Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undetectable Virus, starts CMD and downloads and popups. MAIL.RU


  • This topic is locked This topic is locked
11 replies to this topic

#1 opchops

opchops

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 January 2018 - 09:21 AM

Another person with the MAIL.RU Virus.

Misdownloaded something and it installed this mail.ru bullcrap on my pc. Did the usual malwarebytes run and uninstalled from the control panel but the problem, of corse, still persists.

 

CMD pops up every now and again and attempts to download a file. It has managed to download this file a few times when the pc has been unattended too unfortunately but still nothing is fixed when running malwarebytes.

Popups in browser also.

But a problem i've gotten which no one else has reported is that if i've returned to my pc and the CMD file has downloaded my pc then drags to a snails pace as if a process is hogging up all my power. tskmngr shows nothing, could be a hidden bit miner?

I also have BSOD on shutdown, didn't happen before the virus, very odd.

Attached are images of the cmd pop up and what it tells me. When searching in appdata nothing is there. super sneaky and hidden.

Attached File  wtf.png   55.45KB   0 downloads

Attached File  wtf2.png   723.27KB   0 downloads

 

I read in the other posts that you need logs, so here are mine.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by D0NG (administrator) on D0NG-PC (02-01-2018 15:09:42)
Running from C:\Users\D0NG\Desktop
Loaded Profiles: D0NG (Available Profiles: D0NG)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Discord Inc.) C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\Discord.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Discord Inc.) C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\Discord.exe
(McAfee, Inc.) C:\Program Files\TrueKey\MCAFEE~2.EXE
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [Discord] => C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [Gaijin.Net Agent] => C:\Users\D0NG\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-10-15] (Gaijin Entertainment)
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [uTorrent] => C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-27] (BitTorrent Inc.)
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\D0NG\AppData\Local\splice\app-3.1.77973\Splice.exe [57137552 2017-12-21] (Splice)
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [MailRuUpdater] => C:\Users\D0NG\AppData\Local\Mail.Ru\MailRuUpdater.exe
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [amigo] => C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe --no-startup-window <==== ATTENTION
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\MountPoints2: {01640389-1af9-11e7-8960-1c1b0d9175c8} - V:\Setup.exe
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\MountPoints2: {402605bb-eb2b-11e7-b45f-1c1b0d9175c8} - V:\stp-tww2.exe
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\MountPoints2: {4c69cae0-bfa5-11e7-98a7-1c1b0d9175c8} - V:\cdp-sptfbw.exe
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\MountPoints2: {6315c0c8-f087-11e6-82bc-806e6f6e6963} - D:\Run.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-02-11]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{AF948186-82F7-4322-AB80-A991BE123AB8}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1872268528-1317245567-2547443309-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)

FireFox:
========
FF DefaultProfile: pc16c49i.default
FF ProfilePath: C:\Users\D0NG\AppData\Roaming\Mozilla\Firefox\Profiles\pc16c49i.default [2018-01-02]
FF Homepage: Mozilla\Firefox\Profiles\pc16c49i.default -> google.com
FF Extension: (uBlock Origin) - C:\Users\D0NG\AppData\Roaming\Mozilla\Firefox\Profiles\pc16c49i.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-07-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-02] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-1872268528-1317245567-2547443309-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\D0NG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-13] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-10-08] (EasyAntiCheat Ltd)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-05-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-05-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 Origin Client Service; "C:\Windows.old.000\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "C:\Windows.old.000\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-11-30] () [File not signed]
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [143928 2015-09-16] (Rivet Networks, LLC.)
R3 KillerEth; C:\Windows\System32\DRIVERS\e24w7x64.sys [125488 2015-04-01] (Qualcomm Atheros, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2017-11-30] () [File not signed]
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-01] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 15:09 - 2018-01-02 15:09 - 000014366 _____ C:\Users\D0NG\Desktop\FRST.txt
2018-01-02 15:09 - 2018-01-02 15:09 - 000000000 ____D C:\FRST
2018-01-02 15:00 - 2018-01-02 15:00 - 000001346 _____ C:\Users\D0NG\Downloads\fixlist.txt
2018-01-02 14:53 - 2018-01-02 14:53 - 002393088 _____ (Farbar) C:\Users\D0NG\Desktop\FRST64.exe
2018-01-02 14:23 - 2018-01-02 14:23 - 000407368 _____ C:\Windows\Minidump\010218-22776-01.dmp
2018-01-02 10:26 - 2018-01-02 10:26 - 000407088 _____ C:\Windows\Minidump\010218-20685-01.dmp
2018-01-01 16:02 - 2018-01-01 16:02 - 000407368 _____ C:\Windows\Minidump\010118-21060-01.dmp
2018-01-01 15:52 - 2018-01-01 15:52 - 000407080 _____ C:\Windows\Minidump\010118-20046-01.dmp
2018-01-01 15:18 - 2018-01-01 15:18 - 000007605 _____ C:\Users\D0NG\AppData\Local\Resmon.ResmonCfg
2018-01-01 14:51 - 2018-01-01 14:51 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\NVIDIA
2018-01-01 12:09 - 2018-01-01 12:09 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-01 12:08 - 2018-01-01 12:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-01 12:08 - 2018-01-01 12:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-01 12:08 - 2018-01-01 12:08 - 000001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-01-01 12:08 - 2018-01-01 12:08 - 000001393 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-01-01 12:08 - 2018-01-01 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-01-01 12:08 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-01-01 12:04 - 2017-12-15 23:47 - 000143960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-01-01 12:04 - 2017-09-14 00:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-01-01 12:04 - 2017-09-14 00:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-01-01 12:04 - 2017-09-14 00:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-01-01 12:04 - 2017-09-14 00:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-01-01 12:03 - 2017-12-16 01:21 - 000532792 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-01-01 12:03 - 2017-12-16 01:21 - 000438584 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-01-01 12:03 - 2017-12-16 00:15 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-01-01 12:03 - 2017-12-15 23:34 - 005964688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 001767408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 000608056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 000450544 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-01-01 12:03 - 2017-12-15 23:34 - 000082928 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-01-01 12:03 - 2017-12-14 19:17 - 007917671 _____ C:\Windows\system32\nvcoproc.bin
2018-01-01 12:02 - 2017-12-16 01:21 - 040237456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 036305200 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 035157488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 029347640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 023266400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 022257256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 019526512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 019039976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 018208784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 016854840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-01-01 12:02 - 2017-12-16 01:21 - 015028168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 011782096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 004285520 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 003809072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 003799032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 003347952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001100600 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 001031984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000981816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000933168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000527288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000506672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000492232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000446400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-01-01 12:02 - 2017-12-16 01:21 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000154392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000149552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-01-01 12:02 - 2017-12-16 01:21 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2018-01-01 12:02 - 2017-12-16 01:21 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-01-01 12:02 - 2017-12-16 01:21 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-01-01 12:02 - 2017-12-16 01:21 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-01-01 11:56 - 2018-01-01 12:00 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\D0NG\Downloads\spybotsd-2.6.46.exe
2018-01-01 11:48 - 2018-01-01 11:48 - 000407048 _____ C:\Windows\Minidump\010118-19390-01.dmp
2018-01-01 11:41 - 2017-10-11 02:05 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-01-01 10:35 - 2018-01-01 10:35 - 000395160 _____ C:\Windows\Minidump\010118-21216-01.dmp
2018-01-01 10:31 - 2018-01-02 13:39 - 000153088 _____ C:\Windows\SysWOW64\conhost64.exe
2018-01-01 10:31 - 2018-01-02 13:39 - 000000000 ____D C:\Users\D0NG\AppData\Local\ReinstallBackups
2017-12-31 23:55 - 2017-12-31 23:55 - 000407344 _____ C:\Windows\Minidump\123117-20061-01.dmp
2017-12-30 22:16 - 2017-12-30 22:16 - 000407072 _____ C:\Windows\Minidump\123017-22698-01.dmp
2017-12-29 22:22 - 2017-12-29 22:22 - 000407032 _____ C:\Windows\Minidump\122917-20763-01.dmp
2017-12-28 23:41 - 2017-12-28 23:41 - 000404024 _____ C:\Windows\Minidump\122817-20264-01.dmp
2017-12-28 11:38 - 2017-12-28 11:38 - 000407344 _____ C:\Windows\Minidump\122817-20701-01.dmp
2017-12-28 09:27 - 2017-12-28 09:27 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\The Creative Assembly
2017-12-28 09:26 - 2017-12-28 09:26 - 000000640 _____ C:\Users\Public\Desktop\Total War - WARHAMMER II.lnk
2017-12-28 09:26 - 2017-12-28 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War - WARHAMMER II
2017-12-27 21:15 - 2017-12-27 22:50 - 000000000 ____D C:\Users\D0NG\Documents\Mount&Blade Warband Savegames
2017-12-27 21:10 - 2017-12-27 21:19 - 000000000 ____D C:\Users\D0NG\Documents\Mount&Blade Warband
2017-12-27 21:10 - 2017-12-27 21:14 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Mount&Blade Warband
2017-12-27 17:22 - 2018-01-02 14:23 - 000000000 ____D C:\Windows\Minidump
2017-12-27 17:22 - 2017-12-27 17:22 - 000407336 _____ C:\Windows\Minidump\122717-22120-01.dmp
2017-12-27 12:00 - 2018-01-01 15:37 - 002280250 _____ C:\Windows\ntbtlog.txt
2017-12-27 09:47 - 2017-12-27 09:47 - 000002303 _____ C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2017-12-27 09:47 - 2017-12-27 09:47 - 000002303 _____ C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk
2017-12-27 09:47 - 2017-12-27 09:47 - 000000000 ____D C:\Users\D0NG\AppData\LocalLow\Unity
2017-12-27 09:47 - 2017-12-27 09:47 - 000000000 ____D C:\Users\D0NG\AppData\Local\Unity
2017-12-27 09:47 - 2017-12-27 09:47 - 000000000 ____D C:\Users\D0NG\AppData\Local\Amigo
2017-12-27 09:44 - 2018-01-02 14:26 - 000003460 _____ C:\Windows\System32\Tasks\NPYEHnaYQIfm
2017-12-27 09:44 - 2018-01-02 13:39 - 000003258 _____ C:\Windows\System32\Tasks\LxmOoXTR
2017-12-27 09:44 - 2017-12-27 09:47 - 000000000 ____D C:\ProgramData\Mail.Ru
2017-12-27 09:44 - 2017-12-27 09:44 - 000003612 _____ C:\Windows\System32\Tasks\YwapiAL
2017-12-27 09:44 - 2017-12-27 09:44 - 000000001 _____ C:\Users\D0NG\AppData\Local\WMI.ini
2017-12-27 09:44 - 2010-11-21 04:24 - 000186368 _____ (Microsoft Corporation) C:\Windows\aLorpyyK.exe
2017-12-27 09:44 - 2009-07-14 02:14 - 000000969 _____ C:\Program Files (x86)\jEfeLu
2017-12-27 09:44 - 2009-07-14 02:14 - 000000911 _____ C:\Users\D0NG\NcjXGoeu
2017-12-27 09:44 - 2009-07-14 02:14 - 000000059 _____ C:\Program Files (x86)\aoKZEzlAK
2017-12-27 09:44 - 2009-07-14 02:14 - 000000052 _____ C:\Windows\SysWOW64\dyYpEEviSPYw
2017-12-27 09:43 - 2017-12-27 09:43 - 000003576 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2017-12-25 17:32 - 2017-12-25 17:32 - 000419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-12-25 17:32 - 2017-12-25 17:32 - 000413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-12-25 17:32 - 2017-12-25 17:32 - 000133632 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-12-25 17:32 - 2017-12-25 17:32 - 000110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-12-25 17:32 - 2017-12-25 17:32 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-12-25 11:36 - 2017-12-25 19:22 - 000000000 ____D C:\ProgramData\TEMP
2017-12-24 13:19 - 2017-12-24 13:19 - 000000000 ____D C:\Users\D0NG\Documents\Blue Cat Audio
2017-12-24 13:19 - 2017-12-24 13:19 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Blue Cat Audio
2017-12-24 13:17 - 2017-12-24 13:17 - 000000000 __HDC C:\ProgramData\{E3C5CB83-070E-4185-933B-94372FB3430D}
2017-12-24 13:17 - 2017-12-24 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexicon
2017-12-24 13:17 - 2017-12-24 13:17 - 000000000 ____D C:\Program Files\Lexicon(64-bit)
2017-12-24 13:15 - 2017-12-24 13:15 - 000000000 ____D C:\Program Files\Cableguys
2017-12-24 13:14 - 2017-12-24 13:15 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Cat Audio
2017-12-24 13:14 - 2017-12-24 13:13 - 000725157 _____ C:\Windows\unins002.exe
2017-12-24 10:39 - 2017-12-24 10:40 - 004181825 _____ C:\Users\D0NG\Downloads\MC303.zip
2017-12-24 10:26 - 2017-12-24 11:27 - 1679303298 _____ C:\Users\D0NG\Downloads\NHF_SamplePack_001.zip
2017-12-22 11:09 - 2018-01-02 14:29 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Splice
2017-12-21 13:13 - 2017-12-21 13:14 - 013337459 _____ C:\Users\D0NG\Downloads\VoxengoSoundDelay_15_Win.zip
2017-12-21 13:13 - 2017-12-21 13:13 - 005747675 _____ C:\Users\D0NG\Downloads\WIN_roughrider_110.zip
2017-12-21 12:56 - 2018-01-02 14:29 - 000000000 ____D C:\Users\D0NG\AppData\Local\SpliceSettings
2017-12-21 12:56 - 2017-12-21 12:59 - 000000000 ____D C:\Users\D0NG\Documents\Splice
2017-12-21 12:56 - 2017-12-21 12:56 - 000002140 _____ C:\Users\D0NG\Desktop\Splice.lnk
2017-12-21 12:56 - 2017-12-21 12:56 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2017-12-21 12:56 - 2017-12-21 12:56 - 000000000 ____D C:\Users\D0NG\AppData\Local\IsolatedStorage
2017-12-21 12:55 - 2017-12-21 12:56 - 000000000 ____D C:\Users\D0NG\AppData\Local\splice
2017-12-20 16:14 - 2017-12-20 16:17 - 061932150 _____ C:\Users\D0NG\Downloads\09.SINECORE - Something Old - djsinecore@gmail.com.wav
2017-12-20 16:13 - 2017-12-20 16:14 - 043547732 _____ C:\Users\D0NG\Downloads\08.SINECORE_-_Odysseus - djsinecore@gmail.com.wav
2017-12-20 16:11 - 2017-12-20 16:13 - 061516680 _____ C:\Users\D0NG\Downloads\06.SINECORE_-_Indian_Opium master - djsinecore@gmail.com.wav
2017-12-20 16:09 - 2017-12-20 16:11 - 039192614 _____ C:\Users\D0NG\Downloads\05.SINECORE - Endless Story - djsinecore@gmail.com.wav
2017-12-20 16:08 - 2017-12-20 16:11 - 058064016 _____ C:\Users\D0NG\Downloads\04.SINECORE _-_Somewhere_Deep_In_The_Jungle - djsinecore@gmail.com.wav
2017-12-20 16:06 - 2017-12-20 16:10 - 075843014 _____ C:\Users\D0NG\Downloads\03.SINECORE _-_Forgotten_Rites - djsinecore@gmail.com.wav
2017-12-20 16:05 - 2017-12-20 16:09 - 054042918 _____ C:\Users\D0NG\Downloads\02.SINECORE - Metaphor - djsinecore@gmail.com.wav
2017-12-20 16:04 - 2017-12-20 16:08 - 065321554 _____ C:\Users\D0NG\Downloads\01.SINECORE - Rainy Sunday - djsinecore@gmail.com.wav
2017-12-19 18:42 - 2017-12-25 14:08 - 000000342 _____ C:\Users\D0NG\Documents\csserver.txt
2017-12-19 15:52 - 2017-12-19 15:54 - 000547279 ____T C:\Users\D0NG\Downloads\Inverted - Sine Sound Mastered.mp3.asd
2017-12-12 15:04 - 2017-12-13 14:50 - 000000000 ____D C:\Users\D0NG\Documents\StarCraft II
2017-12-12 15:04 - 2017-12-13 14:50 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2017-12-12 14:53 - 2017-12-17 11:39 - 000000000 ____D C:\Users\D0NG\AppData\Local\Battle.net
2017-12-12 14:53 - 2017-12-13 14:50 - 000000000 ____D C:\Users\D0NG\AppData\Local\Blizzard Entertainment
2017-12-12 14:53 - 2017-12-12 15:04 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Battle.net
2017-12-12 14:52 - 2017-12-12 14:52 - 000000485 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-12-12 14:52 - 2017-12-12 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-12-12 14:46 - 2017-12-12 14:46 - 000000000 ____D C:\Users\D0NG\AppData\Local\Blizzard
2017-12-12 14:46 - 2017-12-12 14:46 - 000000000 ____D C:\ProgramData\Battle.net
2017-12-12 14:45 - 2017-12-12 14:45 - 004215792 _____ (Blizzard Entertainment) C:\Users\D0NG\Downloads\StarCraft-II-Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-02 14:30 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-02 14:30 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-02 14:29 - 2017-02-24 16:38 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\uTorrent
2018-01-02 14:29 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-02 14:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-02 14:27 - 2017-02-11 20:05 - 000000000 ____D C:\Users\D0NG\AppData\LocalLow\Mozilla
2018-01-02 14:23 - 2017-02-15 12:51 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\discord
2018-01-02 14:23 - 2017-02-11 19:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-02 14:23 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-01 16:03 - 2017-02-15 15:55 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\vlc
2018-01-01 15:52 - 2017-11-11 10:57 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-01 12:04 - 2017-03-15 18:50 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-01 12:04 - 2017-02-11 19:45 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-01 12:04 - 2017-02-11 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-01 12:04 - 2017-02-11 19:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-01 12:04 - 2017-02-11 19:44 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-01 12:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help
2018-01-01 11:53 - 2017-02-26 17:28 - 000000000 ____D C:\Users\D0NG\AppData\Local\CrashDumps
2018-01-01 11:42 - 2017-05-23 12:51 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:42 - 2017-02-11 19:45 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:42 - 2017-02-11 19:45 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:42 - 2017-02-11 19:45 - 000001426 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-01-01 11:41 - 2017-02-11 19:45 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:41 - 2017-02-11 19:45 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:41 - 2017-02-11 19:45 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:41 - 2017-02-11 19:45 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-01 11:41 - 2017-02-11 19:45 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-29 22:21 - 2017-02-11 20:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-29 22:21 - 2017-02-11 20:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-28 09:26 - 2017-02-18 13:06 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Audacity
2017-12-27 18:27 - 2017-02-11 19:28 - 000000000 ____D C:\Users\D0NG
2017-12-27 09:44 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-27 09:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-27 09:43 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-27 09:42 - 2017-02-11 20:33 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Origin
2017-12-27 09:42 - 2017-02-11 20:33 - 000000000 ____D C:\ProgramData\Origin
2017-12-25 17:32 - 2017-02-11 20:09 - 000000000 ____D C:\Users\D0NG\Documents\My Games
2017-12-25 11:40 - 2017-05-01 20:17 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-12-24 17:45 - 2017-02-25 13:48 - 000000000 ___RD C:\Users\D0NG\Desktop\symnth Project
2017-12-24 13:14 - 2017-11-24 11:48 - 000030738 _____ C:\Windows\unins002.dat
2017-12-21 12:56 - 2017-02-15 12:51 - 000000000 ____D C:\Users\D0NG\AppData\Local\SquirrelTemp
2017-12-15 15:20 - 2017-03-17 10:29 - 000000000 ____D C:\Users\D0NG\Documents\Addictive Drums 2 Logs
2017-12-13 18:24 - 2017-10-24 18:17 - 000000292 _____ C:\Users\D0NG\Documents\hours cushan.txt
2017-12-12 09:52 - 2017-02-15 12:51 - 000002158 _____ C:\Users\D0NG\Desktop\Discord.lnk
2017-12-12 09:51 - 2017-02-15 12:51 - 000000000 ____D C:\Users\D0NG\AppData\Local\Discord
2017-12-10 11:11 - 2017-11-11 10:57 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-10 10:45 - 2017-09-25 17:50 - 000000000 ____D C:\Users\D0NG\AppData\Roaming\EasyAntiCheat
2017-12-10 10:45 - 2015-08-12 08:32 - 000765280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2009-07-14 02:14 - 2009-07-14 02:14 - 000000911 _____ () C:\Users\D0NG\NcjXGoeu.bat
2017-12-27 09:44 - 2009-07-14 02:14 - 000000059 _____ () C:\Program Files (x86)\aoKZEzlAK
2009-07-14 02:14 - 2009-07-14 02:14 - 000000059 _____ () C:\Program Files (x86)\aoKZEzlAK.bat
2017-12-27 09:44 - 2009-07-14 02:14 - 000000969 _____ () C:\Program Files (x86)\jEfeLu
2009-07-14 02:14 - 2009-07-14 02:14 - 000000969 _____ () C:\Program Files (x86)\jEfeLu.bat
2018-01-01 15:18 - 2018-01-01 15:18 - 000007605 _____ () C:\Users\D0NG\AppData\Local\Resmon.ResmonCfg
2017-12-27 09:44 - 2017-12-27 09:44 - 000000001 _____ () C:\Users\D0NG\AppData\Local\WMI.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-30 14:21

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by D0NG (02-01-2018 15:10:05)
Running from C:\Users\D0NG\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-02-11 18:28:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1872268528-1317245567-2547443309-500 - Administrator - Disabled)
D0NG (S-1-5-21-1872268528-1317245567-2547443309-1000 - Administrator - Enabled) => C:\Users\D0NG
Guest (S-1-5-21-1872268528-1317245567-2547443309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1872268528-1317245567-2547443309-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Ableton Live 9 Suite (HKLM-x32\...\{A8D189F5-A5BD-4F59-94C3-BD39662B96F7}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3F48F53E-BC0F-A72E-AC89-EA9C3F8F4701}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Artillery2 (HKLM-x32\...\Artillery2) (Version: 1.0 - Sugar Bytes)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audiority FreeMod version v1.0.1 (HKLM\...\{D3358E20-652B-40B2-9869-CF012E0CC27F}_is1) (Version: v1.0.1 - Audiority)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
bf2battlelog (HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\bf2battlelog) (Version: 0.8.6 - Spencer Sharkey)
Blue Cat's Chorus VST 4.1 (HKLM-x32\...\{16414746-4C9F-45F5-9D0B-1BB2F257710A}) (Version: 4.1 - Blue Cat Audio)
Blue Cat's Chorus VST-x64 4.1 (HKLM\...\{09E5B6D8-D3F4-4174-8610-18BF88851BA2}) (Version: 4.1 - Blue Cat Audio)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cableguys PanCake 2.2.1 (HKLM\...\PanCake_is1) (Version: 2.2.1 - Cableguys)
Camel Audio Camel Phat VST v3.15 (HKLM-x32\...\Camel Audio Camel Phat VST v3.15) (Version:  - )
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
Discord (HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
DMG Audio Plugins Bundle (HKLM\...\Plugins Bundle_is1) (Version: 1.0.5 - DMG Audio)
DMGAudio EQuilibrium 1.04 (HKLM-x32\...\DMGAudio EQuilibrium_is1) (Version:  - DMGAudio)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Killer Bandwidth Control Filter Driver (HKLM\...\{13B41FD4-5139-473B-95E5-15370745BCA6}) (Version: 1.1.56.1343 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{B99CCC98-3E5E-437E-9B57-B83624B76420}) (Version: 1.1.56.1343 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{223A9628-C462-43E5-B941-077CFDA23305}) (Version: 1.1.56.1343 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{BBEC6403-B531-4A86-A93C-BAE057E67ED5}) (Version: 1.1.56.1343 - Rivet Networks)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Live 7.0.3 (HKLM-x32\...\Live 7.0.3) (Version:  - )
Live 8.1.1 (HKLM-x32\...\Live 8.1.1) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mass Effect (HKLM-x32\...\{D5FED686-AF59-454C-91A9-DC357E4AED11}_is1) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MorphVOX Jr (HKLM-x32\...\{b321cb06-b0cf-426e-be88-ced33e3cdf7d}) (Version: 2.9.0.20444 - Screaming Bee)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.9.0.20444 - Screaming Bee) Hidden
Mozilla Firefox 57.0.3 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0.3 (x64 en-GB)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.3.6569 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.4.63358 - Electronic Arts, Inc.)
PCM Effects Resonant Chords (HKLM\...\{898D665D-1196-44E2-8344-42554353E4E1}) (Version: 1.2.5 - Lexicon) Hidden
PCM Effects Resonant Chords 64-bit (HKLM-x32\...\PCM Effects Resonant Chords 64-bit) (Version: 1.2.5 - Lexicon)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Robotronic (HKLM-x32\...\Robotronic) (Version: 1.0 - Sugar Bytes)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Sonic Charge Synplant (HKLM-x32\...\Sonic Charge Synplant) (Version: 1.2.2 - NuEdge Development)
Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version:  - )
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Splice (HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\splice) (Version: 3.1.77973 - Distributed Creation, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
That Thing version 1.2.0 (HKLM\...\{5EBEC24F-94F6-4D5E-A58A-6CDBB15552C6}_is1) (Version: 1.2.0 - BeatSkillz)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Pets (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Pets) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Seasons (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Seasons) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 World Adventures (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 World Adventures) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.35.10.1010 - Electronic Arts Inc.)
Total War - WARHAMMER II version 1.0 (HKLM\...\Total War - WARHAMMER II_is1) (Version: 1.0 - STEAMPUNKS)
Unique (HKLM-x32\...\Unique) (Version: 1.0 - Sugar Bytes)
Unity Web Player (HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-3c530ad1-d39b-48ee-bc2b-93aba34d3bf8) (Version:  - Epic Games, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vogue (HKLM-x32\...\Vogue) (Version: 1.0 - Sugar Bytes)
VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WOW (HKLM-x32\...\WOW) (Version: 1.0 - Sugar Bytes)
XLN Audio Addictive Drums 2 (HKLM\...\Addictive Drums 2_is1) (Version: 2.1.5 - XLN Audio)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070A652C-34C8-4A24-8626-75DE2A795929} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {0D49644E-DB78-43C1-ADFE-A1B681C05C8E} - System32\Tasks\YwapiAL => C:\Users\D0NG\AppData\Roaming\YsIY.exe <==== ATTENTION
Task: {15553B61-B2AA-4CB1-AF36-9AC364AAEE7B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation)
Task: {23B277A8-557C-42A0-B8CC-6A6F2972B5CD} - System32\Tasks\NPYEHnaYQIfm => C:\Program Files (x86)\aoKZEzlAK.bat [2009-07-14] () <==== ATTENTION
Task: {2916A4A7-C92E-4076-A297-49C27C725C1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {2916A4A7-C92E-4076-A297-49C27C725C1B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {342F5140-BD40-424E-ABF0-027AC665E8B7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {342F5140-BD40-424E-ABF0-027AC665E8B7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {3A80919F-9493-4AD8-9474-FFFA402195C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {4B4E6B6C-F7F8-455C-8B60-1F981CCB275F} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" bltopn.com/hohoj <==== ATTENTION
Task: {60B5CFAB-A6C0-40CB-A3E5-93BA680617C2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {B1B63C4A-5AB7-4513-9167-3EFFF3401324} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation)
Task: {B3D4260E-5A46-490F-8B02-0C3106913B52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {C46C3A4F-591C-4D9C-9D4F-8E71F023C6BD} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {CB42912B-F6B4-4DF6-BFB8-4CBF2D7DBB70} - System32\Tasks\LxmOoXTR => C:\Windows\SysWOW64\dyYpEEviSPYw.bat [2009-07-14] () <==== ATTENTION
Task: {CB5158D4-D372-4FE7-BEB7-4582A75050DC} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {CB5158D4-D372-4FE7-BEB7-4582A75050DC} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {CB5158D4-D372-4FE7-BEB7-4582A75050DC} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-04] (Microsoft Corporation)
Task: {DBEEDC64-2F1C-44AF-8048-4611ACF35518} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {E8729BC9-049F-4262-BC30-32661D06F2B5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-10-05] (McAfee, Inc.)
Task: {F89FEE89-E49C-4298-8D9F-E1450C0B4706} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {F8A8C75D-6716-41C5-A3AC-86EAA84FEC8D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic
Shortcut: C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 19:47 - 2013-08-30 19:47 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 000749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-11 19:45 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-28 09:38 - 2017-05-28 09:38 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-11-11 10:57 - 2017-12-10 11:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-01 12:08 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-01-01 12:08 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-01-01 12:08 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-01-01 12:08 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-11 19:45 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-12 09:51 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 09:52 - 2017-12-12 09:52 - 001773560 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-12 09:51 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 09:51 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\D0NG\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-12 09:52 - 2017-12-12 09:52 - 009802232 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 09:52 - 2017-12-12 09:52 - 001505784 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 09:52 - 2017-12-12 09:52 - 000513016 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 09:52 - 2017-12-12 09:52 - 002662904 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 09:52 - 2017-12-12 09:52 - 001517048 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 09:52 - 2017-12-12 09:52 - 002749944 _____ () \\?\C:\Users\D0NG\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-02-11 19:45 - 2017-10-11 02:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:76650B61 [103]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39F3B495-2927-467D-A482-95488088F945}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6E8E8BDA-BCC2-4C09-91F0-96C515332935}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1FA6C2B2-C666-4B9C-A6FA-414552737FFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B3D34EEB-B1C2-4D1B-8889-42FF7BC8EC9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9CC356D5-DE7F-4D92-9934-40FF86AD0145}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3896F165-B1E7-47F2-8D69-780E32769948}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D38CC5BC-95BC-4081-8FD6-1999272324BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{862B4826-0160-406A-BBD3-365275D9D0DF}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{00E2B5C2-C7AE-432A-857F-E5AD87A384AB}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{1045F241-0010-45D8-88DA-D11E973CA06F}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DBA0E59B-C032-4F21-B208-4E45B043DC8B}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{43AD2DDA-C4BA-4DAB-94A9-8B516E325442}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{2089CCFA-3125-45DE-B5B9-6CC604E83A07}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [TCP Query User{2BE7C380-661D-4EA7-B56F-572ABB10EE9D}E:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{DA0ED53D-8177-412F-8E67-B7BDA83269A8}E:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{54769026-F879-422B-8D1B-F493E50225D7}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{6338099A-42CC-4CB8-B6D3-55687290ED7D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{2AAFE826-EDB0-4041-9AA0-3568FAC85E69}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{46FB8035-BF40-4D7D-979D-DF26A3671B8D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{CB030E6C-3B79-4057-BE27-C1439D61884C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{7EE87E2A-E339-4B7B-9D7C-8206E0C082A3}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{3485655B-9947-458E-9689-1F8FF2E07796}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{74D99637-DCA7-498B-B092-323BEEB9C3ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{549DA823-7435-4FD1-8D39-7AE65DA68E12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6243C7C6-6EF0-497D-BAB3-9DB68CEE7940}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{06620E1A-19E4-4C81-ABD8-75F037075F59}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F71FCE48-A6A8-47F1-ACB0-412475194650}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{535F0EFA-189C-4A6A-8BA7-D73D02C1814B}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FE08DEF-39D3-40DA-B10E-62A16C887E86}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E71FE4B5-55BD-4E90-BD1A-8632E0429827}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B754322-4DDB-478A-85D0-6450A3EF9875}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93F6DD02-34CF-423A-9961-2909013B6509}] => (Allow) C:\Users\D0NG\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{55D0E851-B106-49AC-9B2A-7F9163438017}E:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{BD3297F7-9D87-43F7-9E92-216AF91A4945}E:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{27DFAC3A-A6E8-4085-A694-EDA4B3DC50E2}E:\soulseekqt\soulseekqt.exe] => (Allow) E:\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{F701EAF8-4412-4DB2-927D-C933A96864FA}E:\soulseekqt\soulseekqt.exe] => (Allow) E:\soulseekqt\soulseekqt.exe
FirewallRules: [{906D5B8B-A2AE-464D-8E7C-1D4EBB0086A3}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{E4C7A5B8-0A45-4F9E-A198-DCEE83C1636C}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [TCP Query User{5FC88C44-91B2-4095-B248-B3F1B07C44BC}E:\steam\steamapps\common\day of defeat source\hl2.exe] => (Allow) E:\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [UDP Query User{E27920B6-A37D-4BD7-955A-BBE6A25BB500}E:\steam\steamapps\common\day of defeat source\hl2.exe] => (Allow) E:\steam\steamapps\common\day of defeat source\hl2.exe
FirewallRules: [TCP Query User{C17A9064-2AF7-4C91-B81D-60FAFCB749E9}E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{C9AAA058-3A89-43AE-9CDF-896FAC78A9C5}E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8D39F147-038A-4577-BC9A-9B5907050BEE}] => (Allow) E:\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{E6CFE7C4-52C8-4566-A273-8B980D2EF7E8}] => (Allow) E:\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{86614510-784C-4F24-9CCF-91E3BB8DEAB7}] => (Allow) E:\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{C094A6FE-5697-4850-BBEA-87E44A4B184A}] => (Allow) E:\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{08747D8B-2403-4924-A118-8D77668E5B51}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ABF3C930-A588-49F5-9EC8-6B267BCFE401}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2C40F67F-16BB-489B-AC1E-8B6C036A53BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{812D1C24-8CD5-403F-B2D7-54A19EEB2024}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{82D662D5-23E0-4BB3-BA09-2FF4A9EF566D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{67B9A823-99BB-4414-8663-0CF09FC745EE}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B0C72C5B-C607-493D-A2DE-EF7442E2DE73}] => (Allow) E:\ori\Battlefield 4\BFLauncher.exe
FirewallRules: [{C59323A7-2514-453F-BF9F-E633EE043198}] => (Allow) E:\ori\Battlefield 4\BFLauncher.exe
FirewallRules: [{847AFF8F-4C1C-4195-9690-4E2BFF26DD9B}] => (Allow) E:\ori\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{544E15E9-D1BD-42AF-8DA1-0CC742E666B8}] => (Allow) E:\ori\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [TCP Query User{83E85742-F619-42E0-A496-21BA1E1DB587}E:\ori\battlefield 4\bf4.exe] => (Allow) E:\ori\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{448BCB93-3F3A-4D2B-9A8B-D2A7F8D1144F}E:\ori\battlefield 4\bf4.exe] => (Allow) E:\ori\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{13D69616-9B30-40B6-849A-5D0386F27A9A}E:\bf2\battlefield 2142\bf2142.exe] => (Allow) E:\bf2\battlefield 2142\bf2142.exe
FirewallRules: [UDP Query User{C2150FCF-6BE7-457C-9697-4096047939F7}E:\bf2\battlefield 2142\bf2142.exe] => (Allow) E:\bf2\battlefield 2142\bf2142.exe
FirewallRules: [TCP Query User{BED13979-9216-4E62-8D6D-FBE1C8CEF3CE}E:\bf2\battlefield 2\bf2.exe] => (Allow) E:\bf2\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{E752CA71-441A-45AB-B26E-FA473E2D4090}E:\bf2\battlefield 2\bf2.exe] => (Allow) E:\bf2\battlefield 2\bf2.exe
FirewallRules: [{0EB419E0-6F39-4BAF-883C-DE34DE6AAACE}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{D97DBC24-D031-4C92-8142-6DB9EB021211}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [TCP Query User{C8E7FD6F-7892-4806-B01D-F80C91E42359}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [UDP Query User{C01478E9-ACC4-4B0E-BDAD-630FA8355705}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [{1D09F9F3-1229-4F6D-8738-055E353573E4}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{5CB1F70C-486D-4389-AFEC-3862A1C4B282}] => (Allow) E:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [TCP Query User{7DD15E79-E04F-45E2-94B0-188B2D8EC3DA}E:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Allow) E:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [UDP Query User{117F140D-D191-4282-B0C4-CF5527A487E1}E:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe] => (Allow) E:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe
FirewallRules: [{0C6026F9-A413-4870-A469-8975BC26DAE2}] => (Allow) E:\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{E07D1543-9616-43A7-85E7-2887FE20ACCD}] => (Allow) E:\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{7856C29D-F5CD-4552-877A-9BB5C08DD3C8}] => (Allow) E:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{AB3653F1-8A31-4CBF-A60F-B0E0B70427CC}] => (Allow) E:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{39234C99-D592-4DF6-9A0C-26D300045B81}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3D8B8803-E8AD-4EF7-945B-01079EBC4DBD}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{0C6CFECA-5845-4917-83EF-80827736E875}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{FB0F1BAD-9E38-4970-A0E6-EBCB4623ADA4}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{DC3BE2DA-7B5A-47F3-B13B-9A3C1DEEF7E0}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{720DDD79-4B18-4C3A-AAA5-1E86EA7FCFE8}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{B4F5B7CB-54D5-4202-AC80-756FE40C30E6}] => (Allow) E:\ori\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{389DFA96-33F5-4F8F-9D44-569B0FDE9294}] => (Allow) E:\ori\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{FEAC4167-4706-4F79-A16B-F5E00548554A}] => (Allow) E:\ori\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{F812DE39-107C-4033-B713-DA6E0389A9AF}] => (Allow) E:\ori\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{2C477CDD-2DA2-481C-9128-52AE9645D1CA}] => (Allow) E:\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{02230AFD-13B3-4720-B502-956A2E562F53}] => (Allow) E:\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{6A60CD0B-9835-40DA-969A-EF1623C59994}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{4AB3A9A4-9A74-444D-AD47-1A375ECCE59E}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{B65FDAD0-FF98-447F-9C3F-2145A6A81F46}C:\program files (x86)\anno 1701\anno1701.exe] => (Allow) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{3B39C0AD-B1CC-4209-AF57-9E4DA8CFFF31}C:\program files (x86)\anno 1701\anno1701.exe] => (Allow) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [{D865F236-78D4-4FD0-ACAC-3237395FD989}] => (Block) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [{6781134A-B147-4EE1-A138-2442D3FE07E0}] => (Block) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [{6C82F2A6-4495-4AF8-8020-0D2D07E3EE92}] => (Allow) E:\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe
FirewallRules: [{FB11F832-39F9-4FE2-B786-D63C3ABBAEAA}] => (Allow) E:\Steam\steamapps\common\Sins of a Solar Empire Rebellion\StardockLauncher.exe
FirewallRules: [TCP Query User{C01FAB13-8F56-4CA1-A864-1E8C51ED7AEE}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [UDP Query User{AA4EA6DC-9158-4AB0-9315-7A7FAAD3988A}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [TCP Query User{BBE75E42-D0DB-4428-98C2-49FD3EC33D6C}E:\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [UDP Query User{0EF608FB-9676-47B0-BB4E-B6418076FA88}E:\starcraft ii\versions\base60321\sc2_x64.exe] => (Allow) E:\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [{1F5EA73A-503C-4FE9-BD37-04ABDAC7C9D8}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{578B7657-5011-4131-B58C-FA262CC20438}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{1868B04B-22AE-4669-A25D-2138BF660403}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{865F61E3-E072-4AC4-8BD9-C129903F0611}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{F34C9959-86CA-446C-A19F-A1E2ABC2C533}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{D36EF349-EF71-4AE2-B9A3-05DFD6D881E3}] => (Allow) E:\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{AA6C2FA6-5115-47FA-87F3-69CE00D52703}] => (Allow) C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [TCP Query User{3DEEAD73-34C3-4AFC-858C-E7D41E19D1E1}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{249BEE9F-3268-4592-88FE-A16D76214F11}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [{E6B68335-1369-4067-8C31-B8638277E040}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{861A6E15-0C5E-4C0D-B94E-5649BF6472DB}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{E4024841-88BD-495C-8473-6056DC3448CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A46A86E-E9F2-4653-82F0-40500FC32FAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{22895F96-574E-46E4-AF9B-164B37FD0387}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{058B3C0C-45A3-43C6-B792-37E71798D8F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F98DC000-CF41-42BC-94F1-2A22B9EBB5A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BAD461D3-4869-449D-AA0F-D82B0EA73FDF}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{6D56631D-DD30-4477-8D74-66365D00DCA4}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{0C984B3B-980D-4B36-B0C7-B642A2898192}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{4AE447E9-C1EE-45B2-B771-3F7EC383ADDF}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
FirewallRules: [{B532B842-AA97-481B-A47C-34BCDE146BB3}] => (Allow) C:\Users\D0NG\AppData\Local\ReinstallBackups\msiexec64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

02-01-2018 11:50:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2018 02:23:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2018 10:36:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2018 10:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2018 10:19:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 04:02:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 03:53:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 03:52:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 03:40:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 03:38:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2018 11:53:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aLorpyyK.exe, version: 7.5.7601.17514, time stamp: 0x4ce791e9
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x0000b515
Faulting process id: 0x1e00
Faulting application start time: 0x01d382ee7e2ce23f
Faulting application path: C:\Windows\aLorpyyK.exe
Faulting module path: C:\Windows\syswow64\msvcrt.dll
Report Id: fab1a69c-eee1-11e7-a1d2-1c1b0d9175c8


System errors:
=============
Error: (01/02/2018 02:23:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8018245b10, 0xfffffa8018245df0, 0xfffff80002f78e70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010218-22776-01.

Error: (01/02/2018 02:23:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/02/2018 02:23:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 02:23:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/02/2018 02:23:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 02:23:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/02/2018 02:23:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:21:24 on ‎02/‎01/‎2018 was unexpected.

Error: (01/02/2018 10:36:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/02/2018 10:36:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/02/2018 10:36:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
  Date: 2018-01-02 14:23:06.930
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 14:23:06.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 14:23:06.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 14:23:06.820
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:36:17.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:36:17.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:36:17.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:36:17.147
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:26:08.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 10:26:08.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 16%
Total physical RAM: 24539.02 MB
Available physical RAM: 20575.34 MB
Total Virtual: 49076.25 MB
Available Virtual: 44277.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:23.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:384.27 GB) (Free:81.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:447.13 GB) (Free:29.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:453.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 97774BBD)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 33D18819)
Partition 1: (Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 502EF12A)
Partition 1: (Active) - (Size=384.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: C7E9DC08)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 January 2018 - 03:51 PM

Hi opchops :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few to review your logs and get back at you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 January 2018 - 04:50 PM

Thank you for waiting. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 opchops

opchops
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 January 2018 - 04:11 AM

Hey Yoan, thanks for the reply and the fixlist. Will try it now.



#5 opchops

opchops
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 January 2018 - 04:15 AM

Ok here is the fixlog.

 

The CMD thing usually takes a little while to start up and the same with the pop ups so its just a waiting game for them right now.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by D0NG (03-01-2018 10:11:55) Run:1
Running from C:\Users\D0NG\Desktop
Loaded Profiles: D0NG (Available Profiles: D0NG)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [MailRuUpdater] => C:\Users\D0NG\AppData\Local\Mail.Ru\MailRuUpdater.exe
HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\...\Run: [amigo] => C:\Users\D0NG\AppData\Local\Amigo\Application\amigo.exe --no-startup-window <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

S3 Origin Client Service; "C:\Windows.old.000\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "C:\Windows.old.000\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]

Task: {0D49644E-DB78-43C1-ADFE-A1B681C05C8E} - System32\Tasks\YwapiAL => C:\Users\D0NG\AppData\Roaming\YsIY.exe <==== ATTENTION
Task: {23B277A8-557C-42A0-B8CC-6A6F2972B5CD} - System32\Tasks\NPYEHnaYQIfm => C:\Program Files (x86)\aoKZEzlAK.bat [2009-07-14] () <==== ATTENTION
Task: {4B4E6B6C-F7F8-455C-8B60-1F981CCB275F} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" bltopn.com/hohoj <==== ATTENTION
Task: {CB42912B-F6B4-4DF6-BFB8-4CBF2D7DBB70} - System32\Tasks\LxmOoXTR => C:\Windows\SysWOW64\dyYpEEviSPYw.bat [2009-07-14] () <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:76650B61 [103]

C:\Program Files (x86)\aoKZEzlAK
C:\Program Files (x86)\jEfeLu
C:\Program Files (x86)\aoKZEzlAK.bat
C:\Program Files (x86)\jEfeLu.bat
C:\ProgramData\Mail.Ru
C:\Users\D0NG\NcjXGoeu
C:\Users\D0NG\AppData\Local\Amigo
C:\Users\D0NG\AppData\Local\Mail.Ru
C:\Users\D0NG\AppData\Local\WMI.ini
C:\Users\D0NG\AppData\Roaming\YsIY.exe
C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk
C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk
C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk
C:\Windows\aLorpyyK.exe
C:\Windows\SysWOW64\dyYpEEviSPYw
C:\Windows\SysWOW64\dyYpEEviSPYw.bat

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MailRuUpdater" => removed successfully
"HKU\S-1-5-21-1872268528-1317245567-2547443309-1000\Software\Microsoft\Windows\CurrentVersion\Run\\amigo" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Services\Origin Client Service" => removed successfully
Origin Client Service => service removed successfully
"HKLM\System\CurrentControlSet\Services\Origin Web Helper Service" => removed successfully
Origin Web Helper Service => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D49644E-DB78-43C1-ADFE-A1B681C05C8E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D49644E-DB78-43C1-ADFE-A1B681C05C8E}" => removed successfully
C:\Windows\System32\Tasks\YwapiAL => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YwapiAL" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23B277A8-557C-42A0-B8CC-6A6F2972B5CD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23B277A8-557C-42A0-B8CC-6A6F2972B5CD}" => removed successfully
C:\Windows\System32\Tasks\NPYEHnaYQIfm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NPYEHnaYQIfm" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B4E6B6C-F7F8-455C-8B60-1F981CCB275F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4E6B6C-F7F8-455C-8B60-1F981CCB275F}" => removed successfully
C:\Windows\System32\Tasks\bltopncomhohoj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bltopncomhohoj" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB42912B-F6B4-4DF6-BFB8-4CBF2D7DBB70}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB42912B-F6B4-4DF6-BFB8-4CBF2D7DBB70}" => removed successfully
C:\Windows\System32\Tasks\LxmOoXTR => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LxmOoXTR" => removed successfully
C:\ProgramData\TEMP => ":76650B61" ADS removed successfully
C:\Program Files (x86)\aoKZEzlAK => moved successfully
C:\Program Files (x86)\jEfeLu => moved successfully
C:\Program Files (x86)\aoKZEzlAK.bat => moved successfully
C:\Program Files (x86)\jEfeLu.bat => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
C:\Users\D0NG\NcjXGoeu => moved successfully
C:\Users\D0NG\AppData\Local\Amigo => moved successfully
"C:\Users\D0NG\AppData\Local\Mail.Ru" => not found
C:\Users\D0NG\AppData\Local\WMI.ini => moved successfully
"C:\Users\D0NG\AppData\Roaming\YsIY.exe" => not found
C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk => moved successfully
C:\Users\D0NG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk => moved successfully
C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk => moved successfully
C:\Users\D0NG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk => moved successfully
C:\Windows\aLorpyyK.exe => moved successfully
C:\Windows\SysWOW64\dyYpEEviSPYw => moved successfully
C:\Windows\SysWOW64\dyYpEEviSPYw.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22126520 B
Java, Flash, Steam htmlcache => 21925674 B
Windows/system/drivers => 95185 B
Edge => 0 B
Chrome => 0 B
Firefox => 398865331 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 16200 B
D0NG => 247994676 B

RecycleBin => 1890 B
EmptyTemp: => 667.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:12:10 ====



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 03 January 2018 - 08:16 AM

Awesome :) Can you do me a favor? Zip the C:\FRST\Quarantine folder, upload it to SendSpace.com and PM me the download link.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 opchops

opchops
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 January 2018 - 10:57 AM

Hey Yoan, Computer seems back to normal, had no pop ups or CMD and machine is running fine.

Thanks alot for the help. I am PMing you now the zip.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 03 January 2018 - 12:55 PM

Awesome! Were there any other issues to address, or that was it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 06 January 2018 - 09:55 AM

Hi opchops,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 opchops

opchops
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 07 January 2018 - 11:16 AM

Thats it, thankyou again for the help!



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 08 January 2018 - 01:03 PM

No problem opchops, you're welcome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 11 January 2018 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users