Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager and Regedit keeps disabling.


  • This topic is locked This topic is locked
15 replies to this topic

#1 KingChronoz

KingChronoz

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 09 June 2018 - 12:30 AM

First of all, I always get a virus everyday when I scan my PC using MalwareBytes Premium.

and as I've noticed, my Task Manager and Regedit gets disabled.

I've fixed this alot of times but it keeps on coming back, I don't know what to do.

Here's the log, (This is the virus that I always see everytime I run a full scan)

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 6/9/18
Scan Time: 1:12 PM
Log File: afc66efe-6ba3-11e8-ae9f-00241db2f5a7.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5410
License: Premium
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mariss-PC\mariss
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 248783
Threats Detected: 6
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 5
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, [13011], [293294],1.0.5410
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, [13011], [293295],1.0.5410
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [13011], [293296],1.0.5410
PUM.Optional.DisableRegistryTools, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLEREGISTRYTOOLS, No Action By User, [13037], [293310],1.0.5410
PUM.Optional.DisableTaskMgr, HKU\S-1-5-21-858333344-3013912580-3231274367-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLETASKMGR, No Action By User, [13038], [293320],1.0.5410
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [5343], [353142],1.0.5410
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

Here is my FRST.txt,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by mariss (administrator) on MARISS-PC (09-06-2018 13:26:48)
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
AlternateShell: 
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.0 serius.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BB25FDE-E75D-40B6-9E4C-B900E213CB36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8D04E6-3A33-45D0-8F42-D6A7FA1983D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-14] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5kv0k9b2.default
FF ProfilePath: C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default [2018-05-30]
FF Extension: (Советник Яндекс.Маркета) - C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default\Extensions\sovetnik-yandex@yandex.ru.xpi [2018-03-25]
FF Extension: (Советник Яндекс.Маркета) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\sovetnik-yandex@yandex.ru.xpi [2017-06-06]
FF Extension: (Visual Bookmarks) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\vb@yandex.ru.xpi [2017-06-06] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]
CHR Extension: (Docs) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-14]
CHR Extension: (YouTube) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Adblock Plus) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2619096 2016-08-19] (Blue Coat Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [125144 2016-08-19] (Blue Coat Systems, Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-27] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-06-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-06-09] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3445592 2016-08-13] (MediaTek Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-09 13:26 - 2018-06-09 13:27 - 000012567 _____ C:\Users\mariss\Desktop\FRST.txt
2018-06-09 08:14 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (1).exe
2018-06-09 08:13 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher.exe
2018-06-09 07:38 - 2018-06-09 07:38 - 000290592 _____ C:\Windows\Minidump\060918-17534-01.dmp
2018-06-08 21:24 - 2018-06-09 13:03 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-08 20:09 - 2018-06-08 20:09 - 000103140 __RSH C:\efthro.exe
2018-06-08 20:09 - 2018-06-08 20:08 - 001199825 _____ C:\Windows\unins000.exe
2018-06-08 20:04 - 2018-06-08 20:10 - 000000000 ____D C:\Users\mariss\Desktop\GTA-SanAndreas
2018-06-08 20:02 - 2018-06-08 20:02 - 000289152 _____ C:\Windows\Minidump\060818-18798-01.dmp
2018-06-08 19:56 - 2018-06-08 19:56 - 000290608 _____ C:\Windows\Minidump\060818-18844-01.dmp
2018-06-08 11:22 - 2018-06-08 11:22 - 000290632 _____ C:\Windows\Minidump\060818-19110-01.dmp
2018-06-07 18:52 - 2018-06-07 18:52 - 000290616 _____ C:\Windows\Minidump\060718-26192-01.dmp
2018-06-07 18:45 - 2018-06-09 13:03 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-07 18:45 - 2018-06-09 13:03 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-07 18:45 - 2018-06-07 18:45 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-07 18:44 - 2018-06-07 19:02 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-07 18:44 - 2018-06-07 18:44 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-07 18:44 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-05 11:11 - 2012-11-06 14:26 - 000661456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2018-06-01 19:24 - 2018-06-08 10:58 - 000000000 ____D C:\Users\mariss\AppData\Local\CrashDumps
2018-06-01 19:17 - 2018-06-09 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Cars for GTA-SA v1.5.4
2018-06-01 17:31 - 2018-06-01 17:31 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager
2018-06-01 16:43 - 2018-06-01 16:43 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Google
2018-05-30 18:16 - 2018-05-30 18:17 - 000000000 ____D C:\Users\mariss\AppData\Roaming\TechSmith
2018-05-30 18:13 - 2018-06-01 11:49 - 000000000 ____D C:\Users\mariss\Documents\Camtasia Studio
2018-05-30 18:13 - 2018-05-30 18:13 - 000000000 ____D C:\Users\mariss\AppData\Local\TechSmith
2018-05-30 18:11 - 2018-05-30 18:11 - 000001077 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2018-05-30 18:11 - 2018-05-30 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\ProgramData\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\Program Files\TechSmith
2018-05-30 17:05 - 2018-05-30 17:05 - 000000173 _____ C:\Users\mariss\Desktop\Gameclub Philippines.url
2018-05-30 17:05 - 2018-05-30 17:05 - 000000000 ____D C:\Program Files (x86)\GameClub Launcher
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\Documents\Stranded Deep
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Beam Team Games
2018-05-30 14:42 - 2018-05-30 14:42 - 000000000 ____D C:\Users\mariss\New folder
2018-05-30 13:46 - 2018-05-30 13:48 - 000000000 ____D C:\Users\mariss\AppData\Local\NVIDIA Corporation
2018-05-30 13:45 - 2018-05-30 13:47 - 000000000 ____D C:\Users\mariss\AppData\Local\NVIDIA
2018-05-30 13:45 - 2016-11-14 20:30 - 001767712 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001756560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001377752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 000112168 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2018-05-30 13:44 - 2018-05-30 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-30 13:44 - 2018-05-30 13:44 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-30 13:43 - 2018-05-30 13:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-30 13:43 - 2016-11-14 17:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-30 13:43 - 2016-11-14 17:09 - 007513855 _____ C:\Windows\system32\nvcoproc.bin
2018-05-30 13:40 - 2016-11-14 20:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-30 13:40 - 2016-11-14 20:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-05-30 13:35 - 2018-05-30 13:35 - 000000000 ____D C:\NVIDIA
2018-05-30 12:52 - 2018-05-30 12:53 - 000000000 ____D C:\AdwCleaner
2018-05-30 11:47 - 2018-06-09 07:38 - 351209448 _____ C:\Windows\MEMORY.DMP
2018-05-30 11:47 - 2018-06-09 07:38 - 000000000 ____D C:\Windows\Minidump
2018-05-30 11:47 - 2018-05-30 11:47 - 000290640 _____ C:\Windows\Minidump\053018-18392-01.dmp
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\Users\mariss\AppData\Local\modloader
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\ProgramData\modloader
2018-05-28 12:41 - 2018-06-09 08:16 - 000001315 _____ C:\Users\mariss\Desktop\Roblox Player.lnk
2018-05-28 12:41 - 2018-06-09 08:16 - 000001134 _____ C:\Users\mariss\Desktop\Roblox Studio.lnk
2018-05-28 12:41 - 2018-06-09 08:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2018-05-28 10:26 - 2018-05-28 10:26 - 000001176 _____ C:\Users\Public\Desktop\Crossfire PH.lnk
2018-05-28 10:18 - 2018-05-28 10:18 - 000000000 ____D C:\Windows\pss
2018-05-28 10:13 - 2018-05-28 10:13 - 000000000 ____D C:\Program Files (x86)\Gameclub
2018-05-22 14:09 - 2018-06-09 13:26 - 000000000 ____D C:\FRST
2018-05-22 14:09 - 2018-06-07 11:28 - 002413056 _____ (Farbar) C:\Users\mariss\Desktop\FRST64.exe
2018-05-22 07:06 - 2018-06-08 20:08 - 000000597 _____ C:\Users\mariss\Desktop\samp - Shortcut.lnk
2018-05-21 19:46 - 2018-06-08 19:53 - 000000000 ____D C:\Users\mariss\AppData\Roaming\SA-MP Audio Plugin
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\Documents\GTA San Andreas User Files
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Windows\XSxS
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Users\mariss\AppData\Local\Xenocode
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Program Files (x86)\Xenocode
2018-05-21 11:52 - 2018-05-21 12:01 - 000000000 ____D C:\Program Files\Sandboxie
2018-05-20 17:44 - 2018-06-08 08:56 - 000000440 __RSH C:\Users\mariss\ntuser.pol
2018-05-20 17:33 - 2018-05-20 17:33 - 000002166 _____ C:\Users\mariss\Desktop\Discord.lnk
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-20 17:32 - 2018-06-08 20:37 - 000000000 ____D C:\Users\mariss\AppData\Roaming\discord
2018-05-20 17:32 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Local\SquirrelTemp
2018-05-20 17:32 - 2018-05-20 17:32 - 000000000 ____D C:\Users\mariss\AppData\Local\Discord
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Users\mariss\AppData\Roaming\OBS
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files\OBS
2018-05-17 20:16 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files (x86)\OBS
2018-05-15 18:10 - 2018-05-15 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2018-05-15 11:54 - 2018-05-20 17:45 - 000000000 ____D C:\Program Files\AutoHotkey
2018-05-15 11:54 - 2018-05-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-05-15 07:55 - 2018-05-15 07:55 - 000002225 _____ C:\Users\mariss\Desktop\Free Fire.lnk
2018-05-14 18:20 - 2018-05-14 18:20 - 000002245 _____ C:\Users\mariss\Desktop\Card Wars 2.lnk
2018-05-14 16:26 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-05-14 16:25 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-05-14 16:24 - 2018-05-14 16:24 - 000000000 ____D C:\Program Files\Java
2018-05-12 21:19 - 2018-05-12 21:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\BluestacksCN
2018-05-12 21:08 - 2018-05-12 21:08 - 000002321 _____ C:\Users\mariss\Desktop\Mobile Legends  Bang Bang.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-05-12 20:34 - 2018-05-12 20:37 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\ProgramData\BlueStacks
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-05-12 20:33 - 2018-05-12 20:36 - 000000000 ____D C:\Users\mariss\AppData\Local\Bluestacks
2018-05-11 17:44 - 2018-05-12 17:32 - 000608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2018-05-11 17:44 - 2018-05-12 17:32 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2018-05-11 17:44 - 2018-05-11 17:44 - 000000000 ___HD C:\$AV_ASW
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-09 13:10 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-09 13:10 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-09 13:03 - 2018-03-14 17:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-09 13:03 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-08 21:38 - 2018-04-27 16:39 - 000000000 ____D C:\Users\mariss\Downloads\Compressed
2018-06-08 20:09 - 2018-05-03 19:23 - 000042500 _____ C:\Windows\unins000.dat
2018-06-08 10:58 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-08 09:05 - 2018-03-11 17:21 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2018-06-08 08:56 - 2018-03-11 17:18 - 000000000 ____D C:\Users\mariss
2018-06-08 08:56 - 2009-07-14 11:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-08 08:51 - 2018-03-11 17:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-06-08 08:49 - 2018-03-11 17:41 - 000000000 __SHD C:\[Smad-Cage]
2018-06-07 19:15 - 2018-05-05 13:45 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-06-07 12:14 - 2018-04-28 11:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-07 12:06 - 2018-05-08 11:59 - 000000000 __SHD C:\ProgramData\YSWOWC
2018-06-03 12:21 - 2018-03-11 23:12 - 000000000 ____D C:\Users\mariss\AppData\Local\ElevatedDiagnostics
2018-06-01 14:46 - 2018-05-02 10:11 - 000000000 ____D C:\Users\mariss\Documents\Cross Fire
2018-05-31 13:50 - 2018-03-14 17:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-31 05:05 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-31 05:05 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-05-31 04:59 - 2009-07-14 12:45 - 000428616 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-30 18:13 - 2018-03-11 19:15 - 000112480 _____ C:\Users\mariss\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-30 18:10 - 2018-05-07 09:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-30 13:45 - 2018-03-14 17:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-29 20:49 - 2018-03-25 13:13 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Mozilla
2018-05-29 20:48 - 2018-04-27 18:30 - 000000000 ____D C:\Program Files (x86)\RanWorldPH
2018-05-29 20:48 - 2018-03-25 13:02 - 000000000 ____D C:\Users\mariss\AppData\Local\Mozilla
2018-05-28 12:41 - 2018-04-27 18:38 - 000000252 _____ C:\Users\mariss\AppData\LocalLow\rbxcsettings.rbx
2018-05-28 10:26 - 2018-05-02 00:10 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk
2018-05-22 11:41 - 2018-03-17 20:57 - 000000000 ____D C:\Users\mariss\AppData\Roaming\.minecraft
2018-05-21 20:14 - 2018-03-11 17:37 - 000000000 ____D C:\Program Files (x86)\Tumblebugs
2018-05-21 20:14 - 2018-03-11 17:35 - 000000000 ____D C:\Program Files (x86)\Zuma's Revenge
2018-05-20 15:31 - 2009-07-14 10:34 - 000000256 _____ C:\Windows\system.ini
2018-05-18 11:00 - 2018-04-29 18:23 - 000000000 ____D C:\Users\mariss\AppData\Local\Growtopia
2018-05-17 21:22 - 2018-03-11 19:35 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 21:22 - 2018-03-11 19:35 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 05:23 - 2018-03-11 19:36 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 05:23 - 2018-03-11 19:36 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 11:54 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2018-05-14 16:26 - 2018-03-17 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-14 09:56 - 2018-04-27 18:07 - 000000000 ____D C:\Users\mariss\AppData\Roaming\CC
2018-05-12 20:52 - 2018-03-14 17:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 17:32 - 2018-03-14 17:05 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2018-05-12 10:52 - 2009-12-20 04:28 - 001077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2018-05-12 08:50 - 2018-04-27 17:41 - 000000000 ____D C:\ros
 
==================== Files in the root of some directories =======
 
2018-05-07 16:50 - 2018-05-08 19:47 - 000000000 _____ () C:\Users\mariss\AppData\Roaming\rbx_hook
2018-05-07 16:50 - 2018-05-08 19:26 - 004037120 _____ () C:\Users\mariss\AppData\Roaming\SLX.vmp.dll
2018-05-07 16:50 - 2018-05-08 19:26 - 000000024 _____ () C:\Users\mariss\AppData\Roaming\version
2018-05-08 12:01 - 2018-05-08 12:01 - 000007597 _____ () C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-07 07:08
 
==================== End of FRST.txt ============================

Aand here's my Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (09-06-2018 13:28:09)
Running from C:\Users\mariss\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-03-11 09:18:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-858333344-3013912580-3231274367-500 - Administrator - Disabled)
Guest (S-1-5-21-858333344-3013912580-3231274367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-858333344-3013912580-3231274367-1003 - Limited - Enabled)
mariss (S-1-5-21-858333344-3013912580-3231274367-1000 - Administrator - Enabled) => C:\Users\mariss
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AutoHotkey 1.1.28.02 (HKLM\...\AutoHotkey) (Version: 1.1.28.02 - Lexikos)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.14.1460 - BlueStack Systems, Inc.)
Camtasia 9 (HKLM\...\{33E08945-3D7B-40BB-B34F-1A3C8B9650DE}) (Version: 9.1.2.3011 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{34ab05ac-3089-417f-828e-c2da3d5b4e09}) (Version: 9.1.2.3011 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossfire PH version 1283 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1283 - Gameclub)
Discord (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Growtopia) (Version:  - )
GTA San Andreas SA-MP Addon version 2.3 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 2.3 - Absolute Play www.gta-samp.ru)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mod Sobeit Blue Eclipse V7 (HKLM-x32\...\Mod Sobeit Blue Eclipse V7) (Version:  - )
Mozilla Firefox 54.0 (x86 ru) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 ru)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Real Cars for GTA-SA v1.5.4 (HKLM-x32\...\Real Cars for GTA-SA v1.5.4) (Version:  - )
Roblox Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Rules of Survival version 1.146371.158037 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.146371.158037 - Hong Kong Netease Interactive Entertainment Limited)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SMADAV version 11.2 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.2 - Smadsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {148828A2-26A3-4D64-9D1E-D8DBEE6E937B} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_mariss => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {490F815B-AB50-4923-8D6B-59E7159E2B17} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe
Task: {8F59E994-D292-4BEA-8FB9-58BF3672886C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {BB8C0119-F470-41C1-8903-96BDAD7F8A75} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {EA3A92B6-03EB-44F6-841F-267762F97CA5} - System32\Tasks\HPCustPartic.exe_{34092B56-4D6F-40C4-96CC-74679CD02423} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {F1BDD180-2C27-465A-8880-878A8708AD02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-14 17:36 - 2016-11-14 19:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-10 11:17 - 2010-01-10 11:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 16:40 - 2010-01-21 16:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2018-06-07 18:44 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-07 18:44 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-06-07 12:08 - 2018-06-09 13:18 - 000000029 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 serius.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^mariss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP DeskJet 2130 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP DeskJet 2130 series.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9E3760CC-F0FF-4199-8476-3203F2DD92D1}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{9A92241B-320B-4D97-A959-833C2420EBEB}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B220DBFC-DC79-4D29-AF47-0EEC175D7761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A726B77-00F9-4084-B8FA-A8D2C756FF64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C25B1715-93BB-4C24-9513-CE6C71AA8292}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0BF3EFCF-071F-4760-8FDB-A0828CBD378D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{DB196F82-DBE7-4D98-A0F8-8E63FB8E55FE}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E2BD46D4-56A9-4B96-BE2A-12EF3487A2FC}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{88BD3FDE-6003-44B4-9B1D-5BD349DA811F}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{3A215F9A-2CD6-4543-AEBA-41778D97383C}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{02A42062-E588-4759-B3C1-7920FBFA74F2}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [UDP Query User{1220244F-9B02-4DB3-9065-38F52471BC29}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [TCP Query User{F5CEFDB7-0FD5-4C47-BAE0-5D3831CE6C7F}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [UDP Query User{EE10BF86-A3F1-4D15-97B7-6EE70D2BDC3E}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [TCP Query User{7FDDDC42-5778-4A10-BA12-A7A3D19D7463}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [UDP Query User{3B48257E-11C9-4481-88F5-8DB7B6BE2F8D}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [TCP Query User{80475074-7246-44E6-B3F4-87D74CEB9ED7}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [UDP Query User{2CCF440F-206C-4CB6-B319-5967C12ABB6D}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [TCP Query User{1B822792-47B5-4506-8187-707A7BFCC284}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [UDP Query User{133F43EA-EEE6-4421-9522-37A6B5D42EEE}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [TCP Query User{7EEAD1DF-371F-4793-AA03-CA28E677EB5C}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [UDP Query User{B301103E-0770-4287-8873-5FAC6819AA95}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [TCP Query User{1982E6E5-94A5-4F3D-9B4E-A9C1ADD74FFF}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [UDP Query User{BD306A83-1413-4C50-9887-3CB7F66D0CA3}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [TCP Query User{2D25B192-8DCB-4BE8-82BB-B7257BEE45FC}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [UDP Query User{8F687C15-37DD-4EF2-B190-B0B76B2953FB}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [TCP Query User{58986047-00D8-46CE-905E-0BA16AC11AC9}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [UDP Query User{4CEE546E-161C-4606-A27B-CF4842592F95}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [TCP Query User{B8C32F8B-21AD-4986-AC2E-016D6D1217E3}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [UDP Query User{DE31E58F-BF2D-48CC-83CC-51D20C843532}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [TCP Query User{0872287D-CBD6-4BB7-B4A6-BCF985860AF3}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{D13D301B-B1FA-47B3-8839-CD49ADAFC832}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{0F78E02C-68BB-43FB-8C9A-2B5CC12D367B}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{E361D463-6AE1-49E2-8EE6-324C330D4ED0}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{8DAAD7BA-DAA6-4C3A-9F2F-ED01B156806D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{684201D4-C29B-4747-AEF4-178CBFE59380}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A445F43-2213-49B0-A38C-6428200715DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA201736-1E6F-4436-A5ED-C804AFC05BA2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26C171FD-33BB-4FCC-A87C-547B46D83BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{BE301A21-C3A8-4CA0-B460-F59E102A4286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [TCP Query User{856F79D7-D494-4251-8EBD-9DD2E03E6201}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [UDP Query User{382F74A4-4F4B-4E11-89A7-F20AD56613DF}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [{56FB4997-64E6-4880-97AC-208A189D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{747F3A83-2CD1-4C47-9978-A8E301837E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F8A58785-0795-4B9B-9E1E-94FB96D1EFB1}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [UDP Query User{8ECE4216-436F-408C-97EB-0381C6E80423}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [{19C0385C-20E2-455E-8896-AFF272FECA13}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94BB3560-2400-4187-B7C4-05795B528ACE}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F2B7B35-D005-4629-BFB9-13C5205452F1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{C0497A5B-019C-46D2-BA99-78130220886B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [UDP Query User{36FA0094-8A4E-402C-B51B-191C501D707B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [TCP Query User{7024A8B8-624C-4F7A-8ED2-25EBE29AABA4}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{E0BF5817-88A0-4744-86F7-4D9C0AB5E079}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{6BFB7C4B-2F26-41F1-AD33-E5FCA2500D59}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{E9755C6B-41B5-4139-B60F-292848EFC694}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{782DC83B-438C-4741-A876-6B9BAA5D8B0C}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4B48498C-AA58-464E-B225-B9D911BAA1E5}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{922D3BE2-CEED-4847-A816-742D5F1F00DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8B5B85FF-F040-40EE-BB06-B45A24785895}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{54E6624F-3C9B-41FA-A766-DD7B9C89EFAB}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{F7AF7FE0-D983-4F8D-B0F7-8683F5691645}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [UDP Query User{2BB59613-F600-4CD1-875B-C4ADB7BDD186}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [TCP Query User{C7AA4660-D358-4991-8F2D-2E60EBF96F9A}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [UDP Query User{7E967D3A-2DFB-4FCB-9463-585E07BAD3FA}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [TCP Query User{590F3325-3F51-457A-B962-25C305A7E14F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [UDP Query User{D1D44385-946B-48E2-889F-BFFC9DB8C78F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [TCP Query User{6E164671-11F6-4967-AD20-D0C19B389B68}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [UDP Query User{FCAE8CE3-E7A7-433E-A041-6EA0EF2C779C}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [{94DAFE04-85BF-4897-A886-E16DB3733251}] => (Allow) LPort=8080
FirewallRules: [{4D61C979-2CDD-4826-A3B0-5CF569214C84}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{21F50654-DAD4-498E-8AD8-2EFD55BED5E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{876F6779-F072-480A-85F2-210926FE89B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0122B6CD-1196-4F80-BB65-2FE4312D2651}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{87FB8A96-B9E0-4BB3-BBD5-F03B79B8B56B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{14BB2AF3-B94A-495B-9D7B-6A9B907CCFA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77CB45E6-5385-46E8-8920-6C2368EAD66D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0FE5F3F-DE85-4ED5-BE5E-666415486D9E}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{8FFD1E8D-5BD2-4EB4-AC6B-6A54163BB78D}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
FirewallRules: [UDP Query User{052B56AF-8BF6-4149-B1AD-A30C58768A1C}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
 
==================== Restore Points =========================
 
07-06-2018 11:29:22 Restore Point Created by FRST
07-06-2018 18:28:31 Installed WinThruster.
07-06-2018 18:33:53 WinThruster (64-bit) Backup
07-06-2018 18:36:26 Windows Defender Checkpoint
07-06-2018 18:59:39 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/09/2018 01:04:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2018 07:39:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2018 05:19:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/08/2018 09:39:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/08/2018 08:39:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (06/08/2018 08:39:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (06/08/2018 08:07:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\mariss\Downloads\Programs\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/08/2018 08:04:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/09/2018 01:18:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/09/2018 01:18:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/09/2018 01:10:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/09/2018 01:10:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/09/2018 01:06:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/09/2018 01:06:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/09/2018 01:04:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/09/2018 01:04:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Windows Defender:
===================================
Date: 2018-06-07 18:36:24.378
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\Documents\LicenseEN.rtf;file:C:\Program Files\Solvusoft\WinThruster\LogFilesCollector.exe;file:C:\Program Files\Solvusoft\WinThruster\Sync.exe;file:C:\Program Files\Solvusoft\WinThruster\Uninstall.exe;file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request support.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Uninstall.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\WinThruster.lnk;folder:C:\Program Files\Solvuso
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-06-07 18:34:44.372
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;process:pid:1932
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-05-30 10:29:43.481
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{C7118EF5-46BF-430F-86CF-D4D8BFD06B0E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-06-09 08:00:54.288
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-09 08:00:54.278
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-09 08:00:54.216
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-09 08:00:54.206
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-07 07:08:39.380
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-07 07:08:39.323
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-07 07:08:39.287
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-07 07:08:39.279
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 55%
Total physical RAM: 4094.49 MB
Available physical RAM: 1804.04 MB
Total Virtual: 8187.18 MB
Available Virtual: 5994.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.48 GB) (Free:72.23 GB) NTFS
Drive d: () (Fixed) (Total:151.51 GB) (Free:126.15 GB) NTFS
 
\\?\Volume{33b07ec0-250c-11e8-ad00-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2F172F16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

I really want this virus to be removed ASAP, Its really annoying.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 09 June 2018 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

When all is well make sure you update Windows Defender.
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {490F815B-AB50-4923-8D6B-59E7159E2B17} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SM?RTP.exe
Windows Firewall is disabled.
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: SM?RT-Protection => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
C:\Windows\System32\Tasks\smadav
HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 09 June 2018 - 07:26 PM

I can now access my task manager and regedit right now, but I think after 3 hours or a day, it will be disabled again.

I tried fixing this manually but it kept on coming back.

I don't know what to do, I think this is just a temporary fix.

Don't lock this topic yet.


Edited by KingChronoz, 09 June 2018 - 07:26 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 10 June 2018 - 07:05 AM

Hi,

Please post the Fixlog.txt that was created when you executed the fix.

Scan again with the Farbar program and post a fresh FRST log for my review.

#5 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 10 June 2018 - 08:06 PM

The problem came back again, I can't use my Task Manager and Regedit, I really think there is a virus hiding in my computer,
Here's the FRST log you asked for,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by mariss (administrator) on MARISS-PC (11-06-2018 09:02:37)
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\mariss\AppData\Local\Discord\app-0.0.301\Discord.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.0 serius.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BB25FDE-E75D-40B6-9E4C-B900E213CB36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8D04E6-3A33-45D0-8F42-D6A7FA1983D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-14] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5kv0k9b2.default
FF ProfilePath: C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default [2018-05-30]
FF Extension: (Советник Яндекс.Маркета) - C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default\Extensions\sovetnik-yandex@yandex.ru.xpi [2018-03-25]
FF Extension: (Советник Яндекс.Маркета) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\sovetnik-yandex@yandex.ru.xpi [2017-06-06]
FF Extension: (Visual Bookmarks) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\vb@yandex.ru.xpi [2017-06-06] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default [2018-06-11]
CHR Extension: (Docs) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-14]
CHR Extension: (YouTube) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Adblock Plus) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2619096 2016-08-19] (Blue Coat Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [125144 2016-08-19] (Blue Coat Systems, Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-27] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-06-07] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-09] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-07] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-06-09] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3445592 2016-08-13] (MediaTek Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 09:02 - 2018-06-11 09:03 - 000012280 _____ C:\Users\mariss\Desktop\FRST.txt
2018-06-10 18:06 - 2018-06-10 18:07 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (2).exe
2018-06-10 07:35 - 2018-06-10 07:36 - 000004751 _____ C:\Users\mariss\Desktop\Fixlog.txt
2018-06-09 08:14 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (1).exe
2018-06-09 08:13 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher.exe
2018-06-09 07:38 - 2018-06-09 07:38 - 000290592 _____ C:\Windows\Minidump\060918-17534-01.dmp
2018-06-08 21:24 - 2018-06-09 13:03 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-08 20:09 - 2018-06-08 20:09 - 000103140 __RSH C:\efthro.exe
2018-06-08 20:09 - 2018-06-08 20:08 - 001199825 _____ C:\Windows\unins000.exe
2018-06-08 20:04 - 2018-06-08 20:10 - 000000000 ____D C:\Users\mariss\Desktop\GTA-SanAndreas
2018-06-08 20:02 - 2018-06-08 20:02 - 000289152 _____ C:\Windows\Minidump\060818-18798-01.dmp
2018-06-08 19:56 - 2018-06-08 19:56 - 000290608 _____ C:\Windows\Minidump\060818-18844-01.dmp
2018-06-08 11:22 - 2018-06-08 11:22 - 000290632 _____ C:\Windows\Minidump\060818-19110-01.dmp
2018-06-07 18:52 - 2018-06-07 18:52 - 000290616 _____ C:\Windows\Minidump\060718-26192-01.dmp
2018-06-07 18:45 - 2018-06-09 13:03 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-07 18:45 - 2018-06-09 13:03 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-07 18:45 - 2018-06-07 18:45 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-07 18:44 - 2018-06-07 19:02 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-07 18:44 - 2018-06-07 18:44 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-07 18:44 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-05 11:11 - 2012-11-06 14:26 - 000661456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2018-06-01 19:24 - 2018-06-08 10:58 - 000000000 ____D C:\Users\mariss\AppData\Local\CrashDumps
2018-06-01 19:17 - 2018-06-09 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Cars for GTA-SA v1.5.4
2018-06-01 17:31 - 2018-06-01 17:31 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager
2018-06-01 16:43 - 2018-06-01 16:43 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Google
2018-05-30 18:16 - 2018-05-30 18:17 - 000000000 ____D C:\Users\mariss\AppData\Roaming\TechSmith
2018-05-30 18:13 - 2018-06-01 11:49 - 000000000 ____D C:\Users\mariss\Documents\Camtasia Studio
2018-05-30 18:13 - 2018-05-30 18:13 - 000000000 ____D C:\Users\mariss\AppData\Local\TechSmith
2018-05-30 18:11 - 2018-05-30 18:11 - 000001077 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2018-05-30 18:11 - 2018-05-30 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\ProgramData\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\Program Files\TechSmith
2018-05-30 17:05 - 2018-05-30 17:05 - 000000173 _____ C:\Users\mariss\Desktop\Gameclub Philippines.url
2018-05-30 17:05 - 2018-05-30 17:05 - 000000000 ____D C:\Program Files (x86)\GameClub Launcher
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\Documents\Stranded Deep
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Beam Team Games
2018-05-30 14:42 - 2018-05-30 14:42 - 000000000 ____D C:\Users\mariss\New folder
2018-05-30 13:46 - 2018-05-30 13:48 - 000000000 ____D C:\Users\mariss\AppData\Local\NVIDIA Corporation
2018-05-30 13:45 - 2018-05-30 13:47 - 000000000 ____D C:\Users\mariss\AppData\Local\NVIDIA
2018-05-30 13:45 - 2016-11-14 20:30 - 001767712 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001756560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001377752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 000112168 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2018-05-30 13:44 - 2018-05-30 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-30 13:44 - 2018-05-30 13:44 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-30 13:43 - 2018-05-30 13:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-30 13:43 - 2016-11-14 17:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-30 13:43 - 2016-11-14 17:09 - 007513855 _____ C:\Windows\system32\nvcoproc.bin
2018-05-30 13:40 - 2016-11-14 20:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-30 13:40 - 2016-11-14 20:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-05-30 13:35 - 2018-05-30 13:35 - 000000000 ____D C:\NVIDIA
2018-05-30 12:52 - 2018-05-30 12:53 - 000000000 ____D C:\AdwCleaner
2018-05-30 11:47 - 2018-06-09 07:38 - 351209448 _____ C:\Windows\MEMORY.DMP
2018-05-30 11:47 - 2018-06-09 07:38 - 000000000 ____D C:\Windows\Minidump
2018-05-30 11:47 - 2018-05-30 11:47 - 000290640 _____ C:\Windows\Minidump\053018-18392-01.dmp
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\Users\mariss\AppData\Local\modloader
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\ProgramData\modloader
2018-05-28 12:41 - 2018-06-09 08:16 - 000001315 _____ C:\Users\mariss\Desktop\Roblox Player.lnk
2018-05-28 12:41 - 2018-06-09 08:16 - 000001134 _____ C:\Users\mariss\Desktop\Roblox Studio.lnk
2018-05-28 12:41 - 2018-06-09 08:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2018-05-28 10:26 - 2018-05-28 10:26 - 000001176 _____ C:\Users\Public\Desktop\Crossfire PH.lnk
2018-05-28 10:18 - 2018-05-28 10:18 - 000000000 ____D C:\Windows\pss
2018-05-28 10:13 - 2018-05-28 10:13 - 000000000 ____D C:\Program Files (x86)\Gameclub
2018-05-22 14:09 - 2018-06-11 09:02 - 000000000 ____D C:\FRST
2018-05-22 14:09 - 2018-06-07 11:28 - 002413056 _____ (Farbar) C:\Users\mariss\Desktop\FRST64.exe
2018-05-22 07:06 - 2018-06-08 20:08 - 000000597 _____ C:\Users\mariss\Desktop\samp - Shortcut.lnk
2018-05-21 19:46 - 2018-06-08 19:53 - 000000000 ____D C:\Users\mariss\AppData\Roaming\SA-MP Audio Plugin
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\Documents\GTA San Andreas User Files
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Windows\XSxS
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Users\mariss\AppData\Local\Xenocode
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Program Files (x86)\Xenocode
2018-05-21 11:52 - 2018-05-21 12:01 - 000000000 ____D C:\Program Files\Sandboxie
2018-05-20 17:44 - 2018-06-10 07:37 - 000000008 __RSH C:\Users\mariss\ntuser.pol
2018-05-20 17:33 - 2018-05-20 17:33 - 000002166 _____ C:\Users\mariss\Desktop\Discord.lnk
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-20 17:32 - 2018-06-11 08:51 - 000000000 ____D C:\Users\mariss\AppData\Roaming\discord
2018-05-20 17:32 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Local\SquirrelTemp
2018-05-20 17:32 - 2018-05-20 17:32 - 000000000 ____D C:\Users\mariss\AppData\Local\Discord
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Users\mariss\AppData\Roaming\OBS
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files\OBS
2018-05-17 20:16 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files (x86)\OBS
2018-05-15 18:10 - 2018-05-15 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2018-05-15 11:54 - 2018-05-20 17:45 - 000000000 ____D C:\Program Files\AutoHotkey
2018-05-15 11:54 - 2018-05-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-05-15 07:55 - 2018-05-15 07:55 - 000002225 _____ C:\Users\mariss\Desktop\Free Fire.lnk
2018-05-14 18:20 - 2018-05-14 18:20 - 000002245 _____ C:\Users\mariss\Desktop\Card Wars 2.lnk
2018-05-14 16:26 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-05-14 16:25 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-05-14 16:24 - 2018-05-14 16:24 - 000000000 ____D C:\Program Files\Java
2018-05-12 21:19 - 2018-05-12 21:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\BluestacksCN
2018-05-12 21:08 - 2018-05-12 21:08 - 000002321 _____ C:\Users\mariss\Desktop\Mobile Legends  Bang Bang.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-05-12 20:37 - 2018-05-12 20:37 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-05-12 20:34 - 2018-05-12 20:37 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\ProgramData\BlueStacks
2018-05-12 20:34 - 2018-05-12 20:36 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-05-12 20:33 - 2018-05-12 20:36 - 000000000 ____D C:\Users\mariss\AppData\Local\Bluestacks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-11 05:45 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-11 05:45 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-11 05:38 - 2018-03-14 17:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-11 05:38 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-10 07:37 - 2018-03-11 17:18 - 000000000 ____D C:\Users\mariss
2018-06-10 07:35 - 2009-07-14 11:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-09 22:39 - 2018-05-08 12:01 - 000007597 _____ C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
2018-06-08 21:38 - 2018-04-27 16:39 - 000000000 ____D C:\Users\mariss\Downloads\Compressed
2018-06-08 20:09 - 2018-05-03 19:23 - 000042500 _____ C:\Windows\unins000.dat
2018-06-08 10:58 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-08 09:05 - 2018-03-11 17:21 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2018-06-08 08:51 - 2018-03-11 17:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-06-08 08:49 - 2018-03-11 17:41 - 000000000 __SHD C:\[Smad-Cage]
2018-06-07 19:15 - 2018-05-05 13:45 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-06-07 12:14 - 2018-04-28 11:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-07 12:06 - 2018-05-08 11:59 - 000000000 __SHD C:\ProgramData\YSWOWC
2018-06-03 12:21 - 2018-03-11 23:12 - 000000000 ____D C:\Users\mariss\AppData\Local\ElevatedDiagnostics
2018-06-01 14:46 - 2018-05-02 10:11 - 000000000 ____D C:\Users\mariss\Documents\Cross Fire
2018-05-31 13:50 - 2018-03-14 17:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-31 05:05 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-31 05:05 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-05-31 04:59 - 2009-07-14 12:45 - 000428616 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-30 18:13 - 2018-03-11 19:15 - 000112480 _____ C:\Users\mariss\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-30 18:10 - 2018-05-07 09:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-30 13:45 - 2018-03-14 17:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-29 20:49 - 2018-03-25 13:13 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Mozilla
2018-05-29 20:48 - 2018-04-27 18:30 - 000000000 ____D C:\Program Files (x86)\RanWorldPH
2018-05-29 20:48 - 2018-03-25 13:02 - 000000000 ____D C:\Users\mariss\AppData\Local\Mozilla
2018-05-28 12:41 - 2018-04-27 18:38 - 000000252 _____ C:\Users\mariss\AppData\LocalLow\rbxcsettings.rbx
2018-05-28 10:26 - 2018-05-02 00:10 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk
2018-05-22 11:41 - 2018-03-17 20:57 - 000000000 ____D C:\Users\mariss\AppData\Roaming\.minecraft
2018-05-21 20:14 - 2018-03-11 17:37 - 000000000 ____D C:\Program Files (x86)\Tumblebugs
2018-05-21 20:14 - 2018-03-11 17:35 - 000000000 ____D C:\Program Files (x86)\Zuma's Revenge
2018-05-20 15:31 - 2009-07-14 10:34 - 000000256 _____ C:\Windows\system.ini
2018-05-18 11:00 - 2018-04-29 18:23 - 000000000 ____D C:\Users\mariss\AppData\Local\Growtopia
2018-05-17 21:22 - 2018-03-11 19:35 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 21:22 - 2018-03-11 19:35 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 05:23 - 2018-03-11 19:36 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 05:23 - 2018-03-11 19:36 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 11:54 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2018-05-14 16:26 - 2018-03-17 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-14 09:56 - 2018-04-27 18:07 - 000000000 ____D C:\Users\mariss\AppData\Roaming\CC
2018-05-12 20:52 - 2018-03-14 17:05 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 17:32 - 2018-05-11 17:44 - 000608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2018-05-12 17:32 - 2018-05-11 17:44 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2018-05-12 17:32 - 2018-03-14 17:05 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2018-05-12 10:52 - 2009-12-20 04:28 - 001077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2018-05-12 08:50 - 2018-04-27 17:41 - 000000000 ____D C:\ros
 
==================== Files in the root of some directories =======
 
2018-05-07 16:50 - 2018-05-08 19:47 - 000000000 _____ () C:\Users\mariss\AppData\Roaming\rbx_hook
2018-05-07 16:50 - 2018-05-08 19:26 - 004037120 _____ () C:\Users\mariss\AppData\Roaming\SLX.vmp.dll
2018-05-07 16:50 - 2018-05-08 19:26 - 000000024 _____ () C:\Users\mariss\AppData\Roaming\version
2018-05-08 12:01 - 2018-06-09 22:39 - 000007597 _____ () C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-07 07:08
 
==================== End of FRST.txt ============================

Just in case you needed an Addition.txt, here it is.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (11-06-2018 09:03:23)
Running from C:\Users\mariss\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-03-11 09:18:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-858333344-3013912580-3231274367-500 - Administrator - Disabled)
Guest (S-1-5-21-858333344-3013912580-3231274367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-858333344-3013912580-3231274367-1003 - Limited - Enabled)
mariss (S-1-5-21-858333344-3013912580-3231274367-1000 - Administrator - Enabled) => C:\Users\mariss
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AutoHotkey 1.1.28.02 (HKLM\...\AutoHotkey) (Version: 1.1.28.02 - Lexikos)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.14.1460 - BlueStack Systems, Inc.)
Camtasia 9 (HKLM\...\{33E08945-3D7B-40BB-B34F-1A3C8B9650DE}) (Version: 9.1.2.3011 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{34ab05ac-3089-417f-828e-c2da3d5b4e09}) (Version: 9.1.2.3011 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossfire PH version 1283 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1283 - Gameclub)
Discord (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Growtopia) (Version:  - )
GTA San Andreas SA-MP Addon version 2.3 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 2.3 - Absolute Play www.gta-samp.ru)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mod Sobeit Blue Eclipse V7 (HKLM-x32\...\Mod Sobeit Blue Eclipse V7) (Version:  - )
Mozilla Firefox 54.0 (x86 ru) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 ru)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Real Cars for GTA-SA v1.5.4 (HKLM-x32\...\Real Cars for GTA-SA v1.5.4) (Version:  - )
Roblox Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Rules of Survival version 1.146371.158037 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.146371.158037 - Hong Kong Netease Interactive Entertainment Limited)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SMADAV version 11.2 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.2 - Smadsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {148828A2-26A3-4D64-9D1E-D8DBEE6E937B} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_mariss => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {8F59E994-D292-4BEA-8FB9-58BF3672886C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {BB8C0119-F470-41C1-8903-96BDAD7F8A75} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {EA3A92B6-03EB-44F6-841F-267762F97CA5} - System32\Tasks\HPCustPartic.exe_{34092B56-4D6F-40C4-96CC-74679CD02423} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {F1BDD180-2C27-465A-8880-878A8708AD02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-14 17:36 - 2016-11-14 19:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-10 11:17 - 2010-01-10 11:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 16:40 - 2010-01-21 16:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2018-06-07 18:44 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2018-05-30 13:45 - 2016-11-14 20:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-30 13:44 - 2016-11-14 20:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-20 17:32 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\mariss\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-20 17:33 - 2018-05-27 18:20 - 009820504 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-20 17:33 - 2018-05-20 17:33 - 001530712 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-20 17:33 - 2018-05-20 17:33 - 000512856 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-20 17:33 - 2018-05-20 17:33 - 001578840 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-05-20 17:33 - 2018-05-20 17:34 - 001728344 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-05-20 17:33 - 2018-05-20 17:33 - 002722648 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-05-20 17:36 - 2018-05-20 17:36 - 002760536 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-05-20 17:36 - 2018-05-20 17:36 - 001249112 _____ () \\?\C:\Users\mariss\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-06-07 12:08 - 2018-06-09 13:18 - 000000029 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 serius.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^mariss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP DeskJet 2130 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP DeskJet 2130 series.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9E3760CC-F0FF-4199-8476-3203F2DD92D1}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{9A92241B-320B-4D97-A959-833C2420EBEB}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B220DBFC-DC79-4D29-AF47-0EEC175D7761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A726B77-00F9-4084-B8FA-A8D2C756FF64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C25B1715-93BB-4C24-9513-CE6C71AA8292}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0BF3EFCF-071F-4760-8FDB-A0828CBD378D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{DB196F82-DBE7-4D98-A0F8-8E63FB8E55FE}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E2BD46D4-56A9-4B96-BE2A-12EF3487A2FC}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{88BD3FDE-6003-44B4-9B1D-5BD349DA811F}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{3A215F9A-2CD6-4543-AEBA-41778D97383C}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{02A42062-E588-4759-B3C1-7920FBFA74F2}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [UDP Query User{1220244F-9B02-4DB3-9065-38F52471BC29}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe
FirewallRules: [TCP Query User{F5CEFDB7-0FD5-4C47-BAE0-5D3831CE6C7F}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [UDP Query User{EE10BF86-A3F1-4D15-97B7-6EE70D2BDC3E}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe
FirewallRules: [TCP Query User{7FDDDC42-5778-4A10-BA12-A7A3D19D7463}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [UDP Query User{3B48257E-11C9-4481-88F5-8DB7B6BE2F8D}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe
FirewallRules: [TCP Query User{80475074-7246-44E6-B3F4-87D74CEB9ED7}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [UDP Query User{2CCF440F-206C-4CB6-B319-5967C12ABB6D}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [TCP Query User{1B822792-47B5-4506-8187-707A7BFCC284}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [UDP Query User{133F43EA-EEE6-4421-9522-37A6B5D42EEE}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe
FirewallRules: [TCP Query User{7EEAD1DF-371F-4793-AA03-CA28E677EB5C}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [UDP Query User{B301103E-0770-4287-8873-5FAC6819AA95}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [TCP Query User{1982E6E5-94A5-4F3D-9B4E-A9C1ADD74FFF}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [UDP Query User{BD306A83-1413-4C50-9887-3CB7F66D0CA3}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [TCP Query User{2D25B192-8DCB-4BE8-82BB-B7257BEE45FC}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [UDP Query User{8F687C15-37DD-4EF2-B190-B0B76B2953FB}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe
FirewallRules: [TCP Query User{58986047-00D8-46CE-905E-0BA16AC11AC9}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [UDP Query User{4CEE546E-161C-4606-A27B-CF4842592F95}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe
FirewallRules: [TCP Query User{B8C32F8B-21AD-4986-AC2E-016D6D1217E3}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [UDP Query User{DE31E58F-BF2D-48CC-83CC-51D20C843532}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [TCP Query User{0872287D-CBD6-4BB7-B4A6-BCF985860AF3}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{D13D301B-B1FA-47B3-8839-CD49ADAFC832}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{0F78E02C-68BB-43FB-8C9A-2B5CC12D367B}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{E361D463-6AE1-49E2-8EE6-324C330D4ED0}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{8DAAD7BA-DAA6-4C3A-9F2F-ED01B156806D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{684201D4-C29B-4747-AEF4-178CBFE59380}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A445F43-2213-49B0-A38C-6428200715DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA201736-1E6F-4436-A5ED-C804AFC05BA2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26C171FD-33BB-4FCC-A87C-547B46D83BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{BE301A21-C3A8-4CA0-B460-F59E102A4286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [TCP Query User{856F79D7-D494-4251-8EBD-9DD2E03E6201}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [UDP Query User{382F74A4-4F4B-4E11-89A7-F20AD56613DF}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe
FirewallRules: [{56FB4997-64E6-4880-97AC-208A189D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{747F3A83-2CD1-4C47-9978-A8E301837E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F8A58785-0795-4B9B-9E1E-94FB96D1EFB1}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [UDP Query User{8ECE4216-436F-408C-97EB-0381C6E80423}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [{19C0385C-20E2-455E-8896-AFF272FECA13}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94BB3560-2400-4187-B7C4-05795B528ACE}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F2B7B35-D005-4629-BFB9-13C5205452F1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{C0497A5B-019C-46D2-BA99-78130220886B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [UDP Query User{36FA0094-8A4E-402C-B51B-191C501D707B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe
FirewallRules: [TCP Query User{7024A8B8-624C-4F7A-8ED2-25EBE29AABA4}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [UDP Query User{E0BF5817-88A0-4744-86F7-4D9C0AB5E079}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe] => (Allow) C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe
FirewallRules: [TCP Query User{6BFB7C4B-2F26-41F1-AD33-E5FCA2500D59}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{E9755C6B-41B5-4139-B60F-292848EFC694}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{782DC83B-438C-4741-A876-6B9BAA5D8B0C}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4B48498C-AA58-464E-B225-B9D911BAA1E5}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{922D3BE2-CEED-4847-A816-742D5F1F00DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8B5B85FF-F040-40EE-BB06-B45A24785895}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{54E6624F-3C9B-41FA-A766-DD7B9C89EFAB}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{F7AF7FE0-D983-4F8D-B0F7-8683F5691645}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [UDP Query User{2BB59613-F600-4CD1-875B-C4ADB7BDD186}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [TCP Query User{C7AA4660-D358-4991-8F2D-2E60EBF96F9A}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [UDP Query User{7E967D3A-2DFB-4FCB-9463-585E07BAD3FA}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [TCP Query User{590F3325-3F51-457A-B962-25C305A7E14F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [UDP Query User{D1D44385-946B-48E2-889F-BFFC9DB8C78F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [TCP Query User{6E164671-11F6-4967-AD20-D0C19B389B68}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [UDP Query User{FCAE8CE3-E7A7-433E-A041-6EA0EF2C779C}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [{94DAFE04-85BF-4897-A886-E16DB3733251}] => (Allow) LPort=8080
FirewallRules: [{4D61C979-2CDD-4826-A3B0-5CF569214C84}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{21F50654-DAD4-498E-8AD8-2EFD55BED5E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{876F6779-F072-480A-85F2-210926FE89B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0122B6CD-1196-4F80-BB65-2FE4312D2651}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{87FB8A96-B9E0-4BB3-BBD5-F03B79B8B56B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{14BB2AF3-B94A-495B-9D7B-6A9B907CCFA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77CB45E6-5385-46E8-8920-6C2368EAD66D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0FE5F3F-DE85-4ED5-BE5E-666415486D9E}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{8FFD1E8D-5BD2-4EB4-AC6B-6A54163BB78D}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
FirewallRules: [UDP Query User{052B56AF-8BF6-4149-B1AD-A30C58768A1C}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
 
==================== Restore Points =========================
 
10-06-2018 07:28:18 Windows Update
10-06-2018 07:35:47 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2018 05:39:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2018 09:53:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2018 10:40:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (06/10/2018 10:40:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (06/10/2018 07:39:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/10/2018 05:54:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2018 10:53:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/09/2018 10:38:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/11/2018 07:45:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/11/2018 07:45:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/11/2018 06:41:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/11/2018 06:41:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/11/2018 06:09:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/11/2018 06:09:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/11/2018 05:53:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/11/2018 05:53:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Windows Defender:
===================================
Date: 2018-06-07 18:36:24.378
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\Documents\LicenseEN.rtf;file:C:\Program Files\Solvusoft\WinThruster\LogFilesCollector.exe;file:C:\Program Files\Solvusoft\WinThruster\Sync.exe;file:C:\Program Files\Solvusoft\WinThruster\Uninstall.exe;file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request support.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Uninstall.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\WinThruster.lnk;folder:C:\Program Files\Solvuso
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-06-07 18:34:44.372
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;process:pid:1932
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-05-30 10:29:43.481
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{C7118EF5-46BF-430F-86CF-D4D8BFD06B0E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-06-11 06:08:20.948
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.932
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.901
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.885
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.392
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.334
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.283
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.239
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 55%
Total physical RAM: 4094.49 MB
Available physical RAM: 1824.61 MB
Total Virtual: 8187.18 MB
Available Virtual: 5609.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.48 GB) (Free:70 GB) NTFS
Drive d: () (Fixed) (Total:151.51 GB) (Free:126.15 GB) NTFS
 
\\?\Volume{33b07ec0-250c-11e8-ad00-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2F172F16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 

Lastly, here's my fixlog.txt,

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (10-06-2018 07:35:47) Run:3
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {490F815B-AB50-4923-8D6B-59E7159E2B17} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SM?RTP.exe
Windows Firewall is disabled.
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: SM?RT-Protection => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
C:\Windows\System32\Tasks\smadav
HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{490F815B-AB50-4923-8D6B-59E7159E2B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490F815B-AB50-4923-8D6B-59E7159E2B17}" => removed successfully
C:\Windows\System32\Tasks\smadav => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smadav" => removed successfully
Windows Firewall is disabled. => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverPack Notifier" => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SM?RT-Protection => not found
"C:\Windows\System32\Tasks\smadav" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SM?RT-Protection" => not found
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14255349 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1595142 B
Edge => 0 B
Chrome => 392151626 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 0 B
LocalService => 66228 B
NetworkService => 66228 B
mariss => 1589802 B
UpdatusUser => 0 B
 
RecycleBin => 72951 B
EmptyTemp: => 402.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:36:11 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 11 June 2018 - 06:38 AM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please include the Fixlog.txt that was created when you executed my fix.

#7 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 11 June 2018 - 09:33 PM

Here's the ReportRogue.txt you asked for,
I deleted everything that RogueKiller detected btw.

My TaskManager and Regedit is still disabled.

 

 

RogueKiller V12.12.21.0 (x64) [Jun 11 2018] (Free) by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mariss [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/12/2018 09:35:32 (Duration : 00:41:00)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 49 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\MYGAME -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BBD9FAD7-F782-4548-B00F-E612322950F6} -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{88BD3FDE-6003-44B4-9B1D-5BD349DA811F}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3A215F9A-2CD6-4543-AEBA-41778D97383C}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{02A42062-E588-4759-B3C1-7920FBFA74F2}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{1220244F-9B02-4DB3-9065-38F52471BC29}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F5CEFDB7-0FD5-4C47-BAE0-5D3831CE6C7F}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{EE10BF86-A3F1-4D15-97B7-6EE70D2BDC3E}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7FDDDC42-5778-4A10-BA12-A7A3D19D7463}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3B48257E-11C9-4481-88F5-8DB7B6BE2F8D}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{1B822792-47B5-4506-8187-707A7BFCC284}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{133F43EA-EEE6-4421-9522-37A6B5D42EEE}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2D25B192-8DCB-4BE8-82BB-B7257BEE45FC}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{8F687C15-37DD-4EF2-B190-B0B76B2953FB}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{58986047-00D8-46CE-905E-0BA16AC11AC9}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4CEE546E-161C-4606-A27B-CF4842592F95}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{856F79D7-D494-4251-8EBD-9DD2E03E6201}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{382F74A4-4F4B-4E11-89A7-F20AD56613DF}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C0497A5B-019C-46D2-BA99-78130220886B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{36FA0094-8A4E-402C-B51B-191C501D707B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7024A8B8-624C-4F7A-8ED2-25EBE29AABA4}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E0BF5817-88A0-4744-86F7-4D9C0AB5E079}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{88BD3FDE-6003-44B4-9B1D-5BD349DA811F}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3A215F9A-2CD6-4543-AEBA-41778D97383C}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{02A42062-E588-4759-B3C1-7920FBFA74F2}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{1220244F-9B02-4DB3-9065-38F52471BC29}C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.003\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F5CEFDB7-0FD5-4C47-BAE0-5D3831CE6C7F}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{EE10BF86-A3F1-4D15-97B7-6EE70D2BDC3E}C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.004\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7FDDDC42-5778-4A10-BA12-A7A3D19D7463}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3B48257E-11C9-4481-88F5-8DB7B6BE2F8D}C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.006\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{1B822792-47B5-4506-8187-707A7BFCC284}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{133F43EA-EEE6-4421-9522-37A6B5D42EEE}C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.008\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{2D25B192-8DCB-4BE8-82BB-B7257BEE45FC}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{8F687C15-37DD-4EF2-B190-B0B76B2953FB}C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00b\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{58986047-00D8-46CE-905E-0BA16AC11AC9}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4CEE546E-161C-4606-A27B-CF4842592F95}C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mariss\appdata\local\temp\7zipsfx.00c\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{856F79D7-D494-4251-8EBD-9DD2E03E6201}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{382F74A4-4F4B-4E11-89A7-F20AD56613DF}C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.00f\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C0497A5B-019C-46D2-BA99-78130220886B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{36FA0094-8A4E-402C-B51B-191C501D707B}C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.001\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7024A8B8-624C-4F7A-8ED2-25EBE29AABA4}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E0BF5817-88A0-4744-86F7-4D9C0AB5E079}C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\mariss\appdata\local\temp\7zipsfx.002\hl2.exe|Name=hl2.exe|Desc=hl2.exe|Defer=User| [x] -> Deleted
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 1  -> Deleted
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 1  -> Deleted
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 1  -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 1  -> ERROR [2]
[PUM.SecurityCenter] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1  -> Deleted
[PUM.SecurityCenter] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1  -> Deleted
[PUM.SecurityCenter] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1  -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0000\00000041.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0000\00000048.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0000\00000050.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0000\00000073.bin -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH\0000 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0001\00000000.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0001\libiconv2.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0001\patch.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0001\XPva03.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH\0001 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\10000000.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\10000004.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\10000005.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\10000006.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\41000000.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0002\41000001.bin -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH\0002 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000001.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000002.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000004.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000005.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000006.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\41000008.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000001.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000002.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000004.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000005.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000006.bin -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\0004\81000008.bin -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH\0004 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\banner\patchbanner.jpg -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH\banner -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\dbghelp.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Gameclub.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Global.cki -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\MFC71.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\msvcr71.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Reviser.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Script.mgs -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Starter.cfg -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\Starter.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\uninst.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\GameClub Launcher\PH\VersionInfo.dat -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\GameClub Launcher\PH -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AVVS-00L2B0 ATA Device +++++
--- User ---
[MBR] 44f5f044dbe29dceb52840a3bf6d55f2
[BSP] c250d047046a6b8504c460465a4ddddf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 150000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307406848 | Size: 155142 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

Lastly, here's the Fixlog.txt 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (10-06-2018 07:35:47) Run:3
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {490F815B-AB50-4923-8D6B-59E7159E2B17} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SM?RTP.exe
Windows Firewall is disabled.
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: SM?RT-Protection => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
C:\Windows\System32\Tasks\smadav
HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2872320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{490F815B-AB50-4923-8D6B-59E7159E2B17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490F815B-AB50-4923-8D6B-59E7159E2B17}" => removed successfully
C:\Windows\System32\Tasks\smadav => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smadav" => removed successfully
Windows Firewall is disabled. => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverPack Notifier" => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SM?RT-Protection => not found
"C:\Windows\System32\Tasks\smadav" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SM?RT-Protection" => not found
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14255349 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1595142 B
Edge => 0 B
Chrome => 392151626 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 0 B
LocalService => 66228 B
NetworkService => 66228 B
mariss => 1589802 B
UpdatusUser => 0 B
 
RecycleBin => 72951 B
EmptyTemp: => 402.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:36:11 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 12 June 2018 - 07:35 AM

Hi,

When you try to open the TaskManager do you get a message that it disabled by an Administrator?

Run the Farbar program and scan again. Post the FRST.txt log for my review.

#9 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 13 June 2018 - 05:26 AM

Yes, I get that kind of message when I try to open TaskManager.

Here's the FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by mariss (administrator) on MARISS-PC (13-06-2018 18:22:02)
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\mariss\Desktop\GTA-SanAndreas\samp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0
AlternateShell: 
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.0 serius.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BB25FDE-E75D-40B6-9E4C-B900E213CB36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8D04E6-3A33-45D0-8F42-D6A7FA1983D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-14] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5kv0k9b2.default
FF ProfilePath: C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default [2018-05-30]
FF Extension: (Советник Яндекс.Маркета) - C:\Users\mariss\AppData\Roaming\Mozilla\Firefox\Profiles\5kv0k9b2.default\Extensions\sovetnik-yandex@yandex.ru.xpi [2018-03-25]
FF Extension: (Советник Яндекс.Маркета) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\sovetnik-yandex@yandex.ru.xpi [2017-06-06]
FF Extension: (Visual Bookmarks) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\vb@yandex.ru.xpi [2017-06-06] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default [2018-06-13]
CHR Extension: (Docs) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-14]
CHR Extension: (YouTube) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-17]
CHR Extension: (Adblock Plus) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\mariss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2619096 2016-08-19] (Blue Coat Systems, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [125144 2016-08-19] (Blue Coat Systems, Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-27] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-09] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-06-09] (Malwarebytes)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [3445592 2016-08-13] (MediaTek Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-13 18:22 - 2018-06-13 18:22 - 000010558 _____ C:\Users\mariss\Desktop\FRST.txt
2018-06-12 19:02 - 2018-06-12 20:24 - 1921843200 _____ C:\Users\mariss\Downloads\ubuntu-18.04-desktop-amd64.iso
2018-06-12 18:39 - 2018-06-12 21:09 - 000000000 ____D C:\Users\mariss\.VirtualBox
2018-06-12 18:39 - 2018-06-12 20:29 - 000000000 ____D C:\Users\mariss\VirtualBox VMs
2018-06-12 18:38 - 2018-06-12 18:38 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-06-12 18:38 - 2018-06-12 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-06-12 18:38 - 2018-06-12 18:38 - 000000000 ____D C:\Program Files\Oracle
2018-06-12 18:38 - 2018-05-09 09:27 - 000984376 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2018-06-12 18:38 - 2018-05-09 09:27 - 000168896 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2018-06-12 18:31 - 2018-06-12 18:35 - 113772032 _____ (Oracle Corporation) C:\Users\mariss\Downloads\VirtualBox-5.2.12-122591-Win.exe
2018-06-12 15:16 - 2018-06-13 17:32 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-12 14:58 - 2018-06-12 14:58 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (3).exe
2018-06-12 13:19 - 2018-06-12 13:21 - 000786561 _____ C:\Users\mariss\Downloads\EasyAutoClicker.exe
2018-06-12 09:35 - 2018-06-12 09:35 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-12 09:31 - 2018-06-12 10:19 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-12 09:31 - 2018-06-12 09:35 - 000001011 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-06-12 09:31 - 2018-06-12 09:34 - 000000000 ____D C:\ProgramData\RogueKiller
2018-06-12 09:31 - 2018-06-12 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-06-12 09:29 - 2018-06-12 09:30 - 036727112 _____ (Adlice Software ) C:\Users\mariss\Downloads\RogueKiller_setup_ref3.exe
2018-06-11 09:23 - 2018-06-11 09:23 - 001379103 _____ C:\Users\mariss\Downloads\download.htm
2018-06-10 18:06 - 2018-06-10 18:07 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (2).exe
2018-06-09 08:14 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher (1).exe
2018-06-09 08:13 - 2018-06-09 08:14 - 000822328 _____ (Roblox Corporation) C:\Users\mariss\Downloads\RobloxPlayerLauncher.exe
2018-06-09 07:38 - 2018-06-09 07:38 - 000290592 _____ C:\Windows\Minidump\060918-17534-01.dmp
2018-06-08 21:24 - 2018-06-09 13:03 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-08 20:09 - 2018-06-08 20:09 - 000103140 __RSH C:\efthro.exe
2018-06-08 20:09 - 2018-06-08 20:08 - 001199825 _____ C:\Windows\unins000.exe
2018-06-08 20:04 - 2018-06-08 20:10 - 000000000 ____D C:\Users\mariss\Desktop\GTA-SanAndreas
2018-06-08 20:02 - 2018-06-08 20:02 - 000289152 _____ C:\Windows\Minidump\060818-18798-01.dmp
2018-06-08 19:56 - 2018-06-08 19:56 - 000290608 _____ C:\Windows\Minidump\060818-18844-01.dmp
2018-06-08 11:22 - 2018-06-08 11:22 - 000290632 _____ C:\Windows\Minidump\060818-19110-01.dmp
2018-06-07 18:52 - 2018-06-07 18:52 - 000290616 _____ C:\Windows\Minidump\060718-26192-01.dmp
2018-06-07 18:45 - 2018-06-09 13:03 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-07 18:45 - 2018-06-09 13:03 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-07 18:44 - 2018-06-07 18:44 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-07 18:44 - 2018-06-07 18:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-07 18:44 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2018-06-07 11:54 - 2018-06-07 11:54 - 000000000 ____D C:\ProgramData\MB2Migration
2018-06-05 11:11 - 2012-11-06 14:26 - 000661456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2018-06-01 19:24 - 2018-06-08 10:58 - 000000000 ____D C:\Users\mariss\AppData\Local\CrashDumps
2018-06-01 19:17 - 2018-06-09 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Cars for GTA-SA v1.5.4
2018-06-01 17:31 - 2018-06-01 17:31 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager
2018-06-01 16:43 - 2018-06-01 16:43 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Google
2018-05-30 18:16 - 2018-05-30 18:17 - 000000000 ____D C:\Users\mariss\AppData\Roaming\TechSmith
2018-05-30 18:13 - 2018-06-01 11:49 - 000000000 ____D C:\Users\mariss\Documents\Camtasia Studio
2018-05-30 18:13 - 2018-05-30 18:13 - 000000000 ____D C:\Users\mariss\AppData\Local\TechSmith
2018-05-30 18:11 - 2018-05-30 18:11 - 000001077 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2018-05-30 18:11 - 2018-05-30 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\ProgramData\TechSmith
2018-05-30 18:10 - 2018-05-30 18:10 - 000000000 ____D C:\Program Files\TechSmith
2018-05-30 17:05 - 2018-05-30 17:05 - 000000173 _____ C:\Users\mariss\Desktop\Gameclub Philippines.url
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\Documents\Stranded Deep
2018-05-30 14:43 - 2018-05-30 14:43 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Beam Team Games
2018-05-30 14:42 - 2018-05-30 14:42 - 000000000 ____D C:\Users\mariss\New folder
2018-05-30 13:46 - 2018-05-30 13:48 - 000000000 ____D C:\Users\mariss\AppData\Local\NVIDIA Corporation
2018-05-30 13:44 - 2018-06-12 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-30 13:44 - 2018-05-30 13:44 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-30 13:43 - 2018-06-12 12:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-30 13:43 - 2016-11-14 17:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-30 13:43 - 2016-11-14 17:09 - 007513855 _____ C:\Windows\system32\nvcoproc.bin
2018-05-30 13:40 - 2016-11-14 20:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-30 13:40 - 2016-11-14 20:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434201.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-05-30 13:40 - 2016-11-14 20:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-05-30 13:35 - 2018-05-30 13:35 - 000000000 ____D C:\NVIDIA
2018-05-30 12:52 - 2018-05-30 12:53 - 000000000 ____D C:\AdwCleaner
2018-05-30 11:47 - 2018-06-09 07:38 - 351209448 _____ C:\Windows\MEMORY.DMP
2018-05-30 11:47 - 2018-06-09 07:38 - 000000000 ____D C:\Windows\Minidump
2018-05-30 11:47 - 2018-05-30 11:47 - 000290640 _____ C:\Windows\Minidump\053018-18392-01.dmp
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\Users\mariss\AppData\Local\modloader
2018-05-29 20:25 - 2018-05-29 20:25 - 000000000 ____D C:\ProgramData\modloader
2018-05-28 12:41 - 2018-06-09 08:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2018-05-28 10:26 - 2018-05-28 10:26 - 000001176 _____ C:\Users\Public\Desktop\Crossfire PH.lnk
2018-05-28 10:18 - 2018-05-28 10:18 - 000000000 ____D C:\Windows\pss
2018-05-28 10:13 - 2018-05-28 10:13 - 000000000 ____D C:\Program Files (x86)\Gameclub
2018-05-22 14:09 - 2018-06-13 18:22 - 000000000 ____D C:\FRST
2018-05-22 14:09 - 2018-06-07 11:28 - 002413056 _____ (Farbar) C:\Users\mariss\Desktop\FRST64.exe
2018-05-22 07:06 - 2018-06-08 20:08 - 000000597 _____ C:\Users\mariss\Desktop\samp - Shortcut.lnk
2018-05-21 19:46 - 2018-06-08 19:53 - 000000000 ____D C:\Users\mariss\AppData\Roaming\SA-MP Audio Plugin
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\Documents\GTA San Andreas User Files
2018-05-21 19:19 - 2018-05-21 19:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Windows\XSxS
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Users\mariss\AppData\Local\Xenocode
2018-05-21 18:06 - 2018-05-21 18:06 - 000000000 ____D C:\Program Files (x86)\Xenocode
2018-05-21 11:52 - 2018-05-21 12:01 - 000000000 ____D C:\Program Files\Sandboxie
2018-05-20 17:44 - 2018-06-12 15:27 - 000000008 __RSH C:\Users\mariss\ntuser.pol
2018-05-20 17:33 - 2018-05-20 17:33 - 000002166 _____ C:\Users\mariss\Desktop\Discord.lnk
2018-05-20 17:33 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2018-05-20 17:32 - 2018-06-11 18:19 - 000000000 ____D C:\Users\mariss\AppData\Roaming\discord
2018-05-20 17:32 - 2018-05-20 17:33 - 000000000 ____D C:\Users\mariss\AppData\Local\SquirrelTemp
2018-05-20 17:32 - 2018-05-20 17:32 - 000000000 ____D C:\Users\mariss\AppData\Local\Discord
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Users\mariss\AppData\Roaming\OBS
2018-05-17 20:17 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files\OBS
2018-05-17 20:16 - 2018-05-17 20:38 - 000000000 ____D C:\Program Files (x86)\OBS
2018-05-15 18:10 - 2018-05-15 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2018-05-15 11:54 - 2018-05-20 17:45 - 000000000 ____D C:\Program Files\AutoHotkey
2018-05-15 11:54 - 2018-05-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2018-05-15 07:55 - 2018-05-15 07:55 - 000002225 _____ C:\Users\mariss\Desktop\Free Fire.lnk
2018-05-14 18:20 - 2018-05-14 18:20 - 000002245 _____ C:\Users\mariss\Desktop\Card Wars 2.lnk
2018-05-14 16:26 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-05-14 16:25 - 2018-05-14 16:24 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-05-14 16:24 - 2018-05-14 16:24 - 000000000 ____D C:\Program Files\Java
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-13 17:38 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 17:38 - 2009-07-14 12:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 17:31 - 2018-03-14 17:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-13 17:31 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-12 18:39 - 2018-03-11 17:18 - 000000000 ____D C:\Users\mariss
2018-06-12 18:39 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-06-12 12:44 - 2018-03-14 17:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-12 12:44 - 2018-03-14 17:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-06-12 12:41 - 2009-07-14 11:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-12 07:40 - 2018-04-27 18:42 - 000000000 ____D C:\Users\mariss\AppData\Local\Roblox
2018-06-09 22:39 - 2018-05-08 12:01 - 000007597 _____ C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
2018-06-08 21:38 - 2018-04-27 16:39 - 000000000 ____D C:\Users\mariss\Downloads\Compressed
2018-06-08 20:09 - 2018-05-03 19:23 - 000042500 _____ C:\Windows\unins000.dat
2018-06-08 10:58 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-08 09:05 - 2018-03-11 17:21 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2018-06-08 08:51 - 2018-03-11 17:41 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-06-08 08:49 - 2018-03-11 17:41 - 000000000 __SHD C:\[Smad-Cage]
2018-06-07 19:15 - 2018-05-05 13:45 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-06-07 12:14 - 2018-04-28 11:32 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-07 12:06 - 2018-05-08 11:59 - 000000000 __SHD C:\ProgramData\YSWOWC
2018-06-03 12:21 - 2018-03-11 23:12 - 000000000 ____D C:\Users\mariss\AppData\Local\ElevatedDiagnostics
2018-06-01 14:46 - 2018-05-02 10:11 - 000000000 ____D C:\Users\mariss\Documents\Cross Fire
2018-05-31 05:05 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-31 04:59 - 2009-07-14 12:45 - 000428616 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-30 18:13 - 2018-03-11 19:15 - 000112480 _____ C:\Users\mariss\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-30 18:10 - 2018-05-07 09:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-29 20:49 - 2018-03-25 13:13 - 000000000 ____D C:\Users\mariss\AppData\LocalLow\Mozilla
2018-05-29 20:48 - 2018-04-27 18:30 - 000000000 ____D C:\Program Files (x86)\RanWorldPH
2018-05-29 20:48 - 2018-03-25 13:02 - 000000000 ____D C:\Users\mariss\AppData\Local\Mozilla
2018-05-28 12:41 - 2018-04-27 18:38 - 000000252 _____ C:\Users\mariss\AppData\LocalLow\rbxcsettings.rbx
2018-05-28 10:26 - 2018-05-02 00:10 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk
2018-05-22 11:41 - 2018-03-17 20:57 - 000000000 ____D C:\Users\mariss\AppData\Roaming\.minecraft
2018-05-21 20:14 - 2018-03-11 17:37 - 000000000 ____D C:\Program Files (x86)\Tumblebugs
2018-05-21 20:14 - 2018-03-11 17:35 - 000000000 ____D C:\Program Files (x86)\Zuma's Revenge
2018-05-20 15:31 - 2009-07-14 10:34 - 000000256 _____ C:\Windows\system.ini
2018-05-18 11:00 - 2018-04-29 18:23 - 000000000 ____D C:\Users\mariss\AppData\Local\Growtopia
2018-05-17 21:22 - 2018-03-11 19:35 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 21:22 - 2018-03-11 19:35 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 05:23 - 2018-03-11 19:36 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 05:23 - 2018-03-11 19:36 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 11:54 - 2010-11-21 15:16 - 000000000 ____D C:\Windows\ShellNew
2018-05-14 16:26 - 2018-03-17 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-14 09:56 - 2018-04-27 18:07 - 000000000 ____D C:\Users\mariss\AppData\Roaming\CC
 
==================== Files in the root of some directories =======
 
2018-05-07 16:50 - 2018-05-08 19:47 - 000000000 _____ () C:\Users\mariss\AppData\Roaming\rbx_hook
2018-05-07 16:50 - 2018-05-08 19:26 - 004037120 _____ () C:\Users\mariss\AppData\Roaming\SLX.vmp.dll
2018-05-07 16:50 - 2018-05-08 19:26 - 000000024 _____ () C:\Users\mariss\AppData\Roaming\version
2018-05-08 12:01 - 2018-06-09 22:39 - 000007597 _____ () C:\Users\mariss\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-06-12 09:31 - 2010-11-21 11:23 - 001731936 _____ (Microsoft Corporation) C:\Users\mariss\AppData\Local\Temp\dllnt_dump.dll
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\ruvvem.exe
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\winuqtbll.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-07 07:08
 
==================== End of FRST.txt ============================

 

Just in case you need an Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (13-06-2018 18:22:43)
Running from C:\Users\mariss\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-03-11 09:18:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-858333344-3013912580-3231274367-500 - Administrator - Disabled)
Guest (S-1-5-21-858333344-3013912580-3231274367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-858333344-3013912580-3231274367-1003 - Limited - Enabled)
mariss (S-1-5-21-858333344-3013912580-3231274367-1000 - Administrator - Enabled) => C:\Users\mariss
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AutoHotkey 1.1.28.02 (HKLM\...\AutoHotkey) (Version: 1.1.28.02 - Lexikos)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.14.1460 - BlueStack Systems, Inc.)
Camtasia 9 (HKLM\...\{33E08945-3D7B-40BB-B34F-1A3C8B9650DE}) (Version: 9.1.2.3011 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{34ab05ac-3089-417f-828e-c2da3d5b4e09}) (Version: 9.1.2.3011 - TechSmith Corporation)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Counter-Strike Source version 3398447 (HKLM\...\{28659B67-FC49-49DB-9DAC-1AD52203D75A}_is1) (Version: 3398447 - Strogino CS Portal)
Crossfire PH version 1283 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1283 - Gameclub)
Discord (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Growtopia) (Version:  - )
GTA San Andreas SA-MP Addon version 2.3 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 2.3 - Absolute Play www.gta-samp.ru)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mod Sobeit Blue Eclipse V7 (HKLM-x32\...\Mod Sobeit Blue Eclipse V7) (Version:  - )
Mozilla Firefox 54.0 (x86 ru) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 ru)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Real Cars for GTA-SA v1.5.4 (HKLM-x32\...\Real Cars for GTA-SA v1.5.4) (Version:  - )
Roblox Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
RogueKiller version 12.12.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.21.0 - Adlice Software)
Rules of Survival version 1.146371.158037 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.146371.158037 - Hong Kong Netease Interactive Entertainment Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 5.60 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.3 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2013-11-28] (Smadsoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-25] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-25] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {148828A2-26A3-4D64-9D1E-D8DBEE6E937B} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_mariss => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {8F59E994-D292-4BEA-8FB9-58BF3672886C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {BB8C0119-F470-41C1-8903-96BDAD7F8A75} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {EA3A92B6-03EB-44F6-841F-267762F97CA5} - System32\Tasks\HPCustPartic.exe_{34092B56-4D6F-40C4-96CC-74679CD02423} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {F1BDD180-2C27-465A-8880-878A8708AD02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-14 17:36 - 2016-11-14 19:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-10 11:17 - 2010-01-10 11:17 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 16:40 - 2010-01-21 16:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-06-07 18:44 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 05:23 - 2018-05-15 11:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2015-04-27 10:50 - 2015-04-27 10:50 - 000412672 _____ () C:\Users\mariss\Desktop\GTA-SanAndreas\samp.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-06-07 12:08 - 2018-06-09 13:18 - 000000029 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 serius.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mariss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^mariss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP DeskJet 2130 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP DeskJet 2130 series.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9E3760CC-F0FF-4199-8476-3203F2DD92D1}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{9A92241B-320B-4D97-A959-833C2420EBEB}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B220DBFC-DC79-4D29-AF47-0EEC175D7761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A726B77-00F9-4084-B8FA-A8D2C756FF64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C25B1715-93BB-4C24-9513-CE6C71AA8292}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0BF3EFCF-071F-4760-8FDB-A0828CBD378D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{DB196F82-DBE7-4D98-A0F8-8E63FB8E55FE}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E2BD46D4-56A9-4B96-BE2A-12EF3487A2FC}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{80475074-7246-44E6-B3F4-87D74CEB9ED7}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [UDP Query User{2CCF440F-206C-4CB6-B319-5967C12ABB6D}C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.007\hl2.exe
FirewallRules: [TCP Query User{7EEAD1DF-371F-4793-AA03-CA28E677EB5C}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [UDP Query User{B301103E-0770-4287-8873-5FAC6819AA95}C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.009\hl2.exe
FirewallRules: [TCP Query User{1982E6E5-94A5-4F3D-9B4E-A9C1ADD74FFF}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [UDP Query User{BD306A83-1413-4C50-9887-3CB7F66D0CA3}C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00a\hl2.exe
FirewallRules: [TCP Query User{B8C32F8B-21AD-4986-AC2E-016D6D1217E3}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [UDP Query User{DE31E58F-BF2D-48CC-83CC-51D20C843532}C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe] => (Block) C:\users\mariss\appdata\local\temp\7zipsfx.00d\hl2.exe
FirewallRules: [TCP Query User{0872287D-CBD6-4BB7-B4A6-BCF985860AF3}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{D13D301B-B1FA-47B3-8839-CD49ADAFC832}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{0F78E02C-68BB-43FB-8C9A-2B5CC12D367B}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{E361D463-6AE1-49E2-8EE6-324C330D4ED0}C:\ros\ccmini\ccmini.exe] => (Allow) C:\ros\ccmini\ccmini.exe
FirewallRules: [{8DAAD7BA-DAA6-4C3A-9F2F-ED01B156806D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{684201D4-C29B-4747-AEF4-178CBFE59380}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A445F43-2213-49B0-A38C-6428200715DE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DA201736-1E6F-4436-A5ED-C804AFC05BA2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26C171FD-33BB-4FCC-A87C-547B46D83BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{BE301A21-C3A8-4CA0-B460-F59E102A4286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{56FB4997-64E6-4880-97AC-208A189D79E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{747F3A83-2CD1-4C47-9978-A8E301837E8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F8A58785-0795-4B9B-9E1E-94FB96D1EFB1}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [UDP Query User{8ECE4216-436F-408C-97EB-0381C6E80423}C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_162\bin\javaw.exe
FirewallRules: [{19C0385C-20E2-455E-8896-AFF272FECA13}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94BB3560-2400-4187-B7C4-05795B528ACE}] => (Allow) C:\Users\mariss\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F2B7B35-D005-4629-BFB9-13C5205452F1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{6BFB7C4B-2F26-41F1-AD33-E5FCA2500D59}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{E9755C6B-41B5-4139-B60F-292848EFC694}C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{782DC83B-438C-4741-A876-6B9BAA5D8B0C}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{4B48498C-AA58-464E-B225-B9D911BAA1E5}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [{922D3BE2-CEED-4847-A816-742D5F1F00DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8B5B85FF-F040-40EE-BB06-B45A24785895}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{54E6624F-3C9B-41FA-A766-DD7B9C89EFAB}C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{F7AF7FE0-D983-4F8D-B0F7-8683F5691645}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [UDP Query User{2BB59613-F600-4CD1-875B-C4ADB7BDD186}C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\reborn_dudes\samp-server.exe
FirewallRules: [TCP Query User{C7AA4660-D358-4991-8F2D-2E60EBF96F9A}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [UDP Query User{7E967D3A-2DFB-4FCB-9463-585E07BAD3FA}C:\program files (x86)\hard disk sentinel\hdsentinel.exe] => (Allow) C:\program files (x86)\hard disk sentinel\hdsentinel.exe
FirewallRules: [TCP Query User{590F3325-3F51-457A-B962-25C305A7E14F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [UDP Query User{D1D44385-946B-48E2-889F-BFFC9DB8C78F}C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe] => (Allow) C:\users\mariss\downloads\compressed\rpfr by pyarmeena and silverms\premium gaming\samp-server.exe
FirewallRules: [TCP Query User{6E164671-11F6-4967-AD20-D0C19B389B68}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [UDP Query User{FCAE8CE3-E7A7-433E-A041-6EA0EF2C779C}C:\program files (x86)\smadav\smδrtp.exe] => (Block) C:\program files (x86)\smadav\smδrtp.exe
FirewallRules: [{94DAFE04-85BF-4897-A886-E16DB3733251}] => (Allow) LPort=8080
FirewallRules: [{C0FE5F3F-DE85-4ED5-BE5E-666415486D9E}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{8FFD1E8D-5BD2-4EB4-AC6B-6A54163BB78D}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
FirewallRules: [UDP Query User{052B56AF-8BF6-4149-B1AD-A30C58768A1C}C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe] => (Block) C:\program files (x86)\bookworm adventures deluxe\bookwormadventures.exe
 
==================== Restore Points =========================
 
10-06-2018 07:28:18 Windows Update
10-06-2018 07:35:47 Restore Point Created by FRST
12-06-2018 18:37:54 Installed Oracle VM VirtualBox 5.2.12
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2018 05:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2018 05:15:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/12/2018 06:30:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.
 
Error: (06/12/2018 06:30:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (06/12/2018 03:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/12/2018 05:35:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 07:53:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/11/2018 09:11:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/12/2018 09:48:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/12/2018 09:48:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/12/2018 07:40:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/12/2018 07:40:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/12/2018 06:36:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/12/2018 06:36:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/12/2018 06:04:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/12/2018 06:04:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Windows Defender:
===================================
Date: 2018-06-07 18:36:24.378
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\Documents\LicenseEN.rtf;file:C:\Program Files\Solvusoft\WinThruster\LogFilesCollector.exe;file:C:\Program Files\Solvusoft\WinThruster\Sync.exe;file:C:\Program Files\Solvusoft\WinThruster\Uninstall.exe;file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request support.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Uninstall.lnk;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\WinThruster.lnk;folder:C:\Program Files\Solvuso
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-06-07 18:34:44.372
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Misleading:Win32/Sofolview
ID:240761
Severity:High
Category:Potentially Unwanted Software
Path Found:file:C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe;process:pid:1932
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-05-30 10:29:43.481
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{C7118EF5-46BF-430F-86CF-D4D8BFD06B0E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-06-11 06:08:20.948
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.932
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.901
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-11 06:08:20.885
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.392
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.334
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk64.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.283
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-10 13:51:43.239
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Cheat Engine 6.7\dbk32.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 4094.49 MB
Available physical RAM: 2381.93 MB
Total Virtual: 8187.18 MB
Available Virtual: 6381.26 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.48 GB) (Free:62.28 GB) NTFS
Drive d: () (Fixed) (Total:151.51 GB) (Free:126.15 GB) NTFS
 
\\?\Volume{33b07ec0-250c-11e8-ad00-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2F172F16)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 13 June 2018 - 05:28 AM

UPDATE: 
I scanned my PC with FRST before I even noticed that I can access my TaskManager and Regedit now.

 

I still want to get the virus removed, to avoid this to happen again.

I expect further responses.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 13 June 2018 - 07:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
C:\Program Files (x86)\Smadav
2018-06-09 07:38 - 2018-06-09 07:38 - 000290592 _____ C:\Windows\Minidump\060918-17534-01.dmp
2018-06-08 20:02 - 2018-06-08 20:02 - 000289152 _____ C:\Windows\Minidump\060818-18798-01.dmp
2018-06-08 19:56 - 2018-06-08 19:56 - 000290608 _____ C:\Windows\Minidump\060818-18844-01.dmp
2018-06-08 11:22 - 2018-06-08 11:22 - 000290632 _____ C:\Windows\Minidump\060818-19110-01.dmp
2018-06-07 18:52 - 2018-06-07 18:52 - 000290616 _____ C:\Windows\Minidump\060718-26192-01.dmp
2018-05-30 11:47 - 2018-06-09 07:38 - 351209448 _____ C:\Windows\MEMORY.DMP
2018-06-12 09:31 - 2010-11-21 11:23 - 001731936 _____ (Microsoft Corporation) C:\Users\mariss\AppData\Local\Temp\dllnt_dump.dll
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\ruvvem.exe
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\winuqtbll.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The computer will restart after the fix.
I would like you to restart it again to reset the registry.

Any remaining issues?

#12 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 14 June 2018 - 06:01 AM

I restarted my PC again after doing the fix just like you said.

Here's the log (Fixlog.txt)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by mariss (14-06-2018 18:54:12) Run:4
Running from C:\Users\mariss\Desktop
Loaded Profiles: mariss (Available Profiles: mariss)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe rts
HKU\S-1-5-21-858333344-3013912580-3231274367-1000\...\Policies\system: [DisableRegistryTools] 1
C:\Program Files (x86)\Smadav
2018-06-09 07:38 - 2018-06-09 07:38 - 000290592 _____ C:\Windows\Minidump\060918-17534-01.dmp
2018-06-08 20:02 - 2018-06-08 20:02 - 000289152 _____ C:\Windows\Minidump\060818-18798-01.dmp
2018-06-08 19:56 - 2018-06-08 19:56 - 000290608 _____ C:\Windows\Minidump\060818-18844-01.dmp
2018-06-08 11:22 - 2018-06-08 11:22 - 000290632 _____ C:\Windows\Minidump\060818-19110-01.dmp
2018-06-07 18:52 - 2018-06-07 18:52 - 000290616 _____ C:\Windows\Minidump\060718-26192-01.dmp
2018-05-30 11:47 - 2018-06-09 07:38 - 351209448 _____ C:\Windows\MEMORY.DMP
2018-06-12 09:31 - 2010-11-21 11:23 - 001731936 _____ (Microsoft Corporation) C:\Users\mariss\AppData\Local\Temp\dllnt_dump.dll
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\ruvvem.exe
2018-06-12 12:33 - 2018-06-12 12:33 - 000005290 _____ () C:\Users\mariss\AppData\Local\Temp\winuqtbll.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SM?RT-Protection" => not found
"HKU\S-1-5-21-858333344-3013912580-3231274367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => removed successfully
C:\Program Files (x86)\Smadav => moved successfully
C:\Windows\Minidump\060918-17534-01.dmp => moved successfully
C:\Windows\Minidump\060818-18798-01.dmp => moved successfully
C:\Windows\Minidump\060818-18844-01.dmp => moved successfully
C:\Windows\Minidump\060818-19110-01.dmp => moved successfully
C:\Windows\Minidump\060718-26192-01.dmp => moved successfully
C:\Windows\MEMORY.DMP => moved successfully
C:\Users\mariss\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\mariss\AppData\Local\Temp\ruvvem.exe => moved successfully
C:\Users\mariss\AppData\Local\Temp\winuqtbll.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11169127 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2048368 B
Edge => 0 B
Chrome => 614686157 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 0 B
LocalService => 132244 B
NetworkService => 66228 B
mariss => 592818646 B
UpdatusUser => 0 B
 
RecycleBin => 79142 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:54:55 ====

 

Is there anymore wrong with my PC? Do you think the problem will be back again?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 14 June 2018 - 08:57 AM

Hi,

Can you now run the RegEdit.exe to open the Registry.

Have you experienced other issues?

#14 KingChronoz

KingChronoz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 14 June 2018 - 08:49 PM

I can now run it, and my PC is running peacefully.

I don't think its coming back now, its been 2 days and It still didn't come back.

Thanks for your assistance, what would be the best antivirus there is? Free.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 15 June 2018 - 07:13 AM

Hi,

If all is well.

All you need to know about Antivirus programs.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users