Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Toxiceggplant

Toxiceggplant

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 31 January 2018 - 06:14 PM

i have deleted all illegal files from my computer but here is the log

there's weird accounts on my computer? and before resorting to this forum i used rouge killer

 

computer will not boot into safe mode nor will it reset. it also not will run any anti virus and has shut down my window defenders anti virus, whenever i try to turn it back on it brings me back to the C:/ drive

files cannot be manually changed due to some ownership over the files which my computer is unable to name.

has hidden files such as $WINDOWS.~BT and a hidden program data, this computer has not successfully updated since the windows 10 anniversary update and was unable to install fall creators update no issues booting up. cpu usage sometimes hit 100%

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by newuser (31-01-2018 14:58:19)
Running from C:\Users\Nata-Chan\Desktop
Windows 10 Home Version 1703 15063.786 (X64) (2017-06-13 05:56:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714342073-133361438-2604373368-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3714342073-133361438-2604373368-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3714342073-133361438-2604373368-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3714342073-133361438-2604373368-501 - Limited - Disabled)
Nata-Chan (S-1-5-21-3714342073-133361438-2604373368-1001 - Limited - Enabled) => C:\Users\Nata-Chan
newuser (S-1-5-21-3714342073-133361438-2604373368-1002 - Administrator - Enabled) => C:\Users\newuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life)
BitTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
join.me (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\JoinMe) (Version: 3.2.1.4893 - LogMeIn, Inc.)
Metasequoia 4 (HKLM-x32\...\{DDF95860-617A-48D8-9BA9-0B96CC59258C}) (Version: 4.2.5 - tetraface Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-500\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MtoA for Maya 2017 (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
Web Launch Recorder (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\WebLaunchRecorder) (Version: 2.0 - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2BFA55FD-68C3-442F-87E5-436DD488954D} - System32\Tasks\{6104209F-1DD6-D7AD-473A-3924BC2647DE} => C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de\Updane.exe [2013-04-22] ()
Task: {5DCDEE27-8477-430B-B70A-E7214463870B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {934EF856-B632-4B54-BADF-D517FD4D927D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001Core => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)
Task: {B254A0D9-8322-4E90-ADAE-CCB1695A80DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001UA => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-22 12:46 - 2017-04-05 11:21 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3714342073-133361438-2604373368-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3714342073-133361438-2604373368-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF891D84-665D-44FC-880A-939ACB9E99CE}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5B580794-AE3D-422E-8FB9-616703DAE07D}] => (Allow) C:\Users\Nata-Chan\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{0C39EA60-9232-4559-A2A7-C9D017FEB1B6}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C6FAA08-D61E-4E80-896B-25EAA9EB21DE}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{939EF078-7E96-45A6-9D24-D97DE547CEF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B4754A-16D8-45B1-8B27-DC5E99B32F7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A64870DF-18E4-450C-B2D6-29250DE84AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{83404279-279B-429D-A327-377C0600C26C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5DA3C9A1-FB4E-43C5-9E1E-95843979CC24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E816ABA-021C-4F15-904C-A7EFE48D8C9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51C23B20-6819-436E-9811-E76E3BF27010}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED0FF3F-38E8-44C5-8BF3-6942EB16321E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{36F62D5A-B221-4436-A3CA-DFE066838CDF}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A4D0C9B-B2CD-4872-9868-C076513FF187}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{741A2464-989E-4234-967C-569AC78F67B3}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CD18B51E-841C-4ED1-9B54-69B32E4CB69F}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

22-12-2017 16:19:27 Windows Update
09-01-2018 15:56:46 Windows Update
19-01-2018 14:18:25 Windows Update
30-01-2018 16:47:00 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 02:49:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (01/31/2018 02:48:58 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (01/31/2018 02:41:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:15:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:15:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:14:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:14:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (01/31/2018 02:48:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.261.566.0).

Error: (01/31/2018 02:48:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/31/2018 02:37:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:24:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/31/2018 01:21:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:21:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:21:34 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2018 01:21:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The requested resource is in use.


CodeIntegrity:
===================================
  Date: 2018-01-30 08:54:13.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:07.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:52:51.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 8073.7 MB
Available physical RAM: 3827.88 MB
Total Virtual: 9353.7 MB
Available Virtual: 5529.35 MB

==================== Drives ================================

Drive c: (Life) (Fixed) (Total:915.84 GB) (Free:758.27 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================


Edited by Toxiceggplant, 31 January 2018 - 06:15 PM.


BC AdBot (Login to Remove)

 


#2 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 31 January 2018 - 07:49 PM

here is the additional scan

if i forgot to remove anymore programs please tell me and i will quickly do so .

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by newuser (31-01-2018 14:58:19)
Running from C:\Users\Nata-Chan\Desktop
Windows 10 Home Version 1703 15063.786 (X64) (2017-06-13 05:56:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714342073-133361438-2604373368-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3714342073-133361438-2604373368-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3714342073-133361438-2604373368-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3714342073-133361438-2604373368-501 - Limited - Disabled)
Nata-Chan (S-1-5-21-3714342073-133361438-2604373368-1001 - Limited - Enabled) => C:\Users\Nata-Chan
newuser (S-1-5-21-3714342073-133361438-2604373368-1002 - Administrator - Enabled) => C:\Users\newuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life)
BitTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
join.me (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\JoinMe) (Version: 3.2.1.4893 - LogMeIn, Inc.)
Metasequoia 4 (HKLM-x32\...\{DDF95860-617A-48D8-9BA9-0B96CC59258C}) (Version: 4.2.5 - tetraface Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-500\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MtoA for Maya 2017 (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
Web Launch Recorder (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\WebLaunchRecorder) (Version: 2.0 - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2BFA55FD-68C3-442F-87E5-436DD488954D} - System32\Tasks\{6104209F-1DD6-D7AD-473A-3924BC2647DE} => C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de\Updane.exe [2013-04-22] ()
Task: {5DCDEE27-8477-430B-B70A-E7214463870B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {934EF856-B632-4B54-BADF-D517FD4D927D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001Core => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)
Task: {B254A0D9-8322-4E90-ADAE-CCB1695A80DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001UA => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-22 12:46 - 2017-04-05 11:21 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3714342073-133361438-2604373368-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3714342073-133361438-2604373368-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF891D84-665D-44FC-880A-939ACB9E99CE}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5B580794-AE3D-422E-8FB9-616703DAE07D}] => (Allow) C:\Users\Nata-Chan\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{0C39EA60-9232-4559-A2A7-C9D017FEB1B6}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C6FAA08-D61E-4E80-896B-25EAA9EB21DE}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{939EF078-7E96-45A6-9D24-D97DE547CEF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B4754A-16D8-45B1-8B27-DC5E99B32F7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A64870DF-18E4-450C-B2D6-29250DE84AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{83404279-279B-429D-A327-377C0600C26C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5DA3C9A1-FB4E-43C5-9E1E-95843979CC24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E816ABA-021C-4F15-904C-A7EFE48D8C9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51C23B20-6819-436E-9811-E76E3BF27010}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED0FF3F-38E8-44C5-8BF3-6942EB16321E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{36F62D5A-B221-4436-A3CA-DFE066838CDF}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A4D0C9B-B2CD-4872-9868-C076513FF187}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{741A2464-989E-4234-967C-569AC78F67B3}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CD18B51E-841C-4ED1-9B54-69B32E4CB69F}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

22-12-2017 16:19:27 Windows Update
09-01-2018 15:56:46 Windows Update
19-01-2018 14:18:25 Windows Update
30-01-2018 16:47:00 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 02:49:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (01/31/2018 02:48:58 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (01/31/2018 02:41:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:56 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:41:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:15:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:15:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:14:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/31/2018 02:14:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (01/31/2018 02:48:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.261.566.0).

Error: (01/31/2018 02:48:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/31/2018 02:37:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:24:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/31/2018 01:21:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:21:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:21:34 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2018 01:21:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The requested resource is in use.


CodeIntegrity:
===================================
  Date: 2018-01-30 08:54:13.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:07.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:52:51.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 8073.7 MB
Available physical RAM: 3827.88 MB
Total Virtual: 9353.7 MB
Available Virtual: 5529.35 MB

==================== Drives ================================

Drive c: (Life) (Fixed) (Total:915.84 GB) (Free:758.27 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 03 February 2018 - 08:55 PM

Greetings Toxiceggplant and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Please run a new FRST scan and copy/paste FRST.txt and Addition.txt in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 05 February 2018 - 06:02 PM

I am still here i will run the scans later on tonight.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 05 February 2018 - 06:04 PM

Great, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 05 February 2018 - 06:35 PM

  • CKScanner report

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\fx\nparticles_examples\crackegg.ma
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\fx\nparticles_examples\.mayaswatches\crackegg.ma.swatch
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\modeling\sculpting_stamps\.mayaswatches\rgb_crackedfun1.tif.swatch
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\modeling\sculpting_stamps\.mayaswatches\rgb_mudcracks.tif.swatch
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\paint_effects\fun\cracks.mel
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\examples\paint_effects\fun\cracks.mel.icon
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\plug-ins\xgen\presets\expressions\samples\color\procedural\patterns\cracks_brokenglass.se
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\scripts\others\crackshatter.mel
c:\autodesk\wi\autodesk maya 2017\x64\maya\autodesk\maya2017\scripts\others\crackshatter.res.mel
c:\program files\autodesk\maya2017\examples\fx\nparticles_examples\crackegg.ma
c:\program files\autodesk\maya2017\examples\fx\nparticles_examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2017\examples\modeling\sculpting_stamps\.mayaswatches\rgb_crackedfun1.tif.swatch
c:\program files\autodesk\maya2017\examples\modeling\sculpting_stamps\.mayaswatches\rgb_mudcracks.tif.swatch
c:\program files\autodesk\maya2017\examples\paint_effects\fun\cracks.mel
c:\program files\autodesk\maya2017\examples\paint_effects\fun\cracks.mel.icon
c:\program files\autodesk\maya2017\plug-ins\xgen\presets\expressions\samples\color\procedural\patterns\cracks_brokenglass.se
c:\program files\autodesk\maya2017\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2017\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2017\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2017\scripts\others\crackshatter.res.mel
c:\program files\blender foundation\blender\2.79\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\crack_it.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\operator.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\__init__.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\materials\materials1.blend
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\claps\ma firecracker clap.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\hi hats\ma firecracker chat.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\kicks\ma firecracker kick.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\snares\ma firecracker snare.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\toxic biohazard\presets\basses\crack.tbio
scanner sequence 3.ZZ.11.QQNARZ
 ----- EOF -----
 


Edited by Toxiceggplant, 05 February 2018 - 07:00 PM.


#7 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 05 February 2018 - 06:46 PM

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [svcvmx] => C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [927744 2017-10-27] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\newuser\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Google Update] => C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-14] (Google Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nata-Chan\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Chromium] => c:\users\nata-chan\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Discord] => C:\Users\Nata-Chan\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-23] (Disc Soft Ltd)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\RunOnce: [Uninstall 17.3.6998.0830\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nata-Chan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64"
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\RunOnce: [Uninstall 17.3.6998.0830] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nata-Chan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830"
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MountPoints2: {7b1b5cb5-4ee8-11e7-bfaa-3010b3cf245e} - "E:\Startup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2f559849-fe8f-4fcb-83eb-bd180b2cacec}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-10-14] (Sun Microsystems, Inc.)

FireFox:
========
FF DefaultProfile: fj0k49ie.default
FF ProfilePath: C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Profiles\fj0k49ie.default [2018-02-05]
FF Extension: (Adblocker X) - C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Profiles\fj0k49ie.default\Extensions\@adblock57.xpi [2018-01-30]
FF Extension: (Firefox Search Test) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\firefoxsearchtest@mozilla.com.xpi [2017-06-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-10-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\newuser\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3714342073-133361438-2604373368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3714342073-133361438-2604373368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

S2 Dataup; C:\Users\Nata-Chan\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-23] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-09] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-12-25] (Intel Corporation)
S3 KinectRuntimeInstallService; C:\WINDOWS\System32\drivers\KinectV2\K4WRuntimeInstallService.exe [18416 2014-10-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1547871E; C:\WINDOWS\system32\drivers\1547871E.sys [255928 2018-01-30] (Malwarebytes)
S3 6246922F; C:\WINDOWS\system32\drivers\6246922F.sys [255928 2018-01-30] (Malwarebytes)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-13] (Disc Soft Ltd)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [173384 2014-04-07] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
S3 KinectSensor; C:\WINDOWS\System32\drivers\KinectSensor.sys [95920 2014-10-19] ()
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [57648 2015-12-08] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-31] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-05 15:39 - 2018-02-05 15:39 - 000004074 _____ C:\Users\newuser\Desktop\ckfiles.txt
2018-02-05 15:33 - 2018-02-05 15:33 - 000468480 _____ () C:\Users\newuser\Desktop\CKScanner.exe
2018-02-05 15:30 - 2018-02-05 15:31 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\CrashDumps
2018-01-31 15:02 - 2018-01-31 15:02 - 000000068 _____ C:\Users\Nata-Chan\AppData\Local\2k5n8qbwh2
2018-01-31 14:58 - 2018-01-31 14:58 - 000024456 _____ C:\Users\Nata-Chan\Desktop\Addition.txt
2018-01-31 14:56 - 2018-01-31 14:58 - 000033040 _____ C:\Users\Nata-Chan\Desktop\FRST.txt
2018-01-31 14:53 - 2018-01-31 14:53 - 002393088 _____ (Farbar) C:\Users\Nata-Chan\Desktop\FRST64.exe
2018-01-31 14:41 - 2018-01-31 14:41 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Nata-Chan\Desktop\mbar-1.09.3.1001.exe
2018-01-31 14:38 - 2018-01-31 14:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Nata-Chan\Downloads\mbar-1.10.3.1001.exe
2018-01-31 14:16 - 2018-01-31 14:16 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-31 13:52 - 2018-01-31 13:52 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-31 12:17 - 2018-01-31 12:17 - 000748192 _____ (TechGuy, Inc.) C:\Users\newuser\Desktop\SysInfo.exe
2018-01-30 20:29 - 2018-01-30 20:29 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2018-01-30 20:09 - 2018-01-30 20:09 - 000000000 __RHD C:\Users\newuser\Desktop\S-1-5-21-3714342073-133361438-2604373368-1002
2018-01-30 17:52 - 2018-01-30 17:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1547871E.sys
2018-01-30 15:37 - 2018-02-05 15:43 - 000014590 _____ C:\Users\newuser\Desktop\FRST.txt
2018-01-30 15:37 - 2018-01-31 13:25 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-30 15:36 - 2018-01-31 14:50 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-30 15:36 - 2018-01-30 15:36 - 000000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-30 15:34 - 2018-02-05 15:41 - 000000000 ____D C:\FRST
2018-01-30 15:31 - 2017-12-31 17:35 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-30 15:30 - 2017-12-31 17:41 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-30 15:30 - 2017-12-31 17:40 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-30 15:30 - 2017-12-31 17:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-01-30 15:30 - 2017-12-31 17:39 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-30 15:30 - 2017-12-31 17:38 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-01-30 15:30 - 2017-12-31 17:30 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-30 15:27 - 2018-01-30 15:27 - 036430896 _____ (Adlice Software ) C:\Users\newuser\Desktop\setup.exe
2018-01-30 15:26 - 2018-01-30 15:26 - 002393088 _____ (Farbar) C:\Users\newuser\Desktop\FRST64.exe
2018-01-30 09:32 - 2018-01-30 13:09 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6246922F.sys
2018-01-30 09:32 - 2018-01-30 09:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 09:31 - 2018-01-30 19:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-30 09:31 - 2018-01-30 17:52 - 000000000 ____D C:\Users\newuser\Desktop\mbar
2018-01-30 09:29 - 2018-01-30 09:29 - 005766464 _____ (Zemana Ltd. ) C:\Users\newuser\Desktop\iexplorer.exe
2018-01-30 09:24 - 2017-07-25 12:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\newuser\Desktop\rEKT.exe
2018-01-30 09:22 - 2018-01-30 09:23 - 000841239 _____ C:\Users\newuser\Desktop\GET REKT.zip
2018-01-30 09:20 - 2018-01-30 09:20 - 014161479 _____ C:\Users\newuser\Desktop\mbar-1.10.3.1001-nr.exe
2018-01-30 09:04 - 2018-01-30 09:04 - 001235408 _____ (GridinSoft LLC) C:\Users\newuser\Downloads\setup-antimalware.exe
2018-01-19 17:38 - 2018-01-30 17:01 - 000000000 ____D C:\Program Files\rempl
2018-01-09 21:04 - 2018-01-09 21:04 - 000518964 _____ C:\Users\newuser\Documents\worked.blend
2018-01-09 20:55 - 2018-01-09 20:55 - 000519132 _____ C:\Users\newuser\Documents\worked h ARD .blend
2018-01-09 14:56 - 2018-01-09 14:56 - 001106840 _____ (Unity Technologies ApS) C:\Users\newuser\Downloads\UnityWebPlayer64(1).exe
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\Unity
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Unity
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Deployment
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Apps\2.0
2018-01-09 09:58 - 2018-01-09 09:58 - 000000000 ____D C:\Program Files\Unity
2018-01-09 09:57 - 2018-01-09 09:57 - 001106840 _____ (Unity Technologies ApS) C:\Users\newuser\Downloads\UnityWebPlayer64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-05 15:41 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-05 15:37 - 2017-10-13 20:34 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\Mozilla
2018-02-05 15:31 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2018-02-05 15:29 - 2017-10-13 20:08 - 000000000 ____D C:\Users\newuser
2018-02-05 15:28 - 2017-10-13 20:08 - 000000000 __SHD C:\Users\newuser\IntelGraphicsProfiles
2018-02-05 15:28 - 2017-05-16 16:34 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\Akamai
2018-02-05 15:27 - 2017-06-12 21:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-31 15:07 - 2017-06-04 08:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-31 15:02 - 2017-06-30 07:27 - 000000000 ____D C:\Users\Nata-Chan\AppData\LocalLow\Mozilla
2018-01-31 15:02 - 2017-05-31 00:02 - 000000439 _____ C:\Users\Nata-Chan\AppData\Roaming\WB.CFG
2018-01-31 15:02 - 2017-05-25 16:02 - 000000000 ____D C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de
2018-01-31 14:48 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-31 14:42 - 2017-07-27 06:58 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-1001
2018-01-31 14:41 - 2017-05-14 09:45 - 000002379 _____ C:\Users\Nata-Chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 14:41 - 2017-05-14 09:45 - 000000000 ___RD C:\Users\Nata-Chan\OneDrive
2018-01-31 14:37 - 2017-05-17 12:24 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-31 14:36 - 2017-06-30 07:27 - 000000000 ____D C:\Users\Nata-Chan\AppData\Roaming\Mozilla
2018-01-31 13:53 - 2017-05-14 09:41 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\Packages
2018-01-31 13:52 - 2017-05-14 09:41 - 000000000 __SHD C:\Users\Nata-Chan\IntelGraphicsProfiles
2018-01-31 13:28 - 2017-06-12 21:48 - 001222934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-31 13:21 - 2017-10-05 12:49 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-01-31 13:21 - 2017-06-12 21:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-31 13:20 - 2017-10-05 12:48 - 000000000 ____D C:\Users\Administrator
2018-01-31 13:20 - 2017-03-18 03:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-01-30 20:16 - 2017-12-22 15:18 - 000002391 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 20:16 - 2017-10-05 14:24 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-500
2018-01-30 20:16 - 2017-10-05 12:52 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-30 19:14 - 2017-10-15 07:42 - 000000000 ____D C:\Users\newuser\AppData\Local\ntuserlitelist
2018-01-30 18:37 - 2017-05-14 00:57 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-30 17:44 - 2017-05-23 15:49 - 000000000 ____D C:\ProgramData\Apple
2018-01-30 17:14 - 2017-05-25 16:01 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-30 17:12 - 2017-10-15 13:44 - 000000000 ____D C:\Users\newuser\AppData\Roaming\uTorrent
2018-01-30 17:12 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-30 17:06 - 2017-05-14 12:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-30 17:02 - 2017-10-14 23:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-30 17:02 - 2017-05-14 12:15 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-30 17:01 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-30 16:57 - 2017-10-15 13:45 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\uTorrent
2018-01-30 16:53 - 2017-10-05 13:54 - 000000000 ____D C:\Program Files\ntuserlitelist
2018-01-30 15:24 - 2017-05-14 11:45 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-30 15:10 - 2017-06-02 21:11 - 000000571 _____ C:\ServiceLog.txt
2018-01-30 15:05 - 2017-06-30 07:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-30 15:05 - 2017-06-30 07:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-30 15:05 - 2017-06-12 21:22 - 000216952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-30 15:04 - 2017-10-15 13:41 - 000000000 ____D C:\Users\newuser\AppData\Roaming\BitTorrent
2018-01-30 10:07 - 2017-06-12 22:16 - 000000000 ____D C:\Windows.old
2018-01-30 09:11 - 2017-10-14 17:03 - 000000000 ____D C:\Users\newuser\AppData\Local\MicrosoftEdge
2018-01-30 08:45 - 2017-06-30 07:18 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-30 08:44 - 2018-01-04 17:57 - 000000000 ____D C:\Users\newuser\Desktop\nendoroid base
2018-01-30 08:44 - 2017-12-24 19:05 - 000000000 ____D C:\Users\newuser\Desktop\MikuMikuDanceE_v931x64
2018-01-30 07:42 - 2017-10-13 20:51 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-1002
2018-01-30 07:42 - 2017-10-13 20:48 - 000002373 _____ C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 07:42 - 2017-10-13 20:48 - 000000000 ___RD C:\Users\newuser\OneDrive
2018-01-19 14:20 - 2017-10-15 13:42 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\BitTorrent
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2ca7-0
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2433-1
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{76991520-112c-0}
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{41cf27ba-712c-1}
2018-01-09 20:13 - 2017-06-12 21:53 - 000028578 _____ C:\WINDOWS\diagwrn.xml
2018-01-09 20:13 - 2017-06-12 21:53 - 000028578 _____ C:\WINDOWS\diagerr.xml
2018-01-09 18:43 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-09 18:15 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Registration
2018-01-09 09:54 - 2017-10-25 10:56 - 000000000 ____D C:\Users\newuser\Desktop\Sai Paint Tool 1.1.0
2018-01-09 09:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 09:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-10-15 13:39 - 2017-10-15 13:39 - 000000218 _____ () C:\Users\newuser\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe


Some files in TEMP:
====================
2018-01-31 13:22 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2017-06-30 07:21 - 2017-01-19 22:34 - 000172200 _____ () C:\Users\Nata-Chan\AppData\Local\Temp\substat.dll
2018-01-30 15:36 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\newuser\AppData\Local\Temp\dllnt_dump.dll
2017-10-14 17:35 - 2017-10-14 17:35 - 000043520 ____N () C:\Users\newuser\AppData\Local\Temp\proxy_vole8361615775320179204.dll
2017-10-14 17:20 - 2017-10-14 17:22 - 012942335 _____ () C:\Users\newuser\AppData\Local\Temp\som73C7.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-01-04 23:01

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by newuser (05-02-2018 15:45:09)
Running from C:\Users\newuser\Desktop
Windows 10 Home Version 1703 15063.786 (X64) (2017-06-13 05:56:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714342073-133361438-2604373368-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3714342073-133361438-2604373368-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3714342073-133361438-2604373368-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3714342073-133361438-2604373368-501 - Limited - Disabled)
Nata-Chan (S-1-5-21-3714342073-133361438-2604373368-1001 - Limited - Enabled) => C:\Users\Nata-Chan
newuser (S-1-5-21-3714342073-133361438-2604373368-1002 - Administrator - Enabled) => C:\Users\newuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life)
BitTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
join.me (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\JoinMe) (Version: 3.2.1.4893 - LogMeIn, Inc.)
Metasequoia 4 (HKLM-x32\...\{DDF95860-617A-48D8-9BA9-0B96CC59258C}) (Version: 4.2.5 - tetraface Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-500\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MtoA for Maya 2017 (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
Web Launch Recorder (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\WebLaunchRecorder) (Version: 2.0 - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2BFA55FD-68C3-442F-87E5-436DD488954D} - System32\Tasks\{6104209F-1DD6-D7AD-473A-3924BC2647DE} => C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de\Updane.exe [2013-04-22] ()
Task: {5DCDEE27-8477-430B-B70A-E7214463870B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {934EF856-B632-4B54-BADF-D517FD4D927D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001Core => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)
Task: {B254A0D9-8322-4E90-ADAE-CCB1695A80DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001UA => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-22 12:46 - 2017-04-05 11:21 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-30 10:28 - 2018-01-30 10:30 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-30 10:28 - 2018-01-30 10:30 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-30 10:28 - 2018-01-30 10:29 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-30 10:28 - 2018-01-30 10:30 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-27 20:21 - 2017-10-27 20:21 - 000927744 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-10-19 11:18 - 2017-10-19 11:18 - 001089536 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3714342073-133361438-2604373368-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3714342073-133361438-2604373368-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF891D84-665D-44FC-880A-939ACB9E99CE}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5B580794-AE3D-422E-8FB9-616703DAE07D}] => (Allow) C:\Users\Nata-Chan\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{0C39EA60-9232-4559-A2A7-C9D017FEB1B6}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C6FAA08-D61E-4E80-896B-25EAA9EB21DE}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{939EF078-7E96-45A6-9D24-D97DE547CEF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B4754A-16D8-45B1-8B27-DC5E99B32F7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A64870DF-18E4-450C-B2D6-29250DE84AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{83404279-279B-429D-A327-377C0600C26C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5DA3C9A1-FB4E-43C5-9E1E-95843979CC24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E816ABA-021C-4F15-904C-A7EFE48D8C9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51C23B20-6819-436E-9811-E76E3BF27010}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED0FF3F-38E8-44C5-8BF3-6942EB16321E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{36F62D5A-B221-4436-A3CA-DFE066838CDF}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A4D0C9B-B2CD-4872-9868-C076513FF187}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{741A2464-989E-4234-967C-569AC78F67B3}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CD18B51E-841C-4ED1-9B54-69B32E4CB69F}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

22-12-2017 16:19:27 Windows Update
09-01-2018 15:56:46 Windows Update
19-01-2018 14:18:25 Windows Update
30-01-2018 16:47:00 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2018 03:36:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: bb8

Start Time: 01d39ed9c9cb969b

Termination Time: 13

Application Path: C:\Users\newuser\Desktop\CKScanner.exe

Report Id: ce77dcdd-2f3b-45c3-af14-bc8a39256b64

Faulting package full name:

Faulting package-relative application ID:

Error: (02/05/2018 03:31:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x4714
Faulting application start time: 0x01d39ed971532ddf
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: c52f7a0c-72a0-4cc6-bbed-b43a60030d30
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x3624
Faulting application start time: 0x01d39ed96dd8d9da
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 3ee92373-fa83-40c3-8010-dff349d9e6d0
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:30:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x4164
Faulting application start time: 0x01d39ed95a2cdf9b
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: ee46bd6b-e88c-4746-9f57-1b1aa5fdaae1
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x442c
Faulting application start time: 0x01d39ed952165d58
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: f254775e-6ce8-4e84-8132-656a94affc60
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x45bc
Faulting application start time: 0x01d39ed94307476c
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 3174b9cd-5b1c-4044-8ec3-acb697e7bfef
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:28:57 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1

Error: (02/05/2018 03:28:23 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (02/05/2018 03:27:57 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (01/31/2018 02:49:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。


System errors:
=============
Error: (02/05/2018 03:28:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:28:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:27:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:27:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 04:43:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 02:48:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.261.566.0).

Error: (01/31/2018 02:48:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error:
The requested resource is in use.

Error: (01/31/2018 02:37:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 01:52:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2018-01-30 08:54:13.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:07.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:52:51.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 8073.7 MB
Available physical RAM: 3044.22 MB
Total Virtual: 9353.7 MB
Available Virtual: 3637.07 MB

==================== Drives ================================

Drive c: (Life) (Fixed) (Total:915.84 GB) (Free:753.08 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 05 February 2018 - 08:33 PM

Could you please run a FRST scan again. Some of the information is missing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 February 2018 - 09:04 AM

yes of course, i have no idea why it did that or how i completely missed that.  :huh:

 

when i'm out of school ill go ahead and run the scan again. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 06 February 2018 - 10:49 AM

Thanks. It might have been an issue with the program.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 February 2018 - 03:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by newuser (administrator) on DESKTOP-373UARJ (06-02-2018 12:05:22)
Running from C:\Users\newuser\Desktop
Loaded Profiles: Nata-Chan & newuser & Administrator (Available Profiles: defaultuser0 & Nata-Chan & newuser & Administrator)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [svcvmx] => C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [927744 2017-10-27] () <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\newuser\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Google Update] => C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-14] (Google Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nata-Chan\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Chromium] => c:\users\nata-chan\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [Discord] => C:\Users\Nata-Chan\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-23] (Disc Soft Ltd)
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\RunOnce: [Uninstall 17.3.6998.0830\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nata-Chan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64"
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\RunOnce: [Uninstall 17.3.6998.0830] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nata-Chan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830"
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MountPoints2: {7b1b5cb5-4ee8-11e7-bfaa-3010b3cf245e} - "E:\Startup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2f559849-fe8f-4fcb-83eb-bd180b2cacec}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyE0D0D0DtDtC0FtA0D0F0CtN0D0Tzu0StCzyzzzztN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtA0D0CyB0C0FtGtCzy0CtAtG0B0D0EzytGtCyBtBtAtG0AtCtAyDtD0CzztC0F0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzy0F0Bzz0DyB0DtGyDyC0CtBtGyEyD0B0AtGzzyEzy0AtGtByEyCtD0A0CyDyD0FyD0D0F2QtN0A0LzuyE%26cr%3D1275451434%26a%3Dwbf_ir_17_23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1001 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714342073-133361438-2604373368-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-10-14] (Sun Microsystems, Inc.)

FireFox:
========
FF DefaultProfile: fj0k49ie.default
FF ProfilePath: C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Profiles\fj0k49ie.default [2018-02-06]
FF Extension: (Adblocker X) - C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Profiles\fj0k49ie.default\Extensions\@adblock57.xpi [2018-01-30]
FF Extension: (Firefox Search Test) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\firefoxsearchtest@mozilla.com.xpi [2017-06-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-10-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\newuser\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3714342073-133361438-2604373368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3714342073-133361438-2604373368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

S2 Dataup; C:\Users\Nata-Chan\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-23] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-09] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-12-25] (Intel Corporation)
S3 KinectRuntimeInstallService; C:\WINDOWS\System32\drivers\KinectV2\K4WRuntimeInstallService.exe [18416 2014-10-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1547871E; C:\WINDOWS\system32\drivers\1547871E.sys [255928 2018-01-30] (Malwarebytes)
S3 6246922F; C:\WINDOWS\system32\drivers\6246922F.sys [255928 2018-01-30] (Malwarebytes)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-13] (Disc Soft Ltd)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [173384 2014-04-07] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-28] (GenesysLogic)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
S3 KinectSensor; C:\WINDOWS\System32\drivers\KinectSensor.sys [95920 2014-10-19] ()
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [57648 2015-12-08] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-31] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-05 15:45 - 2018-02-05 15:46 - 000030915 _____ C:\Users\newuser\Desktop\Addition.txt
2018-02-05 15:39 - 2018-02-05 15:39 - 000004074 _____ C:\Users\newuser\Desktop\ckfiles.txt
2018-02-05 15:33 - 2018-02-05 15:33 - 000468480 _____ () C:\Users\newuser\Desktop\CKScanner.exe
2018-02-05 15:30 - 2018-02-05 15:31 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\CrashDumps
2018-01-31 15:02 - 2018-01-31 15:02 - 000000068 _____ C:\Users\Nata-Chan\AppData\Local\2k5n8qbwh2
2018-01-31 14:58 - 2018-01-31 14:58 - 000024456 _____ C:\Users\Nata-Chan\Desktop\Addition.txt
2018-01-31 14:56 - 2018-01-31 14:58 - 000033040 _____ C:\Users\Nata-Chan\Desktop\FRST.txt
2018-01-31 14:53 - 2018-01-31 14:53 - 002393088 _____ (Farbar) C:\Users\Nata-Chan\Desktop\FRST64.exe
2018-01-31 14:41 - 2018-01-31 14:41 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Nata-Chan\Desktop\mbar-1.09.3.1001.exe
2018-01-31 14:38 - 2018-01-31 14:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Nata-Chan\Downloads\mbar-1.10.3.1001.exe
2018-01-31 14:16 - 2018-01-31 14:16 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-31 13:52 - 2018-01-31 13:52 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-31 12:17 - 2018-01-31 12:17 - 000748192 _____ (TechGuy, Inc.) C:\Users\newuser\Desktop\SysInfo.exe
2018-01-30 20:29 - 2018-01-30 20:29 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2018-01-30 20:09 - 2018-01-30 20:09 - 000000000 __RHD C:\Users\newuser\Desktop\S-1-5-21-3714342073-133361438-2604373368-1002
2018-01-30 17:52 - 2018-01-30 17:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1547871E.sys
2018-01-30 15:37 - 2018-02-06 12:07 - 000020847 _____ C:\Users\newuser\Desktop\FRST.txt
2018-01-30 15:37 - 2018-01-31 13:25 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-30 15:36 - 2018-01-31 14:50 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-30 15:36 - 2018-01-30 15:36 - 000000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-30 15:36 - 2018-01-30 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-30 15:34 - 2018-02-06 12:05 - 000000000 ____D C:\FRST
2018-01-30 15:31 - 2017-12-31 17:35 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-30 15:30 - 2017-12-31 17:41 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-30 15:30 - 2017-12-31 17:40 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-30 15:30 - 2017-12-31 17:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-01-30 15:30 - 2017-12-31 17:39 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-30 15:30 - 2017-12-31 17:38 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-01-30 15:30 - 2017-12-31 17:30 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-30 15:27 - 2018-01-30 15:27 - 036430896 _____ (Adlice Software ) C:\Users\newuser\Desktop\setup.exe
2018-01-30 15:26 - 2018-01-30 15:26 - 002393088 _____ (Farbar) C:\Users\newuser\Desktop\FRST64.exe
2018-01-30 09:32 - 2018-01-30 13:09 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6246922F.sys
2018-01-30 09:32 - 2018-01-30 09:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 09:31 - 2018-01-30 19:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-30 09:31 - 2018-01-30 17:52 - 000000000 ____D C:\Users\newuser\Desktop\mbar
2018-01-30 09:29 - 2018-01-30 09:29 - 005766464 _____ (Zemana Ltd. ) C:\Users\newuser\Desktop\iexplorer.exe
2018-01-30 09:24 - 2017-07-25 12:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\newuser\Desktop\rEKT.exe
2018-01-30 09:22 - 2018-01-30 09:23 - 000841239 _____ C:\Users\newuser\Desktop\GET REKT.zip
2018-01-30 09:20 - 2018-01-30 09:20 - 014161479 _____ C:\Users\newuser\Desktop\mbar-1.10.3.1001-nr.exe
2018-01-30 09:04 - 2018-01-30 09:04 - 001235408 _____ (GridinSoft LLC) C:\Users\newuser\Downloads\setup-antimalware.exe
2018-01-19 17:38 - 2018-01-30 17:01 - 000000000 ____D C:\Program Files\rempl
2018-01-09 21:04 - 2018-01-09 21:04 - 000518964 _____ C:\Users\newuser\Documents\worked.blend
2018-01-09 20:55 - 2018-01-09 20:55 - 000519132 _____ C:\Users\newuser\Documents\worked h ARD .blend
2018-01-09 14:56 - 2018-01-09 14:56 - 001106840 _____ (Unity Technologies ApS) C:\Users\newuser\Downloads\UnityWebPlayer64(1).exe
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\Unity
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Unity
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Deployment
2018-01-09 10:00 - 2018-01-09 10:00 - 000000000 ____D C:\Users\newuser\AppData\Local\Apps\2.0
2018-01-09 09:58 - 2018-01-09 09:58 - 000000000 ____D C:\Program Files\Unity
2018-01-09 09:57 - 2018-01-09 09:57 - 001106840 _____ (Unity Technologies ApS) C:\Users\newuser\Downloads\UnityWebPlayer64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-06 12:05 - 2017-10-13 20:34 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\Mozilla
2018-02-06 12:05 - 2017-05-16 16:34 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\Akamai
2018-02-06 12:04 - 2017-06-12 21:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-05 15:49 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-05 15:49 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-05 15:31 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2018-02-05 15:29 - 2017-10-13 20:08 - 000000000 ____D C:\Users\newuser
2018-02-05 15:28 - 2017-10-13 20:08 - 000000000 __SHD C:\Users\newuser\IntelGraphicsProfiles
2018-01-31 15:07 - 2017-06-04 08:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-31 15:02 - 2017-06-30 07:27 - 000000000 ____D C:\Users\Nata-Chan\AppData\LocalLow\Mozilla
2018-01-31 15:02 - 2017-05-31 00:02 - 000000439 _____ C:\Users\Nata-Chan\AppData\Roaming\WB.CFG
2018-01-31 15:02 - 2017-05-25 16:02 - 000000000 ____D C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de
2018-01-31 14:42 - 2017-07-27 06:58 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-1001
2018-01-31 14:41 - 2017-05-14 09:45 - 000002379 _____ C:\Users\Nata-Chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 14:41 - 2017-05-14 09:45 - 000000000 ___RD C:\Users\Nata-Chan\OneDrive
2018-01-31 14:37 - 2017-05-17 12:24 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-31 14:36 - 2017-06-30 07:27 - 000000000 ____D C:\Users\Nata-Chan\AppData\Roaming\Mozilla
2018-01-31 13:53 - 2017-05-14 09:41 - 000000000 ____D C:\Users\Nata-Chan\AppData\Local\Packages
2018-01-31 13:52 - 2017-05-14 09:41 - 000000000 __SHD C:\Users\Nata-Chan\IntelGraphicsProfiles
2018-01-31 13:28 - 2017-06-12 21:48 - 001222934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-31 13:21 - 2017-10-05 12:49 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-01-31 13:21 - 2017-06-12 21:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-31 13:20 - 2017-10-05 12:48 - 000000000 ____D C:\Users\Administrator
2018-01-31 13:20 - 2017-03-18 03:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-01-30 20:16 - 2017-12-22 15:18 - 000002391 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 20:16 - 2017-10-05 14:24 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-500
2018-01-30 20:16 - 2017-10-05 12:52 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-30 19:14 - 2017-10-15 07:42 - 000000000 ____D C:\Users\newuser\AppData\Local\ntuserlitelist
2018-01-30 18:37 - 2017-05-14 00:57 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-30 17:44 - 2017-05-23 15:49 - 000000000 ____D C:\ProgramData\Apple
2018-01-30 17:14 - 2017-05-25 16:01 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-30 17:12 - 2017-10-15 13:44 - 000000000 ____D C:\Users\newuser\AppData\Roaming\uTorrent
2018-01-30 17:12 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-30 17:06 - 2017-05-14 12:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-30 17:02 - 2017-10-14 23:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-30 17:02 - 2017-05-14 12:15 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-30 17:01 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-30 16:57 - 2017-10-15 13:45 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\uTorrent
2018-01-30 16:53 - 2017-10-05 13:54 - 000000000 ____D C:\Program Files\ntuserlitelist
2018-01-30 15:24 - 2017-05-14 11:45 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-30 15:10 - 2017-06-02 21:11 - 000000571 _____ C:\ServiceLog.txt
2018-01-30 15:05 - 2017-06-30 07:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-30 15:05 - 2017-06-30 07:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-30 15:05 - 2017-06-12 21:22 - 000216952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-30 15:04 - 2017-10-15 13:41 - 000000000 ____D C:\Users\newuser\AppData\Roaming\BitTorrent
2018-01-30 10:07 - 2017-06-12 22:16 - 000000000 ____D C:\Windows.old
2018-01-30 09:11 - 2017-10-14 17:03 - 000000000 ____D C:\Users\newuser\AppData\Local\MicrosoftEdge
2018-01-30 08:45 - 2017-06-30 07:18 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-30 08:44 - 2018-01-04 17:57 - 000000000 ____D C:\Users\newuser\Desktop\nendoroid base
2018-01-30 08:44 - 2017-12-24 19:05 - 000000000 ____D C:\Users\newuser\Desktop\MikuMikuDanceE_v931x64
2018-01-30 07:42 - 2017-10-13 20:51 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3714342073-133361438-2604373368-1002
2018-01-30 07:42 - 2017-10-13 20:48 - 000002373 _____ C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-30 07:42 - 2017-10-13 20:48 - 000000000 ___RD C:\Users\newuser\OneDrive
2018-01-19 14:20 - 2017-10-15 13:42 - 000000000 ____D C:\Users\newuser\AppData\LocalLow\BitTorrent
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2ca7-0
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2433-1
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{76991520-112c-0}
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{41cf27ba-712c-1}
2018-01-09 20:13 - 2017-06-12 21:53 - 000028578 _____ C:\WINDOWS\diagwrn.xml
2018-01-09 20:13 - 2017-06-12 21:53 - 000028578 _____ C:\WINDOWS\diagerr.xml
2018-01-09 18:43 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-09 18:15 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Registration
2018-01-09 09:54 - 2017-10-25 10:56 - 000000000 ____D C:\Users\newuser\Desktop\Sai Paint Tool 1.1.0
2018-01-09 09:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 09:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2017-10-15 13:39 - 2017-10-15 13:39 - 000000218 _____ () C:\Users\newuser\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe


Some files in TEMP:
====================
2018-01-31 13:22 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2017-06-30 07:21 - 2017-01-19 22:34 - 000172200 _____ () C:\Users\Nata-Chan\AppData\Local\Temp\substat.dll
2018-01-30 15:36 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\newuser\AppData\Local\Temp\dllnt_dump.dll
2017-10-14 17:35 - 2017-10-14 17:35 - 000043520 ____N () C:\Users\newuser\AppData\Local\Temp\proxy_vole8361615775320179204.dll
2017-10-14 17:20 - 2017-10-14 17:22 - 012942335 _____ () C:\Users\newuser\AppData\Local\Temp\som73C7.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-04 23:01

==================== End of FRST.txt ============================


Edited by Toxiceggplant, 06 February 2018 - 03:17 PM.


#12 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 February 2018 - 03:17 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by newuser (06-02-2018 12:09:06)
Running from C:\Users\newuser\Desktop
Windows 10 Home Version 1703 15063.786 (X64) (2017-06-13 05:56:33)
Boot Mode: Normal

==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714342073-133361438-2604373368-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3714342073-133361438-2604373368-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3714342073-133361438-2604373368-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3714342073-133361438-2604373368-501 - Limited - Disabled)
Nata-Chan (S-1-5-21-3714342073-133361438-2604373368-1001 - Limited - Enabled) => C:\Users\Nata-Chan
newuser (S-1-5-21-3714342073-133361438-2604373368-1002 - Administrator - Enabled) => C:\Users\newuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Autodesk License Service (x64) - 4.1 (HKLM\...\{B827D6B7-7731-43BA-92EC-916C89C88964}) (Version: 4.1.1.0 - Autodesk)
Autodesk Maya 2017 (HKLM\...\{847DE41D-1C5A-4A52-ADD4-AE708757EDBD}) (Version: 17.0.1720.0 - Autodesk) Hidden
Autodesk Maya 2017 (HKLM\...\Autodesk Maya 2017) (Version: 17.0.1720.0 - Autodesk)
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-316 - House of Life)
BitTorrent (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
join.me (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\JoinMe) (Version: 3.2.1.4893 - LogMeIn, Inc.)
Metasequoia 4 (HKLM-x32\...\{DDF95860-617A-48D8-9BA9-0B96CC59258C}) (Version: 4.2.5 - tetraface Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3714342073-133361438-2604373368-500\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MtoA for Maya 2017 (HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MtoA2017) (Version: 1.3.0.0 - Solid Angle)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UTAU 歌声合成ツール (HKLM-x32\...\{616A6B38-329A-4DD1-865A-24A89A1C95F0}) (Version: 1.1.1801 - 飴屋プロジェクト)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
Web Launch Recorder (HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\WebLaunchRecorder) (Version: 2.0 - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3714342073-133361438-2604373368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nata-Chan\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2BFA55FD-68C3-442F-87E5-436DD488954D} - System32\Tasks\{6104209F-1DD6-D7AD-473A-3924BC2647DE} => C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de\Updane.exe [2013-04-22] ()
Task: {5DCDEE27-8477-430B-B70A-E7214463870B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {934EF856-B632-4B54-BADF-D517FD4D927D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001Core => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)
Task: {B254A0D9-8322-4E90-ADAE-CCB1695A80DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3714342073-133361438-2604373368-1001UA => C:\Users\Nata-Chan\AppData\Local\Google\Update\GoogleUpdate.exe [2017-05-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-22 12:46 - 2017-04-05 11:21 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-27 20:21 - 2017-10-27 20:21 - 000927744 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-12-22 16:13 - 2017-10-15 06:51 - 004125080 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-18 12:59 - 2017-03-18 18:31 - 002487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-01-05 09:30 - 2018-01-05 09:32 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-15 08:04 - 2017-10-15 08:05 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-15 08:04 - 2017-10-15 08:05 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-01-05 09:30 - 2018-01-05 09:32 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-01-05 09:30 - 2018-01-05 09:30 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-10-15 07:51 - 2017-10-15 07:51 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-05 09:24 - 2018-01-05 09:24 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-01-05 09:24 - 2018-01-05 09:24 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-10-15 07:55 - 2017-10-15 07:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-05 09:24 - 2018-01-05 09:24 - 010137600 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-10-19 11:18 - 2017-10-19 11:18 - 001089536 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3714342073-133361438-2604373368-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3714342073-133361438-2604373368-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3714342073-133361438-2604373368-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF891D84-665D-44FC-880A-939ACB9E99CE}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{5B580794-AE3D-422E-8FB9-616703DAE07D}] => (Allow) C:\Users\Nata-Chan\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{0C39EA60-9232-4559-A2A7-C9D017FEB1B6}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C6FAA08-D61E-4E80-896B-25EAA9EB21DE}C:\users\nata-chan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nata-chan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{939EF078-7E96-45A6-9D24-D97DE547CEF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B4754A-16D8-45B1-8B27-DC5E99B32F7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A64870DF-18E4-450C-B2D6-29250DE84AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{83404279-279B-429D-A327-377C0600C26C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5DA3C9A1-FB4E-43C5-9E1E-95843979CC24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E816ABA-021C-4F15-904C-A7EFE48D8C9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51C23B20-6819-436E-9811-E76E3BF27010}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2ED0FF3F-38E8-44C5-8BF3-6942EB16321E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{36F62D5A-B221-4436-A3CA-DFE066838CDF}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A4D0C9B-B2CD-4872-9868-C076513FF187}] => (Allow) C:\Users\newuser\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{741A2464-989E-4234-967C-569AC78F67B3}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CD18B51E-841C-4ED1-9B54-69B32E4CB69F}] => (Allow) C:\Users\newuser\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

22-12-2017 16:19:27 Windows Update
09-01-2018 15:56:46 Windows Update
19-01-2018 14:18:25 Windows Update
30-01-2018 16:47:00 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2018 12:05:30 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (02/06/2018 12:05:02 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-373UARJ)
Description: 製品: Akamai NetSession Interface -- エラー 1310。  ファイルに書き込むときにエラーが発生しました: C:\Users\Nata-Chan\AppData\Local\Akamai\admintool.exe。 システム エラー0。 このディレクトリにアクセスできることを確認してください。

Error: (02/06/2018 12:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-373UARJ)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2018 12:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-373UARJ)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2018 12:04:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-373UARJ)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/05/2018 03:36:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: bb8

Start Time: 01d39ed9c9cb969b

Termination Time: 13

Application Path: C:\Users\newuser\Desktop\CKScanner.exe

Report Id: ce77dcdd-2f3b-45c3-af14-bc8a39256b64

Faulting package full name:

Faulting package-relative application ID:

Error: (02/05/2018 03:31:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x4714
Faulting application start time: 0x01d39ed971532ddf
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: c52f7a0c-72a0-4cc6-bbed-b43a60030d30
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x3624
Faulting application start time: 0x01d39ed96dd8d9da
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: 3ee92373-fa83-40c3-8010-dff349d9e6d0
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:30:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x4164
Faulting application start time: 0x01d39ed95a2cdf9b
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: ee46bd6b-e88c-4746-9f57-1b1aa5fdaae1
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/05/2018 03:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.15063.332, time stamp: 0x591fdafc
Faulting module name: EdgeManager.dll, version: 11.0.15063.0, time stamp: 0x58a670ce
Exception code: 0xc0000005
Fault offset: 0x000000000000983d
Faulting process id: 0x442c
Faulting application start time: 0x01d39ed952165d58
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Report Id: f254775e-6ce8-4e84-8132-656a94affc60
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (02/06/2018 12:04:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-373UARJ)
Description: Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (02/06/2018 12:04:52 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-373UARJ)
Description: Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Error: (02/06/2018 12:04:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 05:26:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:28:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:28:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:27:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/05/2018 03:27:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 04:43:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/31/2018 02:48:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.261.566.0).


CodeIntegrity:
===================================
  Date: 2018-01-30 08:54:13.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:12.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:07.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:54:06.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 08:52:51.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 8073.7 MB
Available physical RAM: 3070.75 MB
Total Virtual: 9353.7 MB
Available Virtual: 3379.67 MB

==================== Drives ================================

Drive c: (Life) (Fixed) (Total:915.84 GB) (Free:752.82 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 06 February 2018 - 07:18 PM

Thank you for running another scan.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool in Recovery Environment - Windows 10/8

--------------------
  • From a clean computer download Farbar Recovery Scan Tool for 64 bit systems and save it to a USB device
  • Hit the Windows Key + R at the same time
  • Type Notepad and hit Enter
  • Copy and paste the below information into the Notepad screen
C:\Users\newuser\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [svcvmx] => C:\Users\newuser\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
HKLM-x32\...\Run: [cpx] => "C:\Users\newuser\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\...\MountPoints2: {7b1b5cb5-4ee8-11e7-bfaa-3010b3cf245e} - "E:\Startup.exe"
FF Extension: (Adblocker X) - C:\Users\newuser\AppData\Roaming\Mozilla\Firefox\Profiles\fj0k49ie.default\Extensions\@adblock57.xpi [2018-01-30]
FF Plugin HKU\S-1-5-21-3714342073-133361438-2604373368-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\newuser\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S2 Dataup; C:\Users\Nata-Chan\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed]
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
2018-01-31 15:02 - 2018-01-31 15:02 - 000000068 _____ C:\Users\Nata-Chan\AppData\Local\2k5n8qbwh2
2018-01-30 20:09 - 2018-01-30 20:09 - 000000000 __RHD C:\Users\newuser\Desktop\S-1-5-21-3714342073-133361438-2604373368-1002
C:\Program Files\ntuserlitelist
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2ca7-0
2018-01-16 09:24 - 2017-10-13 19:48 - 000000000 ____D C:\ProgramData\b878fee8-2433-1
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{76991520-112c-0}
2018-01-16 09:24 - 2017-10-05 14:52 - 000000000 ____D C:\ProgramData\{41cf27ba-712c-1}
2018-01-31 13:22 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2017-06-30 07:21 - 2017-01-19 22:34 - 000172200 _____ () C:\Users\Nata-Chan\AppData\Local\Temp\substat.dll
2018-01-30 15:36 - 2017-09-04 21:26 - 001930840 _____ (Microsoft Corporation) C:\Users\newuser\AppData\Local\Temp\dllnt_dump.dll
2017-10-14 17:35 - 2017-10-14 17:35 - 000043520 ____N () C:\Users\newuser\AppData\Local\Temp\proxy_vole8361615775320179204.dll
2017-10-14 17:20 - 2017-10-14 17:22 - 012942335 _____ () C:\Users\newuser\AppData\Local\Temp\som73C7.tmp.exe
Task: {2BFA55FD-68C3-442F-87E5-436DD488954D} - System32\Tasks\{6104209F-1DD6-D7AD-473A-3924BC2647DE} => C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de\Updane.exe [2013-04-22] ()
C:\Users\Nata-Chan\AppData\Roaming\6104209f1dd6d7ad473a3924bc2647de
HKU\S-1-5-21-3714342073-133361438-2604373368-1001\Software\Classes\regfile: regedit.exe "%1"
C:\Windows\System32\drivers\drmkpro64.sys
  • Click File, Save As..., and save the document onto your USB drive as Fixlist.txt
  • Remove your USB device but do not insert it into your compromised computer yet
  • On your compromised computer hit the Windows Key + R at the same time
  • Copy and paste shutdown.exe /r /t 05 /o in the Run box and hit Enter
  • Select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Select your account to continue
  • Enter your Password information if you have one
  • Insert your USB device
  • At X:\windows\system32> type Notepad and hit Enter
  • Click File, then Open
  • Click This PC
  • Double click on your USB device drive letter
  • Next to Files of type: select All Files
  • Right click on FRST64 and select Run as administrator
  • Click Fix and allow the process to complete
  • A Fixlog.txt document will be saved on your USB device. Copy and paste the contents of the file in your reply.
  • Close the Command Prompt window
  • Select Continue to restart your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Toxiceggplant

Toxiceggplant
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 February 2018 - 07:47 PM

So i tried to copy and paste shutdown.exe /r /t 05 /o into the run box but it quickly opens up a window and then closes and then nothing happens.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:01 AM

Posted 06 February 2018 - 08:01 PM

Hold down the Shift Key, click Start in the lower left corner of the screen, click the power icon then select Restart. That should do the same thing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users