC-4EB6-8763-BA16812EDA85}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{CF424ADD-02D0-4B6F-814F-400611BD0762}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{DED01E90-46F7-4E01-B01A-3D04EDCCB023}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{F5E73232-BC32-4E24-B693-14DF0F7A2B1C}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{86A71772-FA85-4A42-B0E7-C709EED18857}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{D353B7E5-E7C9-4CE4-B5AD-C7CB4BE9F3D2}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{5E761C0E-C37E-4C9A-A226-B7FB4E8DBFC2}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{7811DE86-60D3-4606-842B-7F5947DFDB5E}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{89E1DFBB-57A4-4459-95E5-D1D723EF996F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [{46BD5A67-FCCC-449F-9319-87FDF9BC48A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0868C0F2-8C74-4E62-AA92-56060DAA99CA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{15E3D36C-33C1-4867-BF82-6B2636A8DAFA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
FirewallRules: [{EE0AB689-F727-4341-8345-4132513748F4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{A69E8555-F8C8-4AC7-A1F4-23A14AE72CE8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
FirewallRules: [{D90DB9C8-D4F4-4570-923A-5A2820403D9B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [{A455ED65-475A-4177-87BC-B5CFCFBBE42E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
FirewallRules: [{1B661029-3259-4A77-8880-1607E3BDAF4F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{16EC2A58-C0AD-4967-A0CF-C04929CB1F59}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
26-12-2017 07:27:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/28/2017 07:36:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {63e03bee-8185-4eb4-9638-878a9b2ee15e}
 
Error: (12/28/2017 05:03:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18205 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 23b4
 
Start Time: 01d37fba94b2297c
 
Termination Time: 3
 
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Report Id: fb108d1e-ebad-11e7-a104-64006a3bdf32
 
Error: (12/28/2017 05:02:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SketchUp.exe version 15.0.9350.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2dd0
 
Start Time: 01d37fb60d80cdcd
 
Termination Time: 21530
 
Application Path: C:\Program Files\SketchUp\SketchUp 2015\SketchUp.exe
 
Report Id:
 
Error: (12/28/2017 11:50:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.19135, time stamp: 0x56a1c9c5
Exception code: 0xc0000374
Fault offset: 0x00000000000c0aa2
Faulting process id: 0x778
Faulting application start time: 0x01d37f7405d3e0f1
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 4fd7d64c-eb82-11e7-a104-64006a3bdf32
 
Error: (12/28/2017 08:49:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/28/2017 08:42:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.1.1043, time stamp: 0x564b505a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00e6ad75
Faulting process id: 0x1700
Faulting application start time: 0x01d37f74a7f63a02
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: ea905da3-eb67-11e7-a104-64006a3bdf32
 
Error: (12/28/2017 08:42:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (12/28/2017 08:39:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/28/2017 08:38:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (12/28/2017 08:37:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
 
System errors:
=============
Error: (12/28/2017 02:39:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/28/2017 08:46:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/28/2017 08:46:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (12/28/2017 08:42:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/28/2017 08:38:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel Security True Key Scheduler service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/28/2017 08:38:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel Security True Key Scheduler service to connect.
 
Error: (12/28/2017 08:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel Security True Key service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/28/2017 08:38:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel Security True Key service to connect.
 
Error: (12/28/2017 08:37:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Invincea Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/28/2017 08:37:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Invincea Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 73%
Total physical RAM: 3978.42 MB
Available physical RAM: 1069.69 MB
Total Virtual: 9943.63 MB
Available Virtual: 5845.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.28 GB) (Free:801.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 571949EA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 07:57 AM

Hi Ducting :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Give me a few to review your logs and get back at you.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 08:04 AM

Thank you for waiting.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 08:13 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by user (28-12-2017 21:08:37) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B9864673A-7FC7-4891-9D8B-B3E2EA5C7B70%7D&gp=811139
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> {C346EACF-76D8-4852-B842-6731B64BC783} URL = 
SearchScopes: HKU\S-1-5-21-2259160459-1683329611-3773819030-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B9864673A-7FC7-4891-9D8B-B3E2EA5C7B70%7D&gp=811139
 
CHR NewTab: Default ->  Not-active:"chrome-extension://ifndkcehbcmmeogjlobfnobdkbihflpo/newtab/blank.html"
CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> {searchTerms}
 
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4099256 2017-12-22] (Mail.Ru)
S1 zroqpkbt; C:\Windows\system32\drivers\zroqpkbt.sys [72816 2017-12-28] (Microsoft Corporation)
S3 cpuz140; \??\C:\Users\user\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2017-12-12] (SlimWare Utilities, Inc.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
 
Task: {0F47B442-4B13-44A5-8D66-3206161CD1DC} - System32\Tasks\KYis => C:\Program Files (x86)\Common Files\ureoIeei.bat [2009-07-14] () <==== ATTENTION
Task: {27DEF88D-F78A-4517-A531-639D6C1AB283} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" bltopn.com/hohoj <==== ATTENTION
Task: {3A1C0E05-474D-4101-B37C-4420C1AE8752} - System32\Tasks\MailRuUpdater => C:\Users\user\AppData\Local\Mail.Ru\MailRuUpdater.exe <==== ATTENTION
Task: {4EB6D1A5-89CA-4AC4-AC55-946142B09C53} - System32\Tasks\jaoyOkH => C:\Program Files (x86)\iEYzAalvDAoYq.bat [2009-07-14] () <==== ATTENTION
Task: {80EF19A4-FF69-43FD-8B22-49DBA02E27DC} - System32\Tasks\{40A1142A-7B8F-4536-B40C-EDE49A99AD92} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\MS_2007_Office_Portable.exe -d C:\Users\user\Downloads
Task: {95991D95-569E-40E9-A816-F156EBAE085F} - System32\Tasks\rQLuERW => C:\Windows\SysWOW64\zagEQFIoa.exe [2016-04-22] (Microsoft Corporation)
 
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811144"
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1008 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:104 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1086 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:1165 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:141 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:147 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:149 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:215 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:224 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:271 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:291 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:303 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:835 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:876 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:960 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:974 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:98 [0]
AlternateDataStreams: C:\Windows\system32\Drivers\zroqpkbt.sys:changelist [1370]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
C:\Program Files (x86)\Mail.Ru
C:\Program Files (x86)\iEYzAalvDAoYq
C:\Program Files (x86)\GUMDE0F.tmp
C:\Program Files (x86)\iEYzAalvDAoYq.bat
C:\Program Files (x86)\Common Files\ureoIeei
C:\Program Files (x86)\Common Files\ureoIeei.bat
C:\ProgramData\Mail.Ru
C:\ProgramData\SlimWare Utilities, Inc
C:\Users\user\AppData\Local\Amigo
C:\Users\user\AppData\Local\Mail.Ru
C:\Users\user\AppData\Local\SlimWare Utilities Inc
C:\Users\user\AppData\Local\AAYHtAYOIYrZ
C:\Users\user\AppData\Local\ottIlI
C:\Users\user\AppData\Local\WMI.ini
C:\Users\user\AppData\Local\AAYHtAYOIYrZ.bat
C:\Users\user\AppData\Local\ottIlI.bat
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifndkcehbcmmeogjlobfnobdkbihflpo
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
2017-12-28 08:49 - 2017-12-28 08:48 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa64d72d3c104cc32.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\asw10d2c59fa6359a70.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4668efb362c38b70.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw650e791bcf2cc495.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\asw429a473bc570f512.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw99e89bc654c605d8.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\asw704045423ba8aa58.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7744dcf8b2da9720.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdb5f15d9767e8ea4.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe6f3dfc2027154ad.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7848dc6712bc6ac2.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd00f07388d281eb1.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1670b656d308970c.tmp
2017-12-28 08:49 - 2017-12-28 08:48 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9a35a82fca48dacc.tmp
C:\Windows\system32\Drivers\SWDUMon.sys
C:\Windows\SysWOW64\zagEQFIoa.exe
C:\Windows\SysWOW64\YuBQoUKCx.exe
 
EmptyTemp:
*****************
 
Processes closed successfully.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 08:28 AM

Looks like the fixlog.txt is incomplete. Can you attach it here?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 08:31 AM

Sorry

Attached Files


Edited by Ducting, 28 December 2017 - 08:31 AM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 09:16 AM

Hum... Can you run the fix again? It seems like the fix stopped after closing all the processes.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 09:32 AM

Here's the latest one, now everytime at startup cmd popup. Is this normal after run Fix ?

Attached Files



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 10:05 AM

The fix isn't going through. So nothing gets cleaned. Here, try this one.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 10:21 AM

Done

Attached Files



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 10:25 AM

Awesome! Can you .zip the C:\FRST\Quarantine folder, upload it on SendSpace.com and PM me the download URL for it?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 10:44 AM

Done :)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 10:56 AM

Thank you! How's the system behaving now? Is the command prompt still showing up on startup?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Ducting

Ducting
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 December 2017 - 11:03 AM

So far its okay for now, I will let u know the updates. You help me big time, thank you Yoan! So the C:\FRST\Quarantine folder should i leave there or delete ?



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 28 December 2017 - 11:22 AM

You can delete the whole FRST folder :) Let's keep this thread open for another 48-72h, just to make sure that the infection is gone. I'll ask you for an update afterwards.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users