Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 is slow


  • Please log in to reply
10 replies to this topic

#1 hulk111

hulk111

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:09:22 AM

Posted 10 November 2018 - 06:22 AM

Hi, so Im using windows 7 and my computer is really slow and laggy. So I downloaded ComboFix and after running it my PC was running fast again. But the next day it was slow again, same as before. I ran ComboFix again and now it fast again.

I attached the ComboFix results, im curious what was the problem in the first place that got fixed.

Attached Files


Edited by Platypus, 10 November 2018 - 06:24 AM.
Deleted duplicate


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted 10 November 2018 - 11:48 AM

Hi,

I will be helping you with your computer. Please give me some time to go over your logs and I'll get back with you as soon as possible.
Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda

#3 hulk111

hulk111
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:09:22 AM

Posted 10 November 2018 - 12:43 PM

Hi, ok ill wait

 

#4 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted 10 November 2018 - 08:11 PM


Welcome to the Bleeping Computer malware removal forum.
I'm iMacg3 and I'll be helping you.

Please keep the following information in mind before we begin:

  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you do them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware on a computer.
  • If you have questions about anything, please ask.

--------------------

 

In the future, don't run ComboFix without supervision of a qualified malware removal helper. It can severely damage your computer if used incorrectly.

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

--------------------

Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST/FRST64 then click "Run as administrator" (XP users double-click on the file).
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, two log files will pop up - FRST.txt and Addition.txt.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda

#5 hulk111

hulk111
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:09:22 AM

Posted 11 November 2018 - 04:35 AM

Hi iMacg3, i understand, here are the results:

I forgot to mention that it usually takes like 5-10 mins to go into hibernation mode.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by David (administrator) on DAVID-PC (11-11-2018 10:28:48)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: magyar (Magyarország)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Ashok P. Nadkarni) C:\Program Files\Windows Inspection Tool Set\wits.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [7536520 2016-09-07] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [Cmaudio8788] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1595384 2016-09-11] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1353040 2011-05-11] (Sunbelt Software)
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\...\Run: [WiTS] => C:\Program Files\Windows Inspection Tool Set\wits.exe [6538128 2014-10-02] (Ashok P. Nadkarni)
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3391760 2018-10-15] (IObit)
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2015-07-31] (BitTorrent, Inc.)
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.1.1.1
Tcpip\..\Interfaces\{0444B337-40C2-471E-85B4-0AB2E15A5B8E}: [DhcpNameServer] 213.46.246.53 213.46.246.54
Tcpip\..\Interfaces\{188C8A66-6AE7-4170-95B2-C92BE9820F96}: [DhcpNameServer] 1.1.1.1
Tcpip\..\Interfaces\{415792AE-A33F-4D0E-808D-9FC46B53AAE0}: [DhcpNameServer] 213.46.246.53 213.46.246.54
Tcpip\..\Interfaces\{5F440D4D-8282-426F-9803-6156C5BC4CA6}: [DhcpNameServer] 192.168.9.1 192.168.9.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-966169890-3953576321-4081166884-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-09-17] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-966169890-3953576321-4081166884-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: z4ztqy79.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\z4ztqy79.default [2018-11-11]
FF Session Restore: Mozilla\Firefox\Profiles\z4ztqy79.default -> is enabled.
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\z4ztqy79.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-11-08]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\z4ztqy79.default\Extensions\uBlock0@raymondhill.net.xpi [2018-11-01]
FF Extension: (Unseen) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\z4ztqy79.default\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2018-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-09-17] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-31] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-08]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-10]
CHR Extension: (Adobe Acrobat) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-02]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADUServiceNSRT; C:\Program Files (x86)\Common Files\B2X\Care Suite\ADUService\ADUService.exe [94888 2016-01-26] ()
R2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1838352 2018-09-21] (IObit)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-17] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [227104 2016-09-16] (EasyAntiCheat Ltd)
S2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-05-11] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-05-11] (Sunbelt Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [25512 2018-09-20] (IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [25000 2018-07-04] (IObit)
R3 cmudaxp; C:\windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 cpuz143; C:\windows\temp\cpuz143\cpuz143_x64.sys [48960 2018-11-11] (CPUID)
S3 DFX11_1; C:\windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [279616 2015-08-02] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2018-07-04] (IObit)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R2 sbapifs; C:\windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
R1 SbFw; C:\windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 SbHips; C:\windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S1 SBRE; C:\windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
S1 SBRE; C:\windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
R1 SbTis; C:\windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
S3 VIAHdAudAddService; C:\windows\System32\drivers\viahduaa.sys [1250816 2009-09-17] (VIA Technologies, Inc.) [File not signed]
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-11 10:28 - 2018-11-11 10:29 - 000016961 _____ C:\Users\David\Desktop\FRST.txt
2018-11-11 10:28 - 2018-11-11 10:28 - 000000000 ____D C:\FRST
2018-11-11 10:26 - 2018-11-11 10:26 - 002415616 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2018-11-11 01:00 - 2018-11-11 01:00 - 000000000 _____ C:\windows\system32\SBRC.dat
2018-11-10 23:17 - 2018-11-10 23:17 - 000000000 ____D C:\Users\David\Downloads\The.Curse.of.Oak.Island.S05E17.HDTV.x264-KILLERS[N1C]
2018-11-10 23:14 - 2018-11-11 01:06 - 1272949794 _____ C:\Users\David\Downloads\The.Curse.of.Oak.Island.S05E17.720p.HDTV.x264-KILLERS[eztv].mkv
2018-11-10 12:34 - 2018-11-10 12:35 - 039859034 _____ C:\Users\David\Desktop\Diakónia 10.17-1.m4a
2018-11-10 11:59 - 2018-11-10 11:59 - 000016455 _____ C:\ComboFix.txt
2018-11-10 11:34 - 2018-11-04 19:09 - 000016664 _____ C:\Users\David\Desktop\ComboFix.txt
2018-11-09 11:52 - 2018-11-09 11:52 - 001264590 _____ C:\Users\David\Desktop\Melody Beattie - 365 nap, 365 meditáció-upByOM.pdf
2018-11-09 11:51 - 2018-11-09 11:50 - 000473924 _____ C:\Users\David\Desktop\Melody Beattie - 365 nap, 365 meditáció-upByOM.mobi
2018-11-09 11:50 - 2018-11-09 11:50 - 000000000 ____D C:\Users\David\Documents\Epubsoft
2018-11-09 11:50 - 2018-11-09 11:50 - 000000000 ____D C:\ProgramData\Epubsoft
2018-11-09 11:49 - 2018-11-09 11:49 - 000002789 _____ C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2018-11-09 11:49 - 2018-11-09 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2018-11-09 11:47 - 2018-11-09 11:47 - 000000000 ____D C:\Program Files (x86)\EPUBSOFT
2018-11-09 11:46 - 2018-08-29 08:33 - 124957184 _____ C:\Users\David\Desktop\Ultimate EPubsoft DRM Removal 11.9.0.msi
2018-11-09 11:31 - 2018-11-09 11:31 - 000001093 _____ C:\Users\Public\Desktop\Mobi File Reader.lnk
2018-11-09 11:31 - 2018-11-09 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobi File Reader
2018-11-09 11:31 - 2018-11-09 11:31 - 000000000 ____D C:\Program Files (x86)\Mobi File Reader
2018-11-09 11:30 - 2018-11-09 11:30 - 000000000 ____D C:\Users\David\Downloads\The.Curse.of.Oak.Island.S05E04.Close.Call.1080p.AMZN.WEBRip.DDP2.0.x264-NTb[rarbg]
2018-11-09 11:11 - 2018-11-09 11:11 - 001883180 _____ (mobifilereader.com ) C:\Users\David\Downloads\mobifilereader_setup.exe
2018-11-08 23:25 - 2018-11-08 23:52 - 000000000 ____D C:\Users\David\Downloads\The.Curse.of.Oak.Island.S05E04.720p.HDTV.x264-KILLERS[rarbg]
2018-11-08 17:14 - 2018-11-08 17:17 - 000000000 ____D C:\Users\David\Downloads\The.Walking.Dead.S09E05.iNTERNAL.720p.WEB.h264-NOIVTC[rarbg]
2018-11-08 17:14 - 2018-11-08 17:14 - 000021533 _____ C:\Users\David\Downloads\the.walking.dead.s09e05.internal.720p.web.h264-noivtc.srt
2018-11-07 22:57 - 2018-11-08 16:44 - 000000000 ____D C:\Users\David\Desktop\Új mappa (5)
2018-11-07 18:36 - 2018-11-07 18:36 - 000007680 _____ C:\Users\David\Downloads\20181107_visszaigazolas_9500519881.xls
2018-11-07 09:24 - 2018-11-07 10:28 - 000000948 _____ C:\Users\David\Desktop\Új szöveges dokumentum (5).txt
2018-11-07 08:48 - 2018-11-07 08:59 - 000000000 ____D C:\Users\David\Desktop\dávid 11.07
2018-11-07 08:46 - 2018-11-07 08:46 - 000000000 ____D C:\Users\David\Documents\Egyéni Office-sablonok
2018-11-05 07:02 - 2018-11-05 08:13 - 163679535 _____ C:\Users\David\Desktop\10000000_189702761910754_8094399149631340544_n.mp4
2018-11-04 20:03 - 2018-11-04 20:03 - 002404405 _____ C:\Users\David\Desktop\fmq8eud5.htm
2018-11-04 18:58 - 2018-11-04 19:08 - 000000000 ____D C:\windows\erdnt
2018-11-04 18:56 - 2018-11-04 18:58 - 000002114 _____ C:\Users\David\Desktop\Rkill.txt
2018-11-04 18:54 - 2018-11-04 18:54 - 004949824 _____ (AO Kaspersky Lab) C:\Users\David\Desktop\tdsskiller.exe
2018-11-04 18:54 - 2018-11-04 18:54 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\David\Desktop\rkill.exe
2018-11-04 18:54 - 2018-11-04 18:54 - 001790024 _____ (Malwarebytes) C:\Users\David\Desktop\JRT.exe
2018-11-04 18:49 - 2018-11-04 18:56 - 000000000 ____D C:\AdwCleaner
2018-11-04 18:49 - 2018-11-04 18:49 - 007592144 _____ (Malwarebytes) C:\Users\David\Desktop\AdwCleaner.exe
2018-11-04 10:51 - 2018-11-04 10:51 - 000000021 _____ C:\Users\David\Desktop\Új szöveges dokumentum (4).txt
2018-11-04 08:18 - 2018-11-04 08:18 - 000000000 ____D C:\Users\David\Downloads\52 Weeks of Conscious Contact - Meditations for Connecting With God, Self & Others - Melody Beattie
2018-11-03 23:22 - 2018-11-03 23:22 - 000028032 _____ C:\Users\David\Downloads\The.Walking.Dead.S09E04.720p.HDTV.x264-KILLERS(1).srt
2018-11-03 23:19 - 2018-11-03 23:25 - 000000000 ____D C:\Users\David\Downloads\The.Walking.Dead.S09E04.720p.HDTV.x264-KILLERS[rarbg]
2018-11-03 23:19 - 2018-11-03 23:19 - 000028032 _____ C:\Users\David\Downloads\The.Walking.Dead.S09E04.720p.HDTV.x264-KILLERS.srt
2018-11-03 22:03 - 2018-11-03 22:03 - 000027808 _____ C:\Users\David\Downloads\The.Walking.Dead.S09E03.720p.HDTV.x264-AVS(1).srt
2018-11-03 22:02 - 2018-11-03 22:03 - 000027808 _____ C:\Users\David\Desktop\The.Walking.Dead.S09E03.720p.HDTV.x264-AVS.srt
2018-11-03 21:59 - 2018-11-03 22:07 - 000000000 ____D C:\Users\David\Downloads\The.Walking.Dead.S09E03.720p.HDTV.x264-AVS[rarbg]
2018-11-03 08:54 - 2018-11-03 08:54 - 002461843 _____ C:\Users\David\Desktop\rosenberg_9_stages_of_recove.pdf
2018-11-02 19:33 - 2018-11-02 19:33 - 000002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-02 19:33 - 2018-11-02 19:33 - 000002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-02 19:32 - 2018-11-02 19:32 - 001130840 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2018-11-02 19:32 - 2018-11-02 19:32 - 001130840 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup(1).exe
2018-11-02 19:32 - 2018-11-02 19:32 - 000003462 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-02 19:32 - 2018-11-02 19:32 - 000003334 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-02 19:07 - 2018-10-15 13:00 - 004932870 ____N C:\Users\David\Desktop\Hang015.amr
2018-11-02 10:46 - 2018-11-02 10:46 - 000000000 ____D C:\Users\David\AppData\Roaming\Sunbelt
2018-11-02 10:45 - 2018-11-02 10:45 - 000002011 _____ C:\Users\Public\Desktop\VIPRE Antivirus Premium.lnk
2018-11-02 10:45 - 2018-11-02 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
2018-11-02 10:45 - 2011-04-05 17:35 - 000253528 _____ (Sunbelt Software, Inc.) C:\windows\system32\Drivers\SbFw.sys
2018-11-02 10:45 - 2011-04-05 17:35 - 000094296 _____ (Sunbelt Software, Inc.) C:\windows\system32\Drivers\sbtis.sys
2018-11-02 10:45 - 2011-04-05 17:35 - 000060504 _____ (Sunbelt Software, Inc.) C:\windows\system32\Drivers\sbhips.sys
2018-11-02 10:45 - 2011-02-08 09:14 - 000084568 _____ (Sunbelt Software, Inc.) C:\windows\system32\Drivers\SbFwIm.sys
2018-11-02 10:43 - 2018-11-02 10:43 - 000000000 ____D C:\Users\David\Desktop\Új mappa (4)
2018-11-02 10:40 - 2018-11-02 10:44 - 001241787 _____ C:\Users\David\Downloads\Melody Beattie 4 Title Bundle Codependent No More and 3 Other Best Sellers - Melody Beattie.epub
2018-11-02 10:40 - 2018-11-02 10:40 - 000000000 ____D C:\Users\David\Downloads\Codependent No More_ How to Stop Controlling Others and Start Caring for Yourself by Melody Beattie ePUB eBOOK-ZAK
2018-11-02 10:39 - 2018-11-02 10:39 - 000000000 ____D C:\Users\David\Downloads\The New Codependency by Melody Beattie
2018-11-02 10:37 - 2018-11-02 10:37 - 000000000 ____D C:\Users\David\Downloads\The Language of Letting Go by Melody Beattie EPUB
2018-11-02 10:33 - 2018-11-02 10:33 - 000000000 ____D C:\ProgramData\Sunbelt
2018-11-02 10:29 - 2018-11-02 10:29 - 000000000 ____D C:\Users\David\Downloads\Sunbelt VIPRE Antivirus Premium 4.0.4194+Keygen+Help Files[h33t][eSpNs]
2018-11-02 10:17 - 2011-05-11 16:55 - 000045904 _____ (Sunbelt Software) C:\windows\system32\sbbd.exe
2018-11-02 10:17 - 2011-04-29 14:15 - 000055384 _____ (Sunbelt Software) C:\windows\system32\Drivers\sbredrv.sys
2018-11-02 10:16 - 2018-11-02 10:16 - 000000000 ____D C:\Program Files (x86)\Sunbelt Software
2018-11-01 16:10 - 2018-11-01 16:15 - 000000000 ____D C:\Users\David\Desktop\06
2018-11-01 15:28 - 2018-11-01 15:28 - 000000000 ____D C:\Users\David\AppData\Local\Symbian-Toys.com
2018-11-01 15:27 - 2018-11-01 15:27 - 000000000 ____D C:\Users\David\AppData\Roaming\NaviFirmPlus
2018-11-01 15:05 - 2018-11-01 09:51 - 003725824 _____ C:\RM892_msimage_v1.0.mbn
2018-11-01 15:05 - 2018-11-01 09:51 - 000205268 _____ C:\FAST8960_CATWALK.hex
2018-11-01 13:59 - 2018-11-10 13:30 - 000000000 ____D C:\Users\David\Desktop\proj
2018-11-01 13:03 - 2018-11-01 13:03 - 000000000 ____D C:\Users\David\Desktop\Új mappa (3)
2018-11-01 12:02 - 2018-11-01 12:02 - 000000552 _____ C:\Users\Public\Desktop\Start Windows Phone Unbricking Tool.lnk
2018-11-01 12:02 - 2018-11-01 12:02 - 000000000 ____D C:\WPUT
2018-11-01 11:52 - 2018-11-01 14:58 - 000000000 ___RD C:\Users\David\Desktop\em
2018-11-01 11:51 - 2018-11-01 11:51 - 049226379 _____ C:\Users\David\Downloads\WPUT_Installer.exe
2018-11-01 11:03 - 2018-11-01 11:03 - 065732608 _____ C:\windows\system32\config\SOFTWARE.iobit
2018-11-01 11:03 - 2018-11-01 11:03 - 000290816 _____ C:\windows\system32\config\DEFAULT.iobit
2018-11-01 11:03 - 2018-11-01 11:03 - 000032768 _____ C:\windows\system32\config\SAM.iobit
2018-11-01 11:03 - 2018-11-01 11:03 - 000024576 _____ C:\windows\system32\config\SECURITY.iobit
2018-11-01 10:54 - 2018-11-08 14:58 - 000000000 ____D C:\ProgramData\ProductData
2018-11-01 10:54 - 2018-11-03 08:46 - 000002262 _____ C:\Users\Public\Desktop\Advanced SystemCare 12.lnk
2018-11-01 10:54 - 2018-11-01 10:54 - 000003016 _____ C:\windows\System32\Tasks\ASC12_PerformanceMonitor
2018-11-01 10:54 - 2018-11-01 10:54 - 000002820 _____ C:\windows\System32\Tasks\ASC12_SkipUac_David
2018-11-01 10:54 - 2018-11-01 10:54 - 000000000 ____D C:\windows\Tasks\ImCleanDisabled
2018-11-01 10:54 - 2018-11-01 10:54 - 000000000 ____D C:\Users\David\AppData\LocalLow\IObit
2018-11-01 10:54 - 2018-11-01 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2018-11-01 10:54 - 2018-11-01 10:54 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
2018-11-01 10:53 - 2018-11-02 10:06 - 000000000 ____D C:\ProgramData\IObit
2018-11-01 10:53 - 2018-11-01 10:55 - 000000000 ____D C:\Users\David\AppData\Roaming\IObit
2018-11-01 10:53 - 2018-11-01 10:53 - 039473096 _____ (IObit ) C:\Users\David\Downloads\advanced_systemcare_setup.exe
2018-11-01 10:53 - 2018-11-01 10:53 - 000000000 ____D C:\Program Files (x86)\IObit
2018-11-01 10:26 - 2018-11-01 10:26 - 000002942 _____ C:\windows\System32\Tasks\{796A02A8-F3D3-424C-BE9A-44A420689A46}
2018-11-01 09:47 - 2018-11-01 12:25 - 000000000 ____D C:\ProgramData\WPInternals
2018-11-01 09:47 - 2018-09-26 22:15 - 002290688 _____ () C:\Users\David\Desktop\WPinternals.exe
2018-11-01 09:41 - 2018-11-01 09:41 - 001078859 _____ C:\Users\David\Downloads\WPinternals 2.6.zip
2018-11-01 00:20 - 2018-11-01 00:20 - 000000000 ____D C:\ProgramData\LGE
2018-11-01 00:20 - 2018-11-01 00:20 - 000000000 ____D C:\ProgramData\HTC
2018-11-01 00:20 - 2018-11-01 00:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Care Suite
2018-11-01 00:16 - 2018-11-01 00:16 - 000000000 ____D C:\Users\David\AppData\Local\B2X
2018-11-01 00:13 - 2018-11-01 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B2X Care Suite
2018-11-01 00:13 - 2018-11-01 00:13 - 000000000 ____D C:\ProgramData\B2X
2018-11-01 00:12 - 2018-11-01 00:12 - 000000000 ____D C:\Program Files (x86)\B2X Care Suite
2018-11-01 00:06 - 2018-11-01 00:06 - 000000000 ____D C:\ProgramData\Nokia
2018-11-01 00:03 - 2018-11-01 00:03 - 000000000 ____D C:\Program Files (x86)\Nokia
2018-11-01 00:03 - 2013-01-23 11:31 - 000057856 _____ (Nokia) C:\windows\system32\nmwcdclsX64.dll
2018-11-01 00:01 - 2018-11-01 00:01 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-10-31 23:53 - 2018-10-31 23:53 - 019054968 _____ (Microsoft) C:\Users\David\Downloads\NokiaSoftwareRecoveryToolInstaller.exe
2018-10-31 17:24 - 2018-10-31 17:42 - 000000241 _____ C:\Users\David\Desktop\Új szöveges dokumentum (3).txt
2018-10-31 13:24 - 2018-10-31 13:24 - 000007680 _____ C:\Users\David\Downloads\20181031_visszaigazolas_9450526931.xls
2018-10-31 12:11 - 2018-10-31 12:11 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-10-31 12:11 - 2018-10-31 12:11 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-31 12:11 - 2018-10-31 12:11 - 000004462 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-31 12:11 - 2018-10-31 12:11 - 000004324 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-10-31 12:11 - 2018-10-31 12:11 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-10-31 12:11 - 2018-10-31 12:11 - 000000000 ____D C:\windows\system32\Macromed
2018-10-31 12:11 - 2018-10-31 12:11 - 000000000 ____D C:\Users\David\AppData\Roaming\Macromedia
2018-10-31 11:16 - 2018-11-06 12:44 - 000026619 ____H C:\Users\David\Desktop\~WRL2265.tmp
2018-10-31 09:09 - 2018-10-31 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeProxy
2018-10-31 09:09 - 2018-10-31 09:09 - 000000000 ____D C:\Program Files (x86)\Hand-Crafted Software
2018-10-31 09:09 - 2010-03-27 11:18 - 000237568 _____ C:\windows\SysWOW64\FreeProxyDLL400.dll
2018-10-31 09:09 - 2000-05-22 00:00 - 001066176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2018-10-31 09:09 - 2000-05-22 00:00 - 000647872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCT2.OCX
2018-10-31 09:09 - 2000-05-22 00:00 - 000608448 _____ (Microsoft Corporation) C:\windows\SysWOW64\COMCTL32.OCX
2018-10-31 09:09 - 2000-01-21 13:14 - 000140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\COMDLG32.OCX
2018-10-31 09:07 - 2018-10-31 09:07 - 005228708 _____ C:\Users\David\Downloads\freeproxy.zip
2018-10-31 08:38 - 2018-11-11 10:06 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-10-31 08:37 - 2018-11-02 15:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-31 07:35 - 2018-10-31 07:35 - 000000000 ____D C:\Users\David\Downloads\Melody Beattie - Ne Függj Senkitől
2018-10-31 02:04 - 2018-11-11 10:29 - 000007329 _____ C:\Users\David\Desktop\Új szöveges dokumentum (2).txt
2018-10-31 01:11 - 2018-10-31 01:13 - 000000000 ____D C:\Users\David\AppData\Local\niemiro
2018-10-31 01:11 - 2018-10-31 01:11 - 002884096 _____ (niemiro) C:\Users\David\Desktop\SFCFix.exe
2018-10-31 01:06 - 2018-10-31 09:50 - 000000000 ____D C:\Users\David\AppData\Roaming\gsmartcontrol
2018-10-31 01:06 - 2018-10-31 01:06 - 000001896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl.lnk
2018-10-31 01:05 - 2018-10-31 09:50 - 000000000 ____D C:\Program Files\GSmartControl
2018-10-31 01:05 - 2018-10-31 01:05 - 007798280 _____ C:\Users\David\Downloads\gsmartcontrol-1.1.3-win32.exe
2018-10-31 01:05 - 2018-10-31 01:05 - 000000000 ____D C:\Users\David\Desktop\gsmartcontrol-1.1.3
2018-10-30 23:02 - 2018-10-30 23:02 - 000002095 _____ C:\Users\David\Documents\DualBootRepair.err
2018-10-30 22:45 - 2018-10-30 22:45 - 000000000 ____D C:\Users\David\Desktop\jokes
2018-10-30 22:37 - 2018-10-30 22:37 - 000000000 ____D C:\Users\David\Desktop\docxs
2018-10-30 22:19 - 2018-11-02 16:12 - 000000000 ____D C:\Users\David\Desktop\arg
2018-10-30 21:27 - 2018-10-30 21:30 - 000000000 ____D C:\Users\David\Desktop\Új mappa (2)
2018-10-30 20:25 - 2018-10-30 22:59 - 000000000 ____D C:\Users\David\Desktop\egyéb
2018-10-30 20:23 - 2018-10-30 22:56 - 000000000 ____D C:\Users\David\Desktop\books
2018-10-30 20:21 - 2018-10-30 22:47 - 000000000 ____D C:\Users\David\Desktop\subs
2018-10-30 20:20 - 2018-10-30 22:57 - 000000000 ____D C:\Users\David\Desktop\songs
2018-10-30 20:08 - 2018-10-30 22:55 - 000000000 ____D C:\Users\David\Desktop\pics
2018-10-30 18:02 - 2018-11-10 18:13 - 487949421 _____ C:\windows\MEMORY.DMP
2018-10-22 17:02 - 2018-10-25 05:26 - 000000000 ____D C:\nokia set
2018-10-22 11:12 - 2016-07-31 01:53 - 006218696 _____ C:\123.cab.cab

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-11 10:29 - 2015-07-31 14:49 - 000000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2018-11-11 10:11 - 2009-07-14 05:45 - 000033712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-11 10:11 - 2009-07-14 05:45 - 000033712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-11 10:03 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-11-11 01:07 - 2015-07-31 15:10 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2018-11-10 18:35 - 2013-05-20 14:08 - 000000000 ____D C:\Qoobox
2018-11-10 18:13 - 2000-01-11 00:06 - 000000000 ____D C:\windows\Minidump
2018-11-10 12:13 - 2016-09-17 17:52 - 000000000 ____D C:\Users\David\AppData\Roaming\Adobe
2018-11-10 11:58 - 2009-07-14 03:34 - 000000215 _____ C:\windows\system.ini
2018-11-10 11:30 - 2015-07-31 14:26 - 000000000 ____D C:\Users\David
2018-11-09 21:21 - 2016-09-11 14:32 - 000054019 _____ C:\Users\David\Desktop\accuracy.txt
2018-11-09 20:29 - 2009-07-14 05:45 - 000490480 _____ C:\windows\system32\FNTCACHE.DAT
2018-11-09 11:51 - 2015-07-31 14:29 - 000124352 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-08 08:12 - 2015-07-31 14:33 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-11-07 17:01 - 2015-07-31 14:29 - 000000000 ____D C:\Users\David\AppData\Local\Apps\2.0
2018-11-07 08:46 - 2016-09-21 18:39 - 000000000 ____D C:\Users\David\Desktop\tan
2018-11-07 08:41 - 2011-04-12 11:42 - 000683120 _____ C:\windows\system32\perfh00E.dat
2018-11-07 08:41 - 2011-04-12 11:42 - 000170678 _____ C:\windows\system32\perfc00E.dat
2018-11-07 08:41 - 2009-07-14 06:13 - 001627024 _____ C:\windows\system32\PerfStringBackup.INI
2018-11-07 08:41 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2018-11-04 08:35 - 2016-03-28 12:58 - 000007602 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2018-11-03 01:21 - 2015-01-23 14:51 - 000000000 ____D C:\Rust 14.03
2018-11-02 19:33 - 2015-07-31 14:29 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-02 15:56 - 2015-08-08 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-02 15:55 - 2016-09-18 12:44 - 000065536 _____ C:\windows\system32\spu_storage.bin
2018-11-01 15:14 - 2015-07-31 20:33 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-11-01 15:04 - 2014-08-12 17:40 - 000000595 _____ C:\Users\David\Desktop\detox journal.txt
2018-11-01 11:00 - 2016-03-20 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2018-11-01 11:00 - 2016-03-20 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-01 11:00 - 2016-02-18 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-11-01 11:00 - 2015-07-31 20:26 - 000000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2018-11-01 11:00 - 2015-07-31 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2018-11-01 11:00 - 2015-07-31 14:50 - 000000000 ____D C:\windows\Panther
2018-11-01 00:18 - 2016-02-18 21:13 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-31 12:11 - 2016-09-14 15:11 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2018-10-31 11:10 - 2009-07-14 04:20 - 000000000 ____D C:\windows\system32\NDF
2018-10-31 10:18 - 2015-08-08 20:36 - 000000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2018-10-30 23:48 - 2009-07-14 06:08 - 000032508 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-10-30 23:02 - 2009-07-14 06:32 - 000032768 _____ C:\windows\system32\config\BCD-Template
2018-10-30 22:52 - 2016-06-09 11:30 - 000000000 ____D C:\Users\David\Desktop\okl
2018-10-30 22:50 - 2014-12-25 14:00 - 000000000 ____D C:\Windows.old.001
2018-10-30 22:34 - 2013-03-31 07:44 - 000000000 ____D C:\Windows.old.000
2018-10-30 22:31 - 2013-09-29 09:16 - 000000000 ____D C:\Windows.old
2018-10-30 21:20 - 2017-01-19 18:12 - 000000000 ____D C:\Letöltések
2018-10-30 20:27 - 2016-11-05 17:48 - 000000000 ____D C:\Users\David\AppData\Roaming\BSplayer
2018-10-30 20:17 - 2014-02-05 23:23 - 000000022 _____ C:\Users\David\Desktop\skyape.txt
2018-10-30 19:23 - 2016-09-17 17:52 - 000000000 ____D C:\Users\David\AppData\LocalLow\Adobe
2018-10-30 19:15 - 2016-09-14 15:13 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-10-30 19:15 - 2016-09-14 15:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-30 19:12 - 2015-01-04 13:29 - 000000000 ____D C:\Users\David\Desktop\settings
2018-10-21 17:14 - 2016-03-30 17:39 - 000000000 ____D C:\AI_RecycleBin
2018-10-20 16:30 - 2016-02-18 20:42 - 000000000 ____D C:\Program Files\KMSpico

==================== Files in the root of some directories =======

2018-01-25 18:25 - 2018-01-25 18:25 - 007649280 _____ () C:\Program Files (x86)\GUTF1BE.tmp
2018-10-19 05:44 - 2018-10-19 05:44 - 000000000 _____ () C:\Users\David\AppData\Local\oobelibMkey.log
2016-03-28 12:58 - 2018-11-04 08:35 - 000007602 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-08-06 17:09 - 2015-08-06 17:09 - 000000000 _____ () C:\Users\David\AppData\Local\{05B28C43-6731-4590-B7F7-64E71D01EAC5}
2017-02-03 14:52 - 2017-02-03 14:52 - 000000000 _____ () C:\Users\David\AppData\Local\{19D28D4F-30F8-4392-B220-36D9EA3EE336}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-04 10:02

==================== End of FRST.txt ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by David (11-11-2018 10:29:51)
Running from C:\Users\David\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-31 13:26:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

David (S-1-5-21-966169890-3953576321-4081166884-1000 - Administrator - Enabled) => C:\Users\David
HomeGroupUser$ (S-1-5-21-966169890-3953576321-4081166884-1003 - Limited - Enabled)
Rendszergazda (S-1-5-21-966169890-3953576321-4081166884-500 - Administrator - Disabled)
Vendég (S-1-5-21-966169890-3953576321-4081166884-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sunbelt VIPRE (Disabled - Out of date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sunbelt VIPRE (Disabled - Out of date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE (Disabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Hungarian (HKLM-x32\...\{AC76BA86-7AD7-1038-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Advanced SystemCare 12 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 12.0.3 - IObit)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Carmageddon 2 Carpocalypse Now (HKLM-x32\...\GOGPACKCARMAGEDDON2_is1) (Version: 2.0.0.26 - GOG.com)
Catalyst Control Center Next Localization BR (HKLM\...\{D7146A6B-7332-3E70-10C0-58C542BEE992}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E82F4744-C8CC-AC06-FB33-5159F352F447}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{73625BB5-62CF-EDD9-1D74-59632209610C}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{6EB0963A-5F6C-2CE5-839F-7F5282B0E2FF}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC2A1888-6E10-66FE-5908-0702E419295A}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{56613EA7-33D7-12E0-8F85-6F9B34B090FB}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{31371EF7-8B7D-A0DA-C431-7F266EEFE2D2}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{626EB909-D761-CD0E-9014-B14B0B72929F}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{0DCC8BF4-22E5-A2C9-1C3B-A405A409DE7D}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{ED983086-4E2A-77FF-2E93-AD8E603A36F7}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{C0B0C896-5471-D57B-3143-A73D4FAF6D88}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{2DBAD098-33C8-7A09-A94A-08E9C6C5B8DF}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{B28C6201-F5FC-9782-40B5-55CA1295682E}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{D564C586-1E9E-4132-5B07-015AE3C6522B}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{CC818E09-ECBE-F7F9-CEB9-2C705B05B857}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7AD88B10-1BAD-6DA3-FEA9-CDE5A2706E67}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{6452BA69-0B9D-3D2D-B5E8-A8F3EAC6CE9A}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9DF94031-88E3-984A-FE55-A9341823A237}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{8A8BC476-D9F2-DD93-0103-D498DE9CD308}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{78013DA1-6D80-3AF3-8852-3DE311DEA796}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{82227B1F-0232-6231-AB7B-EF84297F0132}) (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Counter-Strike Global Offensive 1.35.6.3 verzió (HKLM\...\{BD051FE3-1575-4CD6-81ED-E905FA94720B}_is1) (Version: 1.35.6.3 - Strogino CS Portal)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DFX (HKLM-x32\...\DFX) (Version: 12.017.0.0 - Power Technology)
EaseUS Partition Master 11.9 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Flash Update Installer (HKLM-x32\...\{D0EC28BC-AC86-4729-BA9C-86F56E48670A}) (Version: 8.1.25 - B2X) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeProxy version 4.10 (HKLM-x32\...\FreeProxy/FreeWeb_is1) (Version: 4.10 - Hand-Crafted Software)
Fuse Installer (HKLM-x32\...\{05FD7FF6-31B8-461C-8C0C-E8742600886D}) (Version: 8.1.25 - Nokia) Hidden
GOG.com Carmageddon 2 (HKLM\...\{753f4dd7-070a-4364-b384-36a077200785}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.1.3 - Alexander Shaduri)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.6 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version:  - mobifilereader.com)
Mozilla Firefox 63.0.1 (x64 hu) (HKLM\...\Mozilla Firefox 63.0.1 (x64 hu)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Nokia Software Recovery Tool 8.1.25 (HKLM-x32\...\{5a00ba82-d022-4f0f-a2fd-f1b8fc96d999}) (Version: 8.1.25 - B2X)
Nokia Software Recovery Tool 8.1.25 (HKLM-x32\...\{A8617A31-F9F9-4807-A5E2-C5F1DBF9AA81}) (Version: 8.1.25 - B2X) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{DC7AAF61-0CB5-493A-AB5B-3205956685DC}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Product API Installer (HKLM-x32\...\{F914102A-7C8B-4149-88B1-EE0D16EE22DE}) (Version: 8.1.25 - B2X) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Rust Legacy Experimetal Quick Switch by Zhahaman2001 (HKU\S-1-5-21-966169890-3953576321-4081166884-1000\...\5304ad275917b548) (Version: 1.0.0.4 - Rust Legacy Experimetal Quick Switch by Zhahaman2001)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
Ultimate EPubsoft DRM Removal 11.9.0 (HKLM-x32\...\{D515EC0E-21E9-465E-96D8-3B04C29E626F}) (Version: 11.9.0 - EPUBSOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
USB Serial Port Driver (HKLM-x32\...\{E12118B5-C66D-42A6-B2CC-B1A861B5885E}) (Version: 1.1.13.1605 - Microsoft)
VIA Platform eszközkezelő (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VIPRE Antivirus Premium (HKLM-x32\...\{411C5D92-2AE4-436F-A027-1E441EDC05CE}) (Version: 4.0.4194 - Sunbelt Software) Hidden
VIPRE Antivirus Premium (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 4.0.4194 - Sunbelt Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Frissítési segéd (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation)
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
Windows Inspection Tool Set 3.2.3 (64 bit) (HKLM\...\{A46B053A-671D-411E-ADD3-C5FFD695298E}) (Version: 3.2.3 - Ashok P. Nadkarni)
Windows Phone Ubricking Tool (HKLM-x32\...\Windows Phone Ubricking Tool) (Version: 1.0 - XWintech)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\Sunbelt Software\VIPRE\x64\SBFE.dll [2011-05-11] (Sunbelt Software)
ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\Sunbelt Software\VIPRE\x64\sbamscanshellext.dll [2011-05-11] (Sunbelt Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers4: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\Sunbelt Software\VIPRE\x64\SBFE.dll [2011-05-11] (Sunbelt Software)
ContextMenuHandlers4: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\Sunbelt Software\VIPRE\x64\sbamscanshellext.dll [2011-05-11] (Sunbelt Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-07] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09938F8D-385F-44C4-A5E3-648C051D4354} - System32\Tasks\AdobeGCInvoker-1.0-David-PC-David => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {4DABB6C3-C7DB-4B93-8E57-235C1994DFBD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-31] (Adobe Systems Incorporated)
Task: {65ECC7C1-6D36-46A9-9CF5-E8B95F63F4DB} - System32\Tasks\ASC12_SkipUac_David => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2018-10-16] (IObit)
Task: {7AEED065-5BB1-4C7D-AF5D-6B23FFED9F9D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-31] (Adobe Systems Incorporated)
Task: {8A2D0375-FF0E-41D2-99C8-DF1F9589E320} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {98B2468C-EAE3-488D-A9F9-E755E2E80E67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-02] (Google Inc.)
Task: {9F037355-43A5-4EA7-A3C7-50741D1012E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-02] (Google Inc.)
Task: {A0A76512-82B9-43EE-A9DA-C256FFFF0AE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {A68FD3F1-5E19-46A7-AAB2-E0E3C2E61E22} - System32\Tasks\{796A02A8-F3D3-424C-BE9A-44A420689A46} => C:\Users\David\Desktop\WPinternals.exe [2018-09-26] ()
Task: {A746301F-F2D6-48DF-BE3C-5754C34EA94B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {AB9896A3-E311-45C9-84C5-DFE82EF54460} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {BEF02925-C3BF-466B-AF89-5B8248F3B8DD} - System32\Tasks\ASC12_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2018-10-10] (IObit)
Task: {CAD769B4-25D0-437B-98C8-2E54C6619E56} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {EEC9003B-90A9-4FE3-9B16-C37014C9C9C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2b054a3d8e89c41e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 13"

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-10 16:35 - 2008-07-11 14:04 - 000200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2018-07-10 16:35 - 2008-07-11 14:03 - 000282112 ____N () C:\Windows\system\HsMgr64.exe
2014-04-03 19:44 - 2014-04-03 19:44 - 000510976 _____ () C:\Program Files\Windows Inspection Tool Set\treectrl24.dll
2016-06-22 17:04 - 2016-09-11 17:39 - 001595384 _____ () C:\Program Files (x86)\DFX\DFX.exe
2016-06-22 16:52 - 2016-06-22 16:52 - 000161784 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2016-06-22 16:59 - 2016-06-22 16:59 - 000176120 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2016-06-22 17:57 - 2016-06-22 17:57 - 000098296 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2005-12-22 17:28 - 2005-12-22 17:28 - 000160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
2018-07-10 16:35 - 2011-04-19 13:56 - 000143360 ____N () C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
2016-06-22 17:49 - 2016-06-22 17:49 - 000083960 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-11-04 19:07 - 000000027 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-966169890-3953576321-4081166884-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: Steam => "C:\Windows.old.002\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E33F5B30-318B-4034-99F1-F53B0C87691F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{29F97656-7D91-4AF5-A4DF-B2F5079F865C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A3F5EFA7-E009-48E7-8459-1F3DD270E072}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4FD92559-C067-4D0C-B5B6-79FEA1242A6F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15B4AC61-5C60-4F0F-AF5E-661B60AFBF37}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5AC118A3-92E0-454B-BEF1-09ECE9768442}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{242AED47-0529-457C-961E-BE244D685F90}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B7C57733-BB67-4B1B-B66E-67F1B8D5408F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{120D5A06-10FE-452D-8F94-4B8F69B42524}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{BE3E24A1-DD3F-4BEF-A5EF-FBEC145DEF55}C:\grand.theft.auto.v.v1.36.repack-kaos\gta5.exe] => (Allow) C:\grand.theft.auto.v.v1.36.repack-kaos\gta5.exe
FirewallRules: [UDP Query User{8DF8B461-8158-48E9-BD22-8B323800FF36}C:\grand.theft.auto.v.v1.36.repack-kaos\gta5.exe] => (Allow) C:\grand.theft.auto.v.v1.36.repack-kaos\gta5.exe
FirewallRules: [{EBB798C1-2A57-4850-AA52-739395012473}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{A6CC62FB-635F-4DCB-B1BB-4ED04B680823}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{63AF8673-00FA-4665-8EA0-4ACC91238A6F}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{A1C1215B-C47C-4575-9620-EA91BBF1ED5D}C:\program files (x86)\b2x care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\b2x care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe
FirewallRules: [UDP Query User{176A709C-9F78-4EE1-AF8E-8C30342E6493}C:\program files (x86)\b2x care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\b2x care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe
FirewallRules: [{49C23937-C5DD-4B32-AF3E-6FFEA59F3EE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-11-2018 10:15:24 Installed VIPRE Antivirus Premium.
02-11-2018 10:20:56 Installed VIPRE Antivirus Premium.
02-11-2018 10:43:53 Installed VIPRE Antivirus Premium.
04-11-2018 18:58:53 ComboFix created restore point
09-11-2018 11:46:52 Installed Ultimate EPubsoft DRM Removal 11.9.0.

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2018 10:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2018 06:34:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2018 06:24:47 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Nem sikerül a szűrő gazdafolyamatának inicializálása. A folyamat leáll.

Részletek:
    A művelet a határidő túllépése miatt nem lett befejezve.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/10/2018 06:16:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: A hibát okozó alkalmazás neve: SBAMSvc.exe, verzió: 4.0.4194.0, időbélyeg: 0x4dcaf2bf
A hibát okozó modul neve: ntdll.dll, verzió: 6.1.7601.17514, időbélyeg: 0x4ce7ba58
Kivételkód: 0xc0000005
Hiba pozíciója: 0x00038da9
A hibát okozó folyamat azonosítója: 0xd94
A hibát okozó alkalmazás indításának időpontja: 0x01d47918f0ba4ab0
A hibát okozó alkalmazás elérési útja: C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
A hibát okozó modul elérési útja: C:\windows\SysWOW64\ntdll.dll
Jelentés azonosítója: 57620b98-e50c-11e8-beb9-9c5c8e785b3b

Error: (11/10/2018 06:15:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/10/2018 11:31:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2018 08:30:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2018 10:53:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/11/2018 10:10:29 AM) (Source: bowser) (EventID: 8003) (User: )
Description: A főtallózó az egyik gépről (DESKTOP-I7ISF43) olyan kiszolgálói bejelentést kapott,
hogy ő a főtallózó a következő tartományra vagy átvitelre nézve: NetBT_Tcpip_{188C8A66-6AE7-4170-95B2-C92BE9820F96}.
A főtallózó leáll, vagy választást kezdeményez.

Error: (11/11/2018 10:03:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (AODDriver4.1) a következő hiba következtében leállt:
A rendszer nem találja a megadott elérési utat.

Error: (11/11/2018 10:03:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Az előző rendszerleállítás (‎2018.‎11.‎11. - 2:18:08) váratlan volt.

Error: (11/10/2018 06:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (AODDriver4.1) a következő hiba következtében leállt:
A rendszer nem találja a megadott elérési utat.

Error: (11/10/2018 06:32:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Az előző rendszerleállítás (‎2018.‎11.‎10. - 18:31:19) váratlan volt.

Error: (11/10/2018 06:22:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Letelt egy időkorlát (30000 ms) a(z) Windows hibajelentési szolgáltatás szolgáltatás kapcsolódására való várakozás közben.

Error: (11/10/2018 06:15:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} kiszolgáló nem regisztrálta magát a DCOM-ban a megadott határidő lejárta előtt.

Error: (11/10/2018 06:13:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (AODDriver4.1) a következő hiba következtében leállt:
A rendszer nem találja a megadott elérési utat.


CodeIntegrity:
===================================

Date: 2018-11-04 19:06:49.411
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-04 19:06:49.395
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-30 19:11:28.626
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-10-30 19:11:28.208
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-10-30 19:11:27.772
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-10-30 19:11:27.341
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-10-30 19:11:26.866
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmpag.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-10-30 19:11:26.855
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\David\Desktop\okl\1025 1001\Packages\Drivers\Display\WT6A_INF\B297238\atikmpag.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX™-4300 Quad-Core Processor
Percentage of memory in use: 52%
Total physical RAM: 6126.11 MB
Available physical RAM: 2910.88 MB
Total Virtual: 10124.31 MB
Available Virtual: 6383.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:128.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:111.33 GB) (Free:33.51 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2385563f-7387-11e8-9b76-806e6f6e6963}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: B3EF3492)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=462 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0E522234)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by hulk111, 11 November 2018 - 04:41 AM.


#6 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted 11 November 2018 - 11:02 AM

Hi,

It appears that you have cracked/pirated software on your computer. This is one of the top ways of causing a malware infection on a computer. Again, one of the best and easiest ways to avoid infection is to not use pirated or illegal software. Additionally, such software is as its name suggests - illegal.

Please remove any pirated/cracked programs or downloads from your system, then follow the below steps:

  • Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
  • Important - Save it to your desktop.
  • Right Click CKScanner.exe and select "Run as administrator".
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda

#7 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted 14 November 2018 - 10:49 AM

Hi,

It has been 3 days since your last response. Do you still need help?
If you need more time to reply, let me know. If not, this topic will be closed in 48 hours.

Edited by iMacg3, 14 November 2018 - 10:49 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda

#8 hulk111

hulk111
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:09:22 AM

Posted 15 November 2018 - 12:14 PM

Hi, I had some work to do this week so I didnt want to mess with the PC, I will report back tomorrow or on the weekend, thanks.


Edited by hulk111, 15 November 2018 - 12:14 PM.


#9 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted 15 November 2018 - 01:26 PM

No problem. :)
Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda

#10 hulk111

hulk111
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:09:22 AM

Posted Yesterday, 03:06 PM

Hi, so I deleted some programs and ran the scanner, here are the results:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RVGEC0
 ----- EOF -----
 



#11 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:22 AM

Posted Yesterday, 11:55 PM

Hi,

Thanks for the CKScanner log.

Please run a new FRST scan.
Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two notepad files will pop up (FRST.txt and Addition.txt).

Please copy and paste the contents of FRST.txt and Addition.txt here for my review.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 


"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users