Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting, Computer gets slow sometimes


  • This topic is locked This topic is locked
50 replies to this topic

#1 eckvanet

eckvanet

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 19 April 2018 - 06:27 PM

When I search in Chrome, a website called citypage.today redirects my search to Bing. Additionally, when running certain processes, a process called wiemthxsrv.exe begins to take up a great amount of disc space. I have tried deleting this file with FileASSASSIN, but the program says that it can't. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by nith8 (administrator) on DESKTOP-7T666RF (19-04-2018 19:24:48)
Running from C:\Users\nith8\Downloads
Loaded Profiles: nith8 (Available Profiles: defaultuser0 & Selvaraj & nith8)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TOSHIBA CORPORATION) C:\Windows\Temp\wiemthxsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\nith8\AppData\Local\Discord\app-0.0.300\Discord.exe
(f.lux Software LLC) C:\Users\nith8\AppData\Local\FluxSoftware\Flux\flux.exe
(Parsec Cloud, Inc.) C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Twitch Interactive, Inc.) C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Twitch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Parsec Cloud, Inc.) C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe
(Parsec Cloud, Inc.) C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe
(Discord Inc.) C:\Users\nith8\AppData\Local\Discord\app-0.0.300\Discord.exe
(Twitch Interactive, Inc.) C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Twitch Interactive, Inc.) C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Discord Inc.) C:\Users\nith8\AppData\Local\Discord\app-0.0.300\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Parsec Cloud, Inc.) C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe
(Parsec Cloud, Inc.) C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe
(Parsec) C:\Program Files\Parsec\parsecd.exe
(Signiant) C:\Users\nith8\AppData\Roaming\Signiant\SigniantClient.exe
(Signiant) C:\Users\nith8\AppData\Roaming\Signiant\SigniantUser.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Run: [Discord] => C:\Users\nith8\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Run: [f.lux] => C:\Users\nith8\AppData\Local\FluxSoftware\Flux\flux.exe [1681400 2018-01-11] (f.lux Software LLC)
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Run: [Parsec.App.0] => C:\Users\nith8\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-03-05] (Parsec Cloud, Inc.)
Startup: C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Signiant App.lnk [2018-04-19]
ShortcutTarget: Signiant App.lnk -> C:\Users\nith8\AppData\Roaming\Signiant\SigniantApp.exe (Signiant)
Startup: C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-11]
ShortcutTarget: Twitch.lnk -> C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
Startup: C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wednesday.lnk [2017-09-19]
ShortcutTarget: wednesday.lnk -> C:\Program Files (x86)\Reseal\bogue.exe (No File)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1fbd5279-a1e0-452e-b246-30a849165f17}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d57a5b63-6ca1-4776-a02e-90aeab3bf7f7}: [NameServer] 65.19.96.252,65.19.96.253
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131503447374657281&GUID=4BD25DF2-893B-458F-8F04-3C04F60C0C94
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131503447374667435&GUID=4BD25DF2-893B-458F-8F04-3C04F60C0C94
HKU\S-1-5-21-955666570-501405999-1131850818-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-f08e7bf7
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-955666570-501405999-1131850818-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-955666570-501405999-1131850818-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-955666570-501405999-1131850818-1002 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f08e7bf7&q={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-28] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-28] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-07-11] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR Profile: C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default [2018-04-19]
CHR Extension: (Slides) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-02]
CHR Extension: (YouTube) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-02]
CHR Extension: (Adblock for Youtube™) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-14]
CHR Extension: (Movenote for Education) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhhpolibfeihcdjjgkkoihbdbioejmh [2017-01-02]
CHR Extension: (Sheets) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-02]
CHR Extension: (AdBlock) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-19]
CHR Extension: (HUMAN 3.0) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2017-01-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\nith8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-08]
CHR Profile: C:\Users\nith8\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-22]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\lxvdcruk <==== ATTENTION (Rootkit!)
 
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CMUAC; C:\WINDOWS\system32\DRIVERS\CMUAC.sys [661760 2015-12-05] (C-MEDIA)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45192 2017-10-19] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-19] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-17] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-06-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [42496 2017-11-29] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-19 19:24 - 2018-04-19 19:25 - 000019844 _____ C:\Users\nith8\Downloads\FRST.txt
2018-04-19 19:23 - 2018-04-19 19:23 - 002404352 _____ (Farbar) C:\Users\nith8\Downloads\FRST64.exe
2018-04-19 18:58 - 2018-04-19 18:58 - 000115024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tibpsvzc.sys
2018-04-19 18:50 - 2018-04-19 18:50 - 000167034 _____ C:\Users\nith8\Downloads\fileassassin-setup-1.06.exe
2018-04-19 18:50 - 2018-04-19 18:50 - 000001126 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2018-04-19 18:50 - 2018-04-19 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2018-04-19 18:50 - 2018-04-19 18:50 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2018-04-18 16:33 - 2018-04-19 19:09 - 000000797 _____ C:\Users\nith8\Desktop\Windows 10 Update Assistant.lnk
2018-04-15 20:41 - 2018-04-15 20:41 - 000326246 _____ C:\Users\nith8\Downloads\PC5-Rev.17.ab1
2018-04-09 20:07 - 2018-04-09 20:08 - 086448346 _____ C:\Users\nith8\Downloads\Pantheon Epsilon v1.0 (1).zip
2018-04-09 07:05 - 2018-04-09 07:05 - 000362412 _____ C:\WINDOWS\Minidump\040918-42312-01.dmp
2018-04-08 11:10 - 2018-04-08 11:10 - 000371028 _____ C:\WINDOWS\Minidump\040818-41453-01.dmp
2018-04-07 19:59 - 2018-04-07 20:18 - 000000000 ____D C:\Users\nith8\AppData\Local\Warframe
2018-04-07 14:34 - 2018-04-07 14:34 - 000000222 _____ C:\Users\nith8\Desktop\Warframe.url
2018-04-05 16:23 - 2018-04-05 16:23 - 000001470 _____ C:\Users\nith8\Downloads\seqdump.txt
2018-04-03 10:05 - 2018-04-03 10:05 - 007924192 _____ (Tim Kosse) C:\Users\nith8\Downloads\FileZilla_3.32.0_win64-setup.exe
2018-04-02 22:03 - 2018-04-02 22:03 - 001035352 _____ C:\Users\nith8\Downloads\tunnel_vision_v1.1.zip
2018-04-02 00:07 - 2018-04-02 00:07 - 004272165 _____ C:\Users\nith8\Downloads\6 methods of data collection.pdf
2018-03-31 19:53 - 2018-03-31 19:53 - 162402985 _____ C:\Users\nith8\Downloads\Terra+Restore+V1.4.3.zip
2018-03-31 15:14 - 2018-03-31 15:15 - 085752996 _____ C:\Users\nith8\Downloads\-= Ragecraft III - The Prophecy =-.zip
2018-03-30 00:02 - 2018-03-30 00:02 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-28 15:20 - 2018-04-05 10:38 - 000000000 ____D C:\Users\nith8\Documents\Output
2018-03-27 07:04 - 2018-03-27 07:04 - 000362532 _____ C:\WINDOWS\Minidump\032718-37156-01.dmp
2018-03-25 21:47 - 2018-03-25 21:47 - 001248558 _____ C:\Users\nith8\Desktop\Beloved Full Text Toni Morrison (with chapter numbers).pdf
2018-03-25 21:12 - 2018-03-28 15:15 - 000000000 ____D C:\Users\nith8\Documents\Blockhead
2018-03-25 00:21 - 2018-03-25 00:21 - 000355092 _____ C:\WINDOWS\Minidump\032518-40328-01.dmp
2018-03-24 14:42 - 2018-03-24 14:42 - 000112842 _____ C:\Users\nith8\Downloads\rlymisty3_-_Linkin_Park_-_Guilty_All_The_Same_feat._Rakim_Shame_2018-03-23_Osu.osr
2018-03-23 05:06 - 2018-03-27 07:04 - 000193248 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-22 19:17 - 2018-03-22 19:17 - 010988186 _____ C:\Users\nith8\Downloads\739053 OSTER Project feat. Nanahira - Napo Napo Ritaan Macchi (1).osz
2018-03-21 20:41 - 2018-03-21 20:42 - 007914600 _____ (Tim Kosse) C:\Users\nith8\Downloads\FileZilla_3.31.0_win64-setup.exe
2018-03-21 16:23 - 2018-04-09 20:08 - 000000000 ____D C:\Users\nith8\Desktop\Pantheon Epsilon v1.0
2018-03-21 16:23 - 2018-03-21 16:23 - 086448346 _____ C:\Users\nith8\Downloads\Pantheon Epsilon v1.0.zip
2018-03-21 14:18 - 2018-03-21 14:18 - 030202458 _____ C:\Users\nith8\Downloads\server.jar
2018-03-21 14:15 - 2018-03-21 14:15 - 000000000 ____D C:\Users\nith8\Desktop\The Old Stuff Pack
2018-03-21 14:05 - 2018-03-21 14:07 - 498882835 _____ C:\Users\nith8\Downloads\Super Hostile - The Old Stuff Pack.zip
2018-03-21 13:11 - 2018-04-18 23:03 - 000001271 _____ C:\Users\nith8\Desktop\nativelog.txt
2018-03-20 21:36 - 2018-03-20 21:36 - 002286151 _____ C:\Users\nith8\Downloads\64766 Aly & AJ - We Wish You A Merry Christmas.osz
2018-03-20 17:17 - 2018-03-20 17:17 - 005476104 _____ C:\Users\nith8\Downloads\jdip-1.7.0-preview-1-setup-windows.exe
2018-03-20 17:17 - 2018-03-20 17:17 - 000000000 ____D C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jDip
2018-03-20 17:17 - 2018-03-20 17:17 - 000000000 ____D C:\Program Files (x86)\jDip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-19 19:24 - 2017-12-23 10:51 - 000000000 ____D C:\FRST
2018-04-19 19:10 - 2017-08-14 17:45 - 000000000 ____D C:\Users\nith8\AppData\Roaming\FileZilla
2018-04-19 19:09 - 2018-02-23 23:30 - 000000809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-04-19 19:09 - 2018-02-23 23:30 - 000000000 ____D C:\Windows10Upgrade
2018-04-19 19:05 - 2017-07-11 02:03 - 001829960 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-19 19:02 - 2017-07-11 02:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-19 19:02 - 2017-02-09 18:14 - 000000000 ____D C:\Users\nith8\AppData\Roaming\Curse Client
2018-04-19 19:02 - 2017-01-02 17:17 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-19 19:01 - 2018-02-03 20:48 - 000001879 _____ C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signiant App.lnk
2018-04-19 19:01 - 2017-08-14 17:34 - 000000000 ____D C:\Users\nith8\AppData\Roaming\Signiant
2018-04-19 19:00 - 2018-03-17 16:54 - 000000000 ____D C:\Users\nith8\AppData\Roaming\Parsec
2018-04-19 19:00 - 2017-07-11 10:31 - 000000000 ____D C:\ProgramData\Logishrd
2018-04-19 18:59 - 2018-03-17 09:50 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-19 18:59 - 2017-07-11 02:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-19 18:58 - 2017-09-19 21:29 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2018-04-19 18:58 - 2017-03-18 07:40 - 018874368 _____ C:\WINDOWS\system32\config\HARDWARE
2018-04-19 18:58 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2018-04-19 18:57 - 2017-07-11 02:04 - 000000000 ____D C:\Users\nith8
2018-04-19 18:53 - 2018-02-03 21:35 - 000001451 _____ C:\Users\nith8\Desktop\updl notes.txt
2018-04-19 18:15 - 2017-07-11 02:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-19 18:09 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2018-04-19 17:11 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-19 17:10 - 2017-07-11 02:24 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26AE4F1C-9841-48D0-8D2F-1B607775E4D4}
2018-04-19 17:10 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-19 08:33 - 2017-08-14 17:29 - 000000000 ____D C:\Users\nith8\Documents\Alt
2018-04-18 22:59 - 2017-02-09 22:31 - 000000000 ____D C:\Users\nith8\AppData\Roaming\.minecraft
2018-04-17 17:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2018-04-16 13:13 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-15 22:24 - 2017-11-06 20:31 - 000000000 ____D C:\Users\nith8\AppData\Local\osu!
2018-04-12 18:33 - 2018-01-12 06:09 - 000000000 ____D C:\Program Files\rempl
2018-04-09 20:08 - 2017-12-23 14:49 - 000000000 ____D C:\Users\nith8\Desktop\mc
2018-04-09 07:08 - 2017-03-19 10:54 - 000000000 ____D C:\Users\nith8\AppData\Roaming\discord
2018-04-09 07:05 - 2017-12-10 16:09 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-09 07:05 - 2017-01-02 19:30 - 264302478 _____ C:\WINDOWS\MEMORY.DMP
2018-04-07 20:03 - 2017-06-30 15:23 - 000000000 ____D C:\Users\nith8\AppData\Roaming\NVIDIA
2018-04-07 14:34 - 2017-01-07 18:28 - 000000000 ____D C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-04-02 22:45 - 2013-06-24 01:28 - 000000000 ____D C:\Users\nith8\Desktop\tunnel_vision_v1.1
2018-04-02 21:15 - 2017-03-18 17:06 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-02 21:15 - 2017-03-18 17:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-01 11:46 - 2018-02-23 18:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-04-01 11:45 - 2018-02-23 18:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-29 17:10 - 2017-07-25 14:45 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-955666570-501405999-1131850818-1002
2018-03-29 17:10 - 2017-01-02 16:04 - 000002365 _____ C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-29 17:10 - 2017-01-02 16:04 - 000000000 ___RD C:\Users\nith8\OneDrive
2018-03-20 18:44 - 2017-07-08 16:27 - 000002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2017-09-07 18:42 - 2017-09-07 18:43 - 014247216 _____ (InstallShield Software Corporation) C:\Users\nith8\full.exe
2017-02-23 02:49 - 2017-09-17 00:13 - 000000262 _____ () C:\Users\nith8\AppData\Roaming\WB.CFG
 
Files to move or delete:
====================
C:\Windows\Tasks\{7BA2CD3A-43B9-8AE9-2D53-356112917208}.job
 
 
Some files in TEMP:
====================
2017-07-11 09:07 - 2017-07-11 09:07 - 000739904 _____ (Oracle Corporation) C:\Users\nith8\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-10-17 20:53 - 2017-10-17 20:53 - 001856576 _____ (Oracle Corporation) C:\Users\nith8\AppData\Local\Temp\jre-8u151-windows-au.exe
2016-10-20 13:26 - 2016-10-20 13:26 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\nith8\AppData\Local\Temp\libeay32.dll
2017-07-11 10:32 - 2015-07-02 16:36 - 000098760 _____ () C:\Users\nith8\AppData\Local\Temp\LMkRstPt.exe
2016-10-20 13:26 - 2016-10-20 13:26 - 000970912 _____ (Microsoft Corporation) C:\Users\nith8\AppData\Local\Temp\msvcr120.dll
2016-10-20 13:26 - 2016-10-20 13:26 - 000772672 _____ () C:\Users\nith8\AppData\Local\Temp\sqlite3.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-15 18:49
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by nith8 (19-04-2018 19:25:45)
Running from C:\Users\nith8\Downloads
Windows 10 Home Version 1703 15063.786 (X64) (2017-07-11 06:33:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-955666570-501405999-1131850818-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-955666570-501405999-1131850818-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-955666570-501405999-1131850818-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-955666570-501405999-1131850818-501 - Limited - Disabled)
nith8 (S-1-5-21-955666570-501405999-1131850818-1002 - Administrator - Enabled) => C:\Users\nith8
Selvaraj (S-1-5-21-955666570-501405999-1131850818-1001 - Administrator - Enabled) => C:\Users\Selvaraj
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Discord (HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Flux) (Version:  - f.lux Software LLC)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.30.0 (HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
FinchTV (HKLM-x32\...\{4D5C1F43-2D45-42C1-B4BF-F74BFA28E7FF}) (Version: 1.4.0 - Geospiza)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Inkscape 0.91 (HKLM-x32\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
jDip 1.7.0 (HKLM-x32\...\jDip) (Version: 1.7.0 - )
JetBrains PyCharm Community Edition 2017.3.3 (HKLM-x32\...\PyCharm Community Edition 2017.3.3) (Version: 173.4301.16 - JetBrains s.r.o.)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
osu! (HKLM-x32\...\{42a4dbf3-85e1-4fe2-97cf-1ba74913c270}) (Version: latest - ppy Pty Ltd)
Parsec (HKLM-x32\...\Parsec) (Version:  - Parsec Cloud Inc.)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Python 3.6.3 (Anaconda3 5.0.1 64-bit) (HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\Python 3.6.3 (Anaconda3 5.0.1 64-bit)) (Version: 5.0.1 - Anaconda, Inc.)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Signiant App (HKLM\...\{3C94416F-F05D-4EF3-A4D7-EB9926F7460C}) (Version: 1.3.1505 - Signiant Inc.)
Signiant App (HKLM\...\{9444F9DB-23E9-4711-90F7-DED4A30900BF}) (Version: 1.3.1520 - Signiant Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{302A9B8D-5111-6C51-BB99-FF394C4A4255}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{2D359C7E-59C8-79A9-5157-FE9E189F5E8A}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{71436CD5-3E63-CEE9-FC00-5124A5C9A931}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04ABE210-94EC-4250-84CC-B0FA111FE11A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-27] (NVIDIA Corporation)
Task: {1693469C-2ABE-42E3-B1CD-4F62AEFE5DE3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-27] (NVIDIA Corporation)
Task: {1D4AFF1D-7A7B-4848-AC6C-7395EA66978A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-27] (NVIDIA Corporation)
Task: {47364738-4857-4708-8B7F-03EAFBA33877} - System32\Tasks\{28B300DC-5029-4663-9A14-107AFFF0B177} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\nith8\AppData\Local\osu!\osu!.exe -d C:\Users\nith8\Desktop
Task: {4C9954F6-2C56-4B86-BF48-72F704B5C42F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-27] (NVIDIA Corporation)
Task: {7FF2AD04-4910-4160-A124-ACD403801E14} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {86D735B3-594F-409B-B5A7-730950FEF93C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-27] (NVIDIA Corporation)
Task: {8AB05D2F-2DE7-485F-B3D2-EA72C5D8B66D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-27] (NVIDIA Corporation)
Task: {B65B9386-AAA5-4797-B299-246A6E2B69E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-16] (Google Inc.)
Task: {C60F8000-0D27-4DFF-BF23-8593503B1A10} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-27] (NVIDIA Corporation)
Task: {CCFA614B-B26B-40F6-932E-8C5FC3268AE5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-27] (NVIDIA Corporation)
Task: {DC2E23AD-5B95-443F-B30F-49BFB0705891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-16] (Google Inc.)
Task: {E775F8C9-BF08-4940-BA49-EB7841914D71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\{7BA2CD3A-43B9-8AE9-2D53-356112917208}.job => C:\Users\Selvaraj\AppData\Roaming\Rotakas\updtask.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\nith8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\nith8\Anaconda3New\Scripts\activate.bat C:\Users\nith8\Anaconda3New
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-30 15:02 - 2017-06-27 18:39 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-03 18:24 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 23:29 - 2017-10-19 23:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 23:29 - 2017-10-19 23:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-11-30 12:41 - 2017-11-30 12:41 - 001960448 _____ () C:\Users\nith8\AppData\Roaming\Parsec\electron\ffmpeg.dll
2017-10-19 23:02 - 2017-10-19 23:02 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-19 23:02 - 2017-10-19 23:02 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2017-11-30 12:41 - 2017-11-30 12:41 - 003429376 _____ () C:\Users\nith8\AppData\Roaming\Parsec\electron\libglesv2.dll
2017-11-30 12:41 - 2017-11-30 12:41 - 000017408 _____ () C:\Users\nith8\AppData\Roaming\Parsec\electron\libegl.dll
2018-04-02 13:43 - 2018-04-02 13:43 - 013989432 _____ () C:\Users\nith8\AppData\Roaming\Signiant\SigniantUserLib.DLL
2018-03-23 15:17 - 2018-03-23 15:17 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 15:17 - 2018-03-23 15:17 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 15:17 - 2018-03-23 15:17 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 15:17 - 2018-03-23 15:17 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 15:17 - 2018-03-23 15:17 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-20 18:44 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-20 18:44 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-01-08 09:00 - 2018-01-08 09:00 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-06-30 15:02 - 2017-06-27 18:39 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-02 17:18 - 2018-01-10 22:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-01-02 17:18 - 2018-04-02 19:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2017-01-02 17:18 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-20 21:00 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-20 21:00 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-20 21:00 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-20 21:00 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-20 21:00 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-01-02 17:18 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-01-02 17:18 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-01-02 17:18 - 2018-04-02 19:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-01-02 17:18 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-08 23:17 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\nith8\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-08 23:23 - 2018-02-10 09:31 - 001780216 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2016-04-05 11:57 - 2016-04-05 11:57 - 000393608 _____ () C:\Users\nith8\AppData\Roaming\Curse Client\Bin\opus.dll
2017-02-08 21:15 - 2018-04-19 18:09 - 000535872 _____ () C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2017-06-30 15:02 - 2017-06-27 18:39 - 066836928 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-01-08 23:17 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\nith8\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 23:17 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\nith8\AppData\Local\Discord\app-0.0.300\libegl.dll
2017-01-10 18:04 - 2018-03-01 13:15 - 001705792 _____ () C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll
2017-01-10 18:04 - 2018-03-01 13:15 - 002551104 _____ () C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\libglesv2.dll
2017-01-10 18:04 - 2018-03-01 13:15 - 000023360 _____ () C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\libegl.dll
2018-03-01 13:16 - 2018-04-19 18:09 - 000400384 _____ () \\?\C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-03-01 13:16 - 2018-04-19 18:09 - 000129536 _____ () \\?\C:\Users\nith8\AppData\Roaming\Curse Client\Bin\Electron\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-01-08 23:23 - 2018-01-08 23:23 - 002662904 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-02-16 08:50 - 2018-02-16 08:50 - 001910264 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-02-16 08:50 - 2018-02-16 08:50 - 000422392 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-02-16 08:50 - 2018-02-16 08:50 - 000145400 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-01-08 23:23 - 2018-03-20 16:48 - 009623896 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-08 23:23 - 2018-02-01 17:03 - 001508344 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-08 23:23 - 2018-01-08 23:23 - 000513016 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-08 23:23 - 2018-03-13 15:02 - 001517560 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-08 23:23 - 2018-03-08 13:25 - 002749944 _____ () \\?\C:\Users\nith8\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2017-06-10 15:51 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-01-02 17:19 - 2017-12-13 17:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-01-02 17:18 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-12-13 17:56 - 2017-09-22 14:59 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-955666570-501405999-1131850818-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nith8\Desktop\triangle_dark_background_light_line_shape_88539_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\StartupApproved\StartupFolder: => "wednesday.lnk"
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\StartupApproved\Run: => "dorton"
HKU\S-1-5-21-955666570-501405999-1131850818-1002\...\StartupApproved\Run: => "demurred"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{9C082434-F135-42C2-92CF-E4BF38C4C4A4}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{7113B29A-84B6-4F8C-A8C4-B38D0112B3F1}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{EA2B71C9-80E6-476A-917C-2B5EA953F1F6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E56F2C80-605A-4EEC-9A99-B9934413DF9D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FF80948D-B7C3-499F-90BC-4137138E0380}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{3B4DC4B1-71E9-444C-B2D9-61A40457C5CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{CA292B3A-058C-4E7A-A828-A7DAAD5356B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{CE7AFC18-AE9F-42D6-AAE5-33086F30320D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{35716824-76A3-4988-ACC3-66851A8130DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0EF41B1F-E660-45DB-A704-0A9F554AA5DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CFB896B0-9026-46D1-B613-A8CDD7AD0D68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B426859C-B335-4D06-A04C-13757CA739D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{13F5BE09-3729-4F81-BC4C-5C74F69502FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB35162B-33BC-46B5-8E75-DA9BD91257F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D58038EB-5286-4C2F-88B4-95BEEEA3E825}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7C4F9882-FBE5-4CDF-99F9-12C23788F6D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC89D76E-712F-40DA-BE99-6B5D64CBE0E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F453B06-8AE3-4F7A-A6A9-4218F8DA6744}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [{76FD930C-7406-49FD-9F2B-F7C817ED90F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Furi\Furi.exe
FirewallRules: [UDP Query User{D8699AC3-89FA-4EBE-B855-38B306017897}C:\programdata\oracle\java\javapath_target_327972609\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_327972609\java.exe
FirewallRules: [TCP Query User{D5E07FC3-5E2A-4E09-A720-5277EC283200}C:\programdata\oracle\java\javapath_target_327972609\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_327972609\java.exe
FirewallRules: [UDP Query User{14580178-A092-463B-87FF-7770F8D86772}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{FE80D1F5-2E27-4CF4-9D6A-3C1A1012951B}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{62DFC64D-A885-435A-92E9-1FA8B1C878DF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{34C19C54-CA61-4D07-9571-8F9586D53E8B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E738E418-853A-4D14-BAD7-0E9C63A43ACE}] => (Allow) C:\Users\Selvaraj\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{E97DDCDE-E42B-4F1D-83D4-495383E1B6D7}C:\users\nith8\onedrive\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\nith8\onedrive\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DEC2FA47-747E-4EA2-AC63-7039D3A429A4}C:\users\nith8\onedrive\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\nith8\onedrive\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{87FFFCAD-F731-46F4-B2C0-75EAC119B5EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{3EDB08A5-2FE2-4920-85CE-34C315ED94DB}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{AAFAEBC8-E0FB-41AC-BA0F-CAB4E754EC7D}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{F0A324C4-72C8-4C42-94B0-A50C345676BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{664D0D2A-0998-421A-8153-74A61888CD89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{55A59727-1B86-4DF2-902A-3341E32A4A8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{36EB6411-7D38-4AFC-8674-D6C2E02D1946}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7757B593-3B6F-4163-B471-951778FD831E}C:\programdata\oracle\java\javapath_target_24596640\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_24596640\java.exe
FirewallRules: [UDP Query User{7ADCB0DA-4245-4D09-8B0A-B96347C151CB}C:\programdata\oracle\java\javapath_target_24596640\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_24596640\java.exe
FirewallRules: [TCP Query User{5BA8E13F-9403-43E6-8D3B-1024C4E18BD3}C:\programdata\oracle\java\javapath_target_56038421\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_56038421\java.exe
FirewallRules: [UDP Query User{324B2FF9-C5C0-47C2-AC70-4525AF60FB11}C:\programdata\oracle\java\javapath_target_56038421\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_56038421\java.exe
FirewallRules: [TCP Query User{DA04F72E-133E-4372-BC82-6CE8DCADDDAF}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{B05D0F6D-5184-4939-ACF6-FC9EF04FC3E3}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{DDF441CB-D64F-430A-8139-1919B45C1C3B}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{502450CB-DD9A-4A60-B1BC-4E5C3761F6DD}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{F3A9ADA0-A81D-479D-8497-075EA392C1A8}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [UDP Query User{64B33B1D-9E27-4E7A-A7C4-EABB246F596B}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe
FirewallRules: [{38ABFDA4-8BDC-459A-A38D-1455827DF4C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony Demo\Dangan3Win.exe
FirewallRules: [{B015D39A-CF38-4393-BF0F-27F92B9C3EDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony Demo\Dangan3Win.exe
FirewallRules: [{889AAE64-5157-4917-91C6-EDAF0DB55779}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony Demo\V3Launcher.exe
FirewallRules: [{331A9F66-7336-48C0-8BF5-CFAFB7EEFEDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony Demo\V3Launcher.exe
FirewallRules: [{541C019F-B487-49D3-BD6A-ECB6C92E57D3}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{FFB91699-0B80-4EF1-A51E-B8BC8937A9D5}] => (Allow) C:\Program Files (x86)\Reseal\bogue.exe
FirewallRules: [{BC174F87-1411-4F2D-90C7-4D2D531BAD7E}] => (Allow) C:\Program Files (x86)\Breathlessness\bogue.exe
FirewallRules: [{2A5CE226-92BA-4D18-AA3F-943D592EA2A2}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe
FirewallRules: [{09F7E83E-69B4-4D10-9EFF-2D3ACB2D2E8F}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe
FirewallRules: [TCP Query User{4DACD758-3783-426F-B7D2-F6DE823456DC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{10EC530A-1DFE-4D38-93E4-22BA3A06848B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B98A8109-EC22-4262-9E82-1A5F02F9B017}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{B46420C6-10B9-4DA0-80DF-28E705353B42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [TCP Query User{F3A4FF79-A71B-4767-A838-AC8635A7B80F}C:\programdata\oracle\java\javapath_target_152409953\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_152409953\java.exe
FirewallRules: [UDP Query User{8B385282-B3FA-4C74-A2ED-8AA4D78B2F40}C:\programdata\oracle\java\javapath_target_152409953\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_152409953\java.exe
FirewallRules: [TCP Query User{E967AAC9-C299-4444-BEF1-0475FADD3BBD}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{B1B889A7-83E5-4C2D-B4D2-A79D287448EE}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{9AE7712B-C5E0-40DF-8F78-36E6680CEEE4}C:\programdata\oracle\java\javapath_target_37142687\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_37142687\java.exe
FirewallRules: [UDP Query User{65DA7CD8-2029-4125-9BA4-68BE49C3A128}C:\programdata\oracle\java\javapath_target_37142687\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_37142687\java.exe
FirewallRules: [{73142DA4-C88C-4EF1-B057-886C71B9A441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{C4AD8AB8-1BE4-48F0-94B0-DF2A1ABFA44B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here.exe
FirewallRules: [{EBE71323-D5FE-421A-82B8-95CA5E792AB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{C96064B7-BAF4-4186-B964-A39BFB5EC020}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here VR.exe
FirewallRules: [{0C6ABC09-518B-48F8-9906-55219859D012}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-04-2018 00:10:40 Windows Update
07-04-2018 13:23:14 Windows Update
11-04-2018 18:38:56 Windows Update
15-04-2018 12:52:31 Windows Update
18-04-2018 16:15:00 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2018 06:59:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Logitech\SetPointP\SetPoint.exe".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2018 06:59:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/19/2018 06:59:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/19/2018 06:09:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/19/2018 05:07:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/19/2018 05:07:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/19/2018 12:19:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/19/2018 12:19:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/19/2018 07:09:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (04/19/2018 07:09:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update Orchestrator Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (04/19/2018 07:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/19/2018 07:07:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update Orchestrator Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/19/2018 07:05:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (04/19/2018 07:03:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (04/19/2018 06:59:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (04/19/2018 06:57:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7T666RF)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2017-09-19 21:33:52.674
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanProxy:Win32/Wonknod.A
ID: 2147688719
Severity: Severe
Category: Trojan Proxy Server
Path: file:_C:\Users\nith8\AppData\Local\Temp\bdm\apexpsvc.exe;process:_pid:14720,ProcessStart:131503445716441615;service:_apexpsvc
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\nith8\AppData\Local\Temp\bdm\apexpsvc.exe
Signature Version: AV: 1.251.1142.0, AS: 1.251.1142.0, NIS: 117.12.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0
 
Date: 2017-09-19 21:32:46.594
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanProxy:Win32/Wonknod.A
ID: 2147688719
Severity: Severe
Category: Trojan Proxy Server
Path: file:_C:\Users\nith8\AppData\Local\Temp\bdm\apexpsvc.exe;process:_pid:14720,ProcessStart:131503445716441615
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\nith8\AppData\Local\Temp\bdm\apexpsvc.exe
Signature Version: AV: 1.251.1142.0, AS: 1.251.1142.0, NIS: 117.12.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0
 
Date: 2017-09-19 21:30:30.813
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\a9eeda085c7870ef875ed79dcb5856b1\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.251.1142.0, AS: 1.251.1142.0, NIS: 117.12.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0
 
Date: 2017-09-19 21:29:12.209
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Aenjaris!rfn
ID: 2147721332
Severity: Severe
Category: Trojan
Path: file:_C:\Users\nith8\AppData\Local\Temp\597968750\ic-0.e4f210f6c3093.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: D:\Microsoft Office 2016 Professional Plus ( 32.exe
Signature Version: AV: 1.251.1142.0, AS: 1.251.1142.0, NIS: 117.12.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0
 
Date: 2017-09-13 22:16:33.821
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BA43E6CE-6C24-42F0-BB97-5BEBA208378D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-03-29 15:02:36.955
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-29 15:02:36.786
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-03-17 09:50:22.084
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2017-11-30 08:15:25.178
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Users\nith8\AppData\Roaming\Microsoft\Protect\e8b388-ecc389-beec5636-e4d7f4-02a0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2017-11-22 19:22:38.999
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Users\nith8\AppData\Roaming\Microsoft\Protect\b5c387-f0c388-5e6b5636-a8a6d3-5bd0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2017-11-16 18:27:07.843
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Users\nith8\AppData\Roaming\Microsoft\Protect\02d383-71c387-d5ab5636-c74fb1-1ee0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2017-11-07 08:33:29.101
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Users\nith8\AppData\Roaming\Microsoft\Protect\cab382-dfc383-b81b6200-bb0ef9-c4a0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2017-11-02 13:28:39.092
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Users\nith8\AppData\Roaming\Microsoft\Protect\5ea381-05f382-d0ff6200-dbd8b8-e0f0.rs that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G4400 @ 3.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8156.24 MB
Available physical RAM: 3835.5 MB
Total Virtual: 9436.24 MB
Available Virtual: 4691.24 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.12 GB) (Free:674.76 GB) NTFS
 
\\?\Volume{bb259c22-02ae-4196-bf70-671a94753068}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.22 GB) NTFS
\\?\Volume{33cd9492-a6f5-423f-b69e-4bb4e3eb5d8c}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS
\\?\Volume{654fe038-18b2-4d45-9fbf-5b5f80b9774f}\ (PBR Image) (Fixed) (Total:11.82 GB) (Free:0.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EB0D4D9C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 20 April 2018 - 01:56 PM

Greetings eckvanet and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Rkill

-------------------
  • Please download all 3 versions of RKill by Grinler, not including the zip version, and save them to your desktop
  • Disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double click on Rkill to launch the program. If one download version does not launch try a different one.
  • Note: You may have to run Rkill a few times before it is successful
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please copy and paste the contents of the RKill report that will appear on your desktop in your reply (file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill. If your computer reboots run Rkill again before continuing on
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • Attempt to run a FRST scan and post the results
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: wednesday.lnk -> C:\Program Files (x86)\Reseal\bogue.exe
C:\Program Files (x86)\Reseal
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
HKLM\SYSTEM\CurrentControlSet\Services\lxvdcruk
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
2018-04-19 18:58 - 2018-04-19 18:58 - 000115024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tibpsvzc.sys
2017-09-07 18:42 - 2017-09-07 18:43 - 014247216 _____ (InstallShield Software Corporation) C:\Users\nith8\full.exe
Task: C:\WINDOWS\Tasks\{7BA2CD3A-43B9-8AE9-2D53-356112917208}.job => C:\Users\Selvaraj\AppData\Roaming\Rotakas\updtask.exe
C:\Users\Selvaraj\AppData\Roaming\Rotakas
ExportKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill report
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 23 April 2018 - 11:07 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 24 April 2018 - 08:37 PM

Rkill.txt

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/24/2018 09:10:46 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/24/2018 09:11:31 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
 
Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 23.04.2018
Ran by nith8 (24-04-2018 21:17:28) Run:1
Running from C:\Users\nith8\Downloads
Loaded Profiles: nith8 (Available Profiles: defaultuser0 & Selvaraj & nith8)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShortcutTarget: wednesday.lnk -> C:\Program Files (x86)\Reseal\bogue.exe
C:\Program Files (x86)\Reseal
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
HKLM\SYSTEM\CurrentControlSet\Services\lxvdcruk
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
2018-04-19 18:58 - 2018-04-19 18:58 - 000115024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tibpsvzc.sys
2017-09-07 18:42 - 2017-09-07 18:43 - 014247216 _____ (InstallShield Software Corporation) C:\Users\nith8\full.exe
Task: C:\WINDOWS\Tasks\{7BA2CD3A-43B9-8AE9-2D53-356112917208}.job => C:\Users\Selvaraj\AppData\Roaming\Rotakas\updtask.exe
C:\Users\Selvaraj\AppData\Roaming\Rotakas
ExportKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files => FRST is scripted not to move this directory.
C:\Program Files (x86)\Reseal => moved successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\olojcnagmcbplpdddabmpfehhlleobpb" => removed successfully
"HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Google\Chrome\Extensions\olojcnagmcbplpdddabmpfehhlleobpb" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olojcnagmcbplpdddabmpfehhlleobpb" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\lxvdcruk => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\MBAMFarflt" => removed successfully
MBAMFarflt => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMProtection" => removed successfully
MBAMProtection => service removed successfully
Could not move "C:\WINDOWS\system32\Drivers\tibpsvzc.sys" => Scheduled to move on reboot.
C:\Users\nith8\full.exe => moved successfully
C:\WINDOWS\Tasks\{7BA2CD3A-43B9-8AE9-2D53-356112917208}.job => moved successfully
"C:\Users\Selvaraj\AppData\Roaming\Rotakas" => not found
================== ExportKey: ===================
 
[HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"dorton"="03000000e984e42cd532d301"
"demurred"="03000000aa85fe6cdf32d301"
"Discord"="020000000000000000000000"
"OneDrive"="020000000000000000000000"
"Steam"="020000000000000000000000"
 
=== End of ExportKey ===
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-04-2018 21:20:05)
 
C:\WINDOWS\system32\Drivers\tibpsvzc.sys => Is moved successfully
 
==== End of Fixlog 21:20:05 ====
 
Adwcleaner Log
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-24.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-24-2018
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  6
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       Ask
Deleted       AOL
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
General Performance: 
 
Still getting redirected when I search Google and weimthxsrv.exe is still taking up enormous amounts of disk space. I've also noticed that Service Host: Superfetch has been eating up my disk space as well.
 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 24 April 2018 - 09:09 PM

Thank you. Please do this.

===================================================

Farbar's Recovery Scan Tool in Recovery Environment - Windows 10/8

--------------------
  • From a clean computer download Farbar Recovery Scan Tool for 64 bit systems and save it to a USB device
  • Remove your USB device but do not insert it into your compromised computer yet
  • On your compromised computer hit the Windows Key + R at the same time
  • Copy and paste shutdown.exe /r /t 05 /o in the Run box and hit Enter
  • Select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Select your account to continue
  • Enter your Password information if you have one
  • Insert your USB device
  • At the X:\windows\system32> type Notepad and hit Enter
  • Click File, then Open
  • Click This PC
  • Double click on your USB device drive letter
  • Next to Files of type: select All Files
  • Right click on FRST64 and select Run as administrator
  • Type wiemthxsrv.exe in the Search box and click Search Files
  • A Fixlog.txt document will be saved on your USB device. Copy and paste the contents of the file in your reply.
  • A Search.txt document will be saved on your USB device. Copy and paste the contents of the file in your reply.
  • Close the Command Prompt window
  • Select Continue to restart your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 April 2018 - 07:43 PM

Upon entering the command and running it, my computer restarted, but it only opened up to my MSI startup screen like I was restarting normally with no options to select.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 26 April 2018 - 08:29 PM

Is there a Fixlog.txt document on your USB drive?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 27 April 2018 - 05:57 PM

Nothing but FRST is in the USB.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 27 April 2018 - 06:39 PM

OK.

Please use this method to get to the "Select Command Prompt" step above then continue on.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 28 April 2018 - 09:06 AM

Tried going into Advanced Restart, but my computer just restarted like normal.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 28 April 2018 - 09:22 AM

Do you have a Windows Installation disk?

Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
cmd: bcdedit
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Edited by Oh My!, 28 April 2018 - 09:32 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 28 April 2018 - 10:02 AM

I'm pretty sure that I don't have a full version of Windows, as I never bought the OS after building my PC.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by nith8 (28-04-2018 11:06:28) Run:2
Running from C:\Users\nith8\Downloads
Loaded Profiles: nith8 (Available Profiles: defaultuser0 & Selvaraj & nith8)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: bcdedit
 
*****************
 
 
========= bcdedit =========
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {bd998dd8-bf5e-11e4-be6f-c81f66156352}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {bd998dda-bf5e-11e4-be6f-c81f66156352}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {bd998dd8-bf5e-11e4-be6f-c81f66156352}
nx                      OptIn
bootmenupolicy          Standard
 
========= End of CMD: =========
 
 
==== End of Fixlog 11:06:28 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 28 April 2018 - 01:11 PM

OK, please do this after booting into Safe Mode.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\lxvdcruk
DeleteValue: HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|dorton
DeleteValue: HKU\S-1-5-21-955666570-501405999-1131850818-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|demurred
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
wiemthxsrv.exe
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 eckvanet

eckvanet
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 28 April 2018 - 04:54 PM

It doesn't seem like I can boot into Safe Mode either. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 28 April 2018 - 07:05 PM

Try it in Normal Boot.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users