Jump to content

KarnalEspio

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. After repeated attempts to enter Windows RE it just boots to a black screen with only a cursor. No idea why...
  2. First FRST textlog is thus - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018 Ran by Likku (administrator) on DESKTOP-KQIMIQR (30-01-2018 13:00:11) Running from e:\ Loaded Profiles: Likku (Available Profiles: Likku) Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\System32\pcadzgksvc.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-17] (Realtek Semiconductor) HKLM\...\Run: [rickett] => "C:\Program Files (x86)\Gneiss\unevenly.exe" HKLM\...\Run: [rickettukase] => "C:\Program Files (x86)\biswas\hensel.exe" HKLM\...\Run: [rickettrickett] => "C:\Program Files (x86)\Clements\unevenly.exe" HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5764384 2017-11-20] (IObit) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [Discord] => C:\Users\Likku\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.) HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [compiling] => "C:\Program Files (x86)\relenting\compiling.exe" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\MountPoints2: {50f1a8ab-b946-11e7-a7e5-806e6f6e6963} - "D:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-11-05] ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions) Startup: C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-01-05] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Likku\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 24.144.0.150 24.144.0.146 Tcpip\..\Interfaces\{0c1e88c7-51da-4b5f-8272-8f30693e198f}: [DhcpNameServer] 24.144.0.150 24.144.0.146 Internet Explorer: ================== BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-21] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-21] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default [2018-01-30] CHR Extension: (Google Drive) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-24] CHR Extension: (YouTube) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-24] CHR Extension: (AdBlock) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-29] CHR Extension: (Deluminate) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2018-01-17] CHR Extension: (Morpheon Dark) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-01-17] CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-01-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-24] CHR Extension: (Gmail) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-24] CHR Extension: (Chrome Media Router) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\btgxpzs <==== ATTENTION (Rootkit!) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-30] () S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed] S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-10-24] (EasyAntiCheat Ltd) S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [1769760 2017-11-14] (IObit) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit) S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-10] (Microsoft Corporation) S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [175720 2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd) S2 5b3a80d489f260e4bdf4c61cbf3b27ca; "C:\Program Files\5b3a80d489f260e4bdf4c61cbf3b27ca\c7b5aa7796ab2588a1bb4877cb2ae749.exe" [X] S2 dc6c8067b828cd162c28f6133ea4373d; rundll32.exe C:\WINDOWS\dc6c8067b828cd162c28f6133ea4373d.dll QZKhNgV [X] S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 4311E76C; C:\WINDOWS\System32\drivers\4311E76C.sys [255928 2018-01-27] (Malwarebytes) R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2017-11-17] (Advanced Micro Devices Inc.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-23] (Advanced Micro Devices, Inc.) S3 AndNetDiag; C:\WINDOWS\System32\drivers\lgandnetdiag64.sys [39424 2015-06-19] (LG Electronics Inc.) S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [3097560 2017-12-02] () S3 cdrombus; C:\WINDOWS\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider) R0 cm_km; C:\WINDOWS\System32\drivers\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-27] (Disc Soft Ltd) S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-11-17] (REALiX(tm)) S1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-04-06] (IObit.com) S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com) S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit) S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com) S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com) S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com) S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-10] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-10] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-10] (NVIDIA Corporation) S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [243712 2014-08-08] (QUALCOMM Incorporated) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com) S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-17] (Realtek ) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation) S1 csofzcvj; \??\C:\WINDOWS\system32\drivers\csofzcvj.sys [X] S1 msidntfs; system32\drivers\msidntfs.sys [X] S3 udiskMgr; system32\drivers\psvycf.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-30 12:33 - 2018-01-30 12:58 - 000189802 _____ C:\WINDOWS\ntbtlog.txt 2018-01-30 12:11 - 2018-01-30 12:11 - 000142160 ____N C:\WINDOWS\system32\Drivers\cworuxae.sys 2018-01-30 12:00 - 2018-01-30 12:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2018-01-29 21:31 - 2018-01-29 21:31 - 000000222 _____ C:\Users\Likku\Desktop\PlanetSide 2.url 2018-01-29 20:01 - 2018-01-29 20:01 - 000000765 _____ C:\Users\Likku\Downloads\Fixlog.txt 2018-01-29 19:56 - 2018-01-30 13:00 - 000000000 ____D C:\FRST 2018-01-29 19:56 - 2018-01-29 19:56 - 002393088 _____ (Farbar) C:\Users\Likku\Downloads\FRST64.exe 2018-01-29 18:02 - 2018-01-29 18:02 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2018-01-29 17:51 - 2018-01-29 21:30 - 000000000 ____D C:\ProgramData\RogueKiller 2018-01-29 17:49 - 2018-01-29 17:49 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-01-29 17:49 - 2018-01-29 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-01-29 17:48 - 2018-01-29 17:49 - 000000000 ____D C:\Program Files\RogueKiller 2018-01-29 17:35 - 2018-01-29 17:36 - 036430896 _____ (Adlice Software ) C:\Users\Likku\Downloads\setup (1).exe 2018-01-27 21:33 - 2018-01-27 21:33 - 000550382 _____ C:\Users\Likku\Desktop\asd.mp4 2018-01-17 00:50 - 2018-01-17 02:14 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\BitTorrent 2018-01-16 23:42 - 2018-01-16 23:42 - 001990128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438871.dll 2018-01-16 23:42 - 2018-01-16 23:42 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438871.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 029381936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001331016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001101104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000980880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000933360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000740144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000599536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2018-01-16 23:41 - 2018-01-16 23:41 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb 2018-01-16 23:40 - 2018-01-16 23:40 - 040237456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2018-01-16 23:40 - 2018-01-16 23:40 - 035157488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2018-01-16 23:40 - 2018-01-16 23:40 - 013867656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2018-01-16 23:40 - 2018-01-16 23:40 - 011781912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2018-01-16 23:40 - 2018-01-16 23:40 - 004202992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2018-01-16 23:40 - 2018-01-16 23:40 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2018-01-14 18:59 - 2018-01-14 18:59 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-01-14 17:26 - 2018-01-27 11:28 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4311E76C.sys 2018-01-14 17:24 - 2018-01-14 17:24 - 082149144 _____ (Malwarebytes ) C:\Users\Likku\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe 2018-01-14 17:23 - 2018-01-27 13:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-01-14 17:23 - 2018-01-27 12:57 - 000000000 ____D C:\Users\Likku\Desktop\mbar 2018-01-14 17:23 - 2018-01-27 11:19 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2018-01-14 17:22 - 2018-01-14 17:22 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Likku\Downloads\mbar-1.10.3.1001.exe 2018-01-14 17:16 - 2018-01-14 17:17 - 000852798 _____ C:\Users\Likku\Downloads\SecurityCheck.exe 2018-01-14 17:13 - 2018-01-14 17:26 - 000007606 _____ C:\Users\Likku\AppData\Local\Resmon.ResmonCfg 2018-01-09 21:15 - 2017-10-24 22:33 - 000382504 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe 2018-01-09 21:11 - 2018-01-09 21:11 - 012204074 _____ C:\Users\Likku\Downloads\Valmod-Expansion-master.zip 2018-01-09 14:39 - 2018-01-09 14:39 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-01-09 14:39 - 2018-01-09 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-01-09 14:39 - 2018-01-09 14:39 - 000000000 ____D C:\Program Files\iPod 2018-01-09 14:37 - 2018-01-09 14:39 - 000000000 ____D C:\Program Files\iTunes 2018-01-09 14:32 - 2018-01-09 14:32 - 000000000 ____D C:\Program Files\Bonjour 2018-01-09 14:32 - 2018-01-09 14:32 - 000000000 ____D C:\Program Files (x86)\Bonjour 2018-01-05 23:39 - 2018-01-06 01:07 - 000000000 ____D C:\Users\Likku\Documents\Zuldu 2018-01-05 21:04 - 2018-01-05 21:21 - 000000000 ____D C:\Users\Likku\Documents\Learn 2D 2018-01-05 19:32 - 2018-01-05 23:40 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\DefaultCompany 2018-01-05 16:45 - 2018-01-05 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2018-01-05 16:01 - 2018-01-05 19:32 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\Unity 2018-01-05 16:00 - 2018-01-05 23:39 - 000000000 ____D C:\ProgramData\Unity 2018-01-05 16:00 - 2018-01-05 16:00 - 000000000 ____D C:\Users\Likku\AppData\Local\Unity 2018-01-05 15:59 - 2018-01-05 19:32 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Unity 2018-01-05 15:49 - 2018-01-05 15:49 - 000001239 _____ C:\Users\Likku\Desktop\Facebook Gameroom.lnk 2018-01-05 15:49 - 2018-01-05 15:49 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook 2018-01-05 15:49 - 2018-01-05 15:49 - 000000000 ____D C:\Users\Likku\AppData\Local\Facebook 2018-01-05 15:48 - 2018-01-05 15:48 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2018-01-05 15:47 - 2018-01-05 15:47 - 000000000 ____D C:\Users\Likku\Documents\Visual Studio 2017 2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity 2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity 2018-01-05 15:43 - 2018-01-05 15:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2018-01-05 15:43 - 2018-01-05 15:43 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2018-01-05 15:42 - 2018-01-05 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2018-01-05 15:39 - 2018-01-05 15:39 - 000001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk 2018-01-05 15:38 - 2018-01-05 15:38 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2018-01-05 15:37 - 2018-01-05 15:48 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Visual Studio Setup 2018-01-05 15:37 - 2018-01-05 15:37 - 000000000 ____D C:\Users\Likku\AppData\Roaming\vstelemetry 2018-01-05 15:37 - 2018-01-05 15:37 - 000000000 ____D C:\Users\Likku\AppData\Local\ServiceHub 2018-01-05 15:36 - 2018-01-05 15:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2018-01-05 15:33 - 2018-01-05 15:33 - 000000000 ____D C:\Users\Public\Documents\Unity Projects 2018-01-05 15:22 - 2018-01-05 15:23 - 000000000 ____D C:\Program Files (x86)\GtkSharp 2018-01-05 15:20 - 2018-01-05 15:20 - 000000928 _____ C:\Users\Public\Desktop\Unity 2017.3.0f3 (64-bit).lnk 2018-01-05 15:20 - 2018-01-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.3.0f3 (64-bit) 2018-01-05 15:14 - 2018-01-05 15:21 - 000000000 ____D C:\Program Files\Unity 2018-01-05 15:08 - 2018-01-05 15:08 - 000795664 _____ C:\Users\Likku\Downloads\UnityDownloadAssistant-2017.3.0f3.exe 2018-01-03 13:57 - 2018-01-03 18:07 - 000000000 ____D C:\Users\Likku\AppData\Roaming\vlc 2018-01-03 13:41 - 2018-01-03 13:41 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-01-03 13:41 - 2018-01-03 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2018-01-03 13:40 - 2018-01-03 13:40 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-01-03 13:39 - 2018-01-03 13:40 - 030863288 _____ C:\Users\Likku\Downloads\vlc-2.2.8-win32.exe 2018-01-01 23:43 - 2018-01-01 23:43 - 000000085 _____ C:\WINDOWS\wininit.ini 2018-01-01 16:02 - 2018-01-01 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2018-01-01 16:00 - 2018-01-01 23:42 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-01-01 15:59 - 2018-01-01 23:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-01-01 15:54 - 2018-01-01 15:55 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Likku\Downloads\spybotsd-2.6.46.exe 2017-12-31 21:24 - 2018-01-01 01:34 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Talisman 2017-12-31 21:22 - 2017-12-31 21:22 - 000000222 _____ C:\Users\Likku\Desktop\Talisman Digital Edition.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-30 14:31 - 2017-09-29 02:45 - 016252928 _____ C:\WINDOWS\system32\config\HARDWARE 2018-01-30 12:55 - 2017-12-10 07:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-01-30 12:36 - 2017-12-10 07:49 - 000000000 ____D C:\Users\Likku 2018-01-30 12:33 - 2017-12-24 15:52 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\pcadzgksvc.exe 2018-01-30 12:24 - 2017-12-10 08:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-30 12:24 - 2017-10-25 22:01 - 000000000 ____D C:\ProgramData\NVIDIA 2018-01-30 12:20 - 2017-12-24 15:54 - 000000000 ____D C:\Users\Likku\AppData\Local\nvrelwg 2018-01-30 12:18 - 2017-12-10 08:21 - 000003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Likku) 2018-01-30 12:11 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-01-30 12:00 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF 2018-01-30 11:52 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-30 10:09 - 2017-10-31 09:44 - 000000000 ____D C:\ProgramData\ProductData 2018-01-30 08:27 - 2017-11-21 12:47 - 000000000 ____D C:\Users\Likku\AppData\Local\CrashDumps 2018-01-29 23:50 - 2017-10-24 21:36 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-29 15:39 - 2017-10-30 14:31 - 000000000 ____D C:\Users\Likku\Documents\My Games 2018-01-29 15:39 - 2017-10-25 11:08 - 000000000 ____D C:\GOG Games 2018-01-29 15:27 - 2017-12-28 19:11 - 000000000 ____D C:\Users\Likku\Desktop\cuphead 2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-01-29 14:29 - 2017-12-24 15:54 - 000000000 ____D C:\Users\Likku\AppData\Local\igfxmtc 2018-01-29 14:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-01-22 16:33 - 2017-10-25 14:56 - 000001154 _____ C:\Users\Likku\Desktop\Cheat Engine.lnk 2018-01-17 02:14 - 2017-10-24 21:40 - 000000000 ____D C:\Users\Likku\AppData\Roaming\BitTorrent 2018-01-16 23:41 - 2017-11-17 06:12 - 036350960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2018-01-16 23:40 - 2017-11-17 06:12 - 004485376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2018-01-16 23:40 - 2017-11-17 06:12 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2018-01-12 11:56 - 2017-10-25 18:49 - 000551160 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2018-01-12 11:34 - 2017-10-25 18:49 - 000000000 ____D C:\Users\Likku\AppData\Roaming\7DaysToDie 2018-01-12 09:42 - 2017-10-31 09:42 - 000000000 ____D C:\ProgramData\IObit 2018-01-11 10:28 - 2017-11-21 23:42 - 000000000 ____D C:\Users\Likku\Documents\OPDND Backup 2018-01-09 18:05 - 2017-12-10 08:21 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2135662973-237965672-1908853102-1001 2018-01-09 18:05 - 2017-10-24 21:40 - 000002363 _____ C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-01-09 18:05 - 2017-10-24 21:40 - 000000000 ___RD C:\Users\Likku\OneDrive 2018-01-08 21:49 - 2017-10-24 21:39 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-08 21:49 - 2017-10-24 21:39 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-05 15:45 - 2017-10-25 12:09 - 000000000 ____D C:\ProgramData\Package Cache 2018-01-05 15:42 - 2017-12-10 08:58 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-01-05 15:41 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-01-01 23:47 - 2017-12-23 04:11 - 000000000 ____D C:\Program Files (x86)\GOG.com 2018-01-01 16:55 - 2017-12-13 01:17 - 000000000 ____D C:\Users\Likku\AppData\Local\Life is Feudal MMO 2018-01-01 02:06 - 2017-12-28 15:06 - 000000406 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Likku.job 2018-01-01 02:06 - 2017-12-10 07:38 - 000222000 _____ C:\WINDOWS\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2017-11-02 12:01 - 2017-11-07 17:22 - 000005632 _____ () C:\Users\Likku\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-01-14 17:13 - 2018-01-14 17:26 - 000007606 _____ () C:\Users\Likku\AppData\Local\Resmon.ResmonCfg 2017-12-12 22:47 - 2017-12-30 20:16 - 000002740 _____ () C:\Users\Likku\AppData\Local\Tempbannercash.tmp 2017-12-12 22:47 - 2017-12-30 20:16 - 000027386 _____ () C:\Users\Likku\AppData\Local\Tempnewscash.tmp 2017-12-24 15:52 - 2017-12-24 15:52 - 000003072 _____ () C:\Users\Likku\AppData\Local\uninstallML.exe Some files in TEMP: ==================== 2018-01-29 17:51 - 2017-12-10 09:12 - 001954048 _____ (Microsoft Corporation) C:\Users\Likku\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\drivers\cworuxae.sys -> Access Denied <======= ATTENTION LastRegBack: 2018-01-21 03:53 ==================== End of FRST.txt ============================ Then the Addition txtlog is thus - Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by Likku (30-01-2018 13:02:11) Running from e:\ Windows 10 Pro Version 1709 16299.125 (X64) (2017-12-10 14:25:13) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2135662973-237965672-1908853102-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2135662973-237965672-1908853102-503 - Limited - Disabled) Guest (S-1-5-21-2135662973-237965672-1908853102-501 - Limited - Disabled) Likku (S-1-5-21-2135662973-237965672-1908853102-1001 - Administrator - Enabled) => C:\Users\Likku WDAGUtilityAccount (S-1-5-21-2135662973-237965672-1908853102-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) BitTorrent (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine) Citra (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\{eedecada-da67-4159-8ad5-db836985752e}) (Version: 1.0.0 - Citra Team) Discord (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Discord) (Version: 0.0.299 - Discord Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit) Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fable Anniversary (HKLM-x32\...\Fable Anniversary_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm) Facebook Gameroom 1.10.6515.35995 (HKLM-x32\...\{0B5F75BB-9192-4E2C-A0A6-D07DC31A2E84}) (Version: 1.10.6515.35995 - Facebook) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.4 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit) iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Life Is Feudal (HKLM-x32\...\Life Is Feudal) (Version: - BitBox) Microsoft OneDrive (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation) Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation) paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC) PCGen60601 (HKLM-x32\...\PCGen60601) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.) RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software) ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version: - ) The Last Remnant — Repacked by R.G. Revenants (HKLM-x32\...\The Last Remnant_R.G. Revenants) (Version: 1.0.515.0 - Square Enix) Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS) Visual Studio Community 2017 (HKLM\...\7d5ffe3c) (Version: 15.5.27130.2010 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden WPS Office (10.2.0.5965) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5965 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2135662973-237965672-1908853102-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-28] () ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit) ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation) ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit) ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit) ContextMenuHandlers1_S-1-5-21-2135662973-237965672-1908853102-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {034FD79F-5A23-49DE-8592-7C7E072C7EEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {225BE743-1698-45B0-B804-712317C579A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-24] (Google Inc.) Task: {2B8C6A39-EF4B-4A07-A8A4-0FC67F1DEB13} - System32\Tasks\WpsUpdateTask_Likku => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\wtoolex\wpsupdate.exe [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {30425538-737E-4AB3-823A-E9C34105347F} - System32\Tasks\WpsNotifyTask_Likku => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: {309E9878-4690-4550-B555-FA8B3980BD0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {325B42DC-C900-4AF5-A053-D9093869428A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {3A387C2F-E49F-4290-BE30-A38EC21D122E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {41F361FE-5770-4A68-BCA0-E90473788702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-24] (Google Inc.) Task: {5B5A4C4D-7231-4197-B309-0EF710915C8D} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions) Task: {6AFA7E0B-4368-4479-BD57-1A8164734AD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {7312615F-E7F0-441A-BC79-10340763B24F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation) Task: {735BA339-81FC-4FA6-974B-B42B34057CF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {7BF1D315-58C0-4D1A-9A6D-29856E32DDD8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation) Task: {7D53DF6D-338E-4B0D-BD4A-ECF49ABE0E58} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\Scheduler.exe [2017-08-30] (IObit) Task: {8F42AB90-22AE-4EBB-A048-0DBF4554995A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {9866DE91-B0CB-4A90-9E99-60070DE90326} - System32\Tasks\WpsExternal_Likku_20171228151506 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {BEE2DE1B-564E-4BF9-8EFE-525AF562D140} - System32\Tasks\Driver Booster SkipUAC (Likku) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [2017-10-11] (IObit) Task: {C49A0AB4-6AB0-490A-B8AC-F8C214D0AC18} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation) Task: {C7031B57-6DD3-444C-94B7-691354621587} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {C9797915-1527-458B-8055-2D4CDEBAE357} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation) Task: {CA1304AD-075D-468F-A192-74729D362528} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {CEF8B393-9348-4F8B-A9EE-4F499F92430F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {D5A5462D-E184-429E-8820-5B2C8BE0EF5A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation) Task: {FF97E293-F84A-4A09-ADDE-D465D4739C1B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Likku.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-10-24 21:34 - 2017-10-24 21:27 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2135662973-237965672-1908853102-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Likku\Desktop\god.png DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "rickettukase" HKLM\...\StartupApproved\Run: => "rickettrickett" HKLM\...\StartupApproved\Run: => "rickett" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "coercecorr" HKLM\...\StartupApproved\Run32: => "coercecoerce" HKLM\...\StartupApproved\Run32: => "coerce" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "initioinitio.lnk" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "initio.lnk" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukaserickett" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "compiling" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corrcoerce" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "roufac" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "bhatti" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukaseukase" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukase" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corrcorr" HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{11BB6BC1-0ED7-4838-B673-7E83E4CF8E77}C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe] => (Allow) C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe FirewallRules: [TCP Query User{805F1FC4-EB1E-4021-81BE-30E007B1B2F9}C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe] => (Allow) C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe FirewallRules: [UDP Query User{755D422B-9093-4749-8280-2095BEF6F331}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [TCP Query User{F05D1EAB-1715-4E4B-99D0-F381B1B7F1BB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{0A9B22C6-77B8-4365-8B02-DE5CE77A8F53}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{F68D3449-3D7C-4158-8F4B-9DA6650CC948}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{E414DD35-6384-42BF-99A1-3656D5BC582E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{9363825E-16DE-4E2B-A209-289A09501F20}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [{2A8438C2-B8AD-4099-9434-0214BE903C3A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{D8DD7268-C123-46ED-B064-5D1E5F629E13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EA0C0121-5E4A-44D9-981B-F501E55BB721}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EC6E9078-4511-498D-BD6B-A80EC460F4CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02E2A4F7-13EE-4A0A-915A-53755DC055FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{F2B8D5E7-1600-4C90-AF50-94629E7BE540}C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe] => (Block) C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe FirewallRules: [TCP Query User{33786F78-9A19-4D83-9D9C-85873998F8BB}C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe] => (Block) C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe FirewallRules: [UDP Query User{289A7436-8C99-43A9-9DB7-B4B6E8715A5A}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe FirewallRules: [TCP Query User{3C3490A9-D83D-41B9-A1ED-A88F029A62D0}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe FirewallRules: [{22B4EC7A-F412-46A4-BBB6-275C79AE791D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe FirewallRules: [{3F8E1AF7-A2E4-4A41-A0C2-E784CF6C6F3D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe FirewallRules: [{73905AA4-1BF0-45EB-81D0-DCA7296EB50F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe FirewallRules: [{77D27C90-46DA-4364-B07E-8F348A35966C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe FirewallRules: [{1A68CAA9-30D5-4E94-9427-5F8A4C7EB8D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe FirewallRules: [{E15A28E7-1181-4246-B7CC-517EBCF5C3B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe FirewallRules: [{EEB58190-59A2-47B4-857F-FB116EE866E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A665D29B-6D25-4146-BD4E-78611F88AD9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{934682BA-15D9-4360-9178-0F1CD55B6EF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{C4912F78-C217-4861-80E5-D19481ECE5D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{420B8BA7-3A3B-476D-BBA3-54BAF60E0E51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [UDP Query User{8148B6F2-6EE3-4E89-AA8D-5A02E45CFBD1}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe FirewallRules: [TCP Query User{ADC82747-C4E9-4C4C-A795-03A530D7FD2F}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe FirewallRules: [{97CFC4AC-26F3-43CF-A439-750D1C16C9A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{B46CD783-8EBC-4555-AAFF-75049BF469BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{94FF1394-DD3B-47B6-904A-89F6BEC910F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{6B78373F-D0DF-4A55-A17E-84D453CAE7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{0C2D4CE1-8CA9-4533-92D1-861F75CAF835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe FirewallRules: [{2B7D1159-3418-49F2-AC72-6FD4D2E3E446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe FirewallRules: [{B347DF41-AD32-464B-9A32-193C8AA2992D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{650E0D39-9EA3-45E7-8A79-4FFB31FABF85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{D3E55198-A36E-4AC5-94CF-A33361042C93}] => (Allow) C:\Users\Likku\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{FBC4F392-F86E-4AF1-9C38-181CB427B4C8}] => (Allow) C:\Users\Likku\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{47DF86D6-10D3-4AA4-BD63-D92BED28E598}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{68C70A87-D502-448E-A742-AB28346FB469}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{A40315D4-6DC1-491B-96F6-98E666AE2053}C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe] => (Allow) C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe FirewallRules: [UDP Query User{FE030D9D-26C9-4D0A-8BCE-921327A86B5F}C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe] => (Allow) C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe FirewallRules: [{722F5442-A2CE-43A7-983B-232E11B20CE5}] => (Allow) C:\Users\Likku\AppData\Local\Life is Feudal MMO\launcher.exe FirewallRules: [{74D50017-9531-481E-8F2F-06BD3F6661C2}] => (Allow) C:\Users\Likku\AppData\Local\Life is Feudal MMO\launcher.exe FirewallRules: [{1ADB6549-894E-4FC8-857A-23548B862644}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5B05A175-ACD2-485E-B76A-30F3870EDA5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe FirewallRules: [{A3B5181E-B4ED-4C35-A7F6-AEDC87607E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe FirewallRules: [{1FE97582-CA86-46FC-A4BB-283CEB732AF7}] => (Allow) C:\Program Files (x86)\Gneiss\unevenly.exe FirewallRules: [{6B441946-3E91-41E2-A5D1-50C144EBD459}] => (Allow) C:\Program Files (x86)\Clements\unevenly.exe FirewallRules: [{B4E5C7A4-E268-46A5-B860-2DD53D622C90}] => (Allow) C:\Program Files (x86)\biswas\hensel.exe FirewallRules: [{01ED0C23-B84B-4818-8D43-079908A496DB}] => (Allow) C:\Program Files (x86)\Clements\hensel.exe FirewallRules: [{9A04EDF3-6813-4E10-9436-B32D8B3E6976}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{0A6D8C0A-FC91-4ACC-A4EA-5C26D3302481}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\wpscloudsvr.exe FirewallRules: [{BBAFB184-F50A-489A-90B8-3B30BBB528D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe FirewallRules: [{4F4766D6-748F-4F5E-8994-F82FC5D7104E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe ==================== Restore Points ========================= 30-01-2018 02:28:26 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2018 11:17:06 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (01/30/2018 11:17:04 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (01/30/2018 10:59:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend. Error: (01/30/2018 09:55:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend. Error: (01/30/2018 09:47:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (01/30/2018 08:51:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (01/30/2018 08:36:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (01/30/2018 08:26:53 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Users\Likku\AppData\Local\nvrelwg\libcef.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program bad_module_info because of this error. Program: bad_module_info File: C:\Users\Likku\AppData\Local\nvrelwg\libcef.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (01/30/2018 08:26:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000006 Fault offset: 0x77801615 Faulting process id: 0x3b90 Faulting application start time: 0x01d399d65dc06a98 Faulting application path: bad_module_info Faulting module path: unknown Report Id: 6fd1b45e-3c57-4455-ba13-320778c61ee0 Faulting package full name: Faulting package-relative application ID: Error: (01/30/2018 07:46:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR) Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. System errors: ============= Error: (01/30/2018 01:02:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NlaSvc service depends on the Dhcp service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHttpAutoProxySvc service depends on the Dhcp service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The mrxsmb20 service depends on the mrxsmb service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The mrxsmb service depends on the rdbss service which failed to start because of the following error: A device attached to the system is not functioning. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The LanmanWorkstation service depends on the nsi service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Dnscache service depends on the nsi service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Wcmsvc service depends on the nsi service which failed to start because of the following error: The dependency service or group failed to start. Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The nsi service depends on the nsiproxy service which failed to start because of the following error: A device attached to the system is not functioning. CodeIntegrity: =================================== Date: 2018-01-30 12:08:12.444 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:08:12.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:07:29.603 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:07:29.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:07:18.123 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:07:18.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:06:53.439 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:06:53.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:00:19.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-30 12:00:19.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 965 Processor Percentage of memory in use: 9% Total physical RAM: 8189.55 MB Available physical RAM: 7373.11 MB Total Virtual: 11773.55 MB Available Virtual: 11093.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.06 GB) (Free:650.61 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (SupCom1) (CDROM) (Total:5.07 GB) (Free:0 GB) UDF Drive e: () (Removable) (Total:29.1 GB) (Free:21.69 GB) FAT32 Drive f: () (Removable) (Total:7.45 GB) (Free:1.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 741224D5) Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 29.1 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  3. Thanks for the swift reply! This is the txtlog. Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by Likku (29-01-2018 20:01:32) Run:1 Running from C:\Users\Likku\Downloads Loaded Profiles: Likku (Available Profiles: Likku) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 20:01:33 ====
  4. I'll keep it short and sweet. I have obvious malware, specifically 'Windows Process Manager', six instances running in Task Manager. Pretty sure the guilty files are 'nikrhdx.exe' of which I see multiple instances in Details tab of Task Manager. I've ran Malwarebytes Anti-Malware, as well as the Anti-Rootkit beta. The anti-malware came backclean, but MBAR comes back dirty each time, even after reboot. I am currently running RogueKiller, and when it finishes I'm going to run FRST then run FRST again in RE. I've gathered that those things and their logs will be needed for you guys to help me. Please help, I use this computer for not only running videogames, but also creating games in Unity and I can't even run 7DTD more or less properly create with Unity with the drain to my already old system.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.