Jump to content

Trojan Agent Detected And Removed But Keeps Coming Back

Fedexi3
 Share

Recommended Posts

Fedexi3

Fedexi3

Posted
Posted (edited)

Hi, I am a user from China.

Recently my Malwarebytes detected Trojan.Agent (Trojan.Agent, HKU\S-1-5-21-114792344-691735885-1974725233-1000_Classes\thunder) on my pc, and even though I quarantined or deleted it completely, it will came back on the next scan whenever I run a program named "迅雷" or XunLei-Thunder. It's a popular torrent downloading software in China, and so far I have been using it for a few years now. I did run a few scans on the software and it's installer folder but all of the results are clean. The scan result makes me worries so I came here to ask for help.

I also ran adwcleaner but it doesn't seem to detect the trojan.

Attached log files from malwarebytes before and after launching the Xunlei below.

 

Thank you so much for your help.

Malwarebytes before launching xunlei.txt

Malwarebytes after launching xunlei.txt

Edited by Fedexi3
fixed typo
Link to post
Share on other sites
Fedexi3

Fedexi3

Posted
  • Author
Posted

Here is a FRST scan and addition.txt on attachment.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by HouBo (administrator) on HOUBO-PC (07-04-2017 04:16:22)
Running from D:\All Download
Loaded Profiles: HouBo (Available Profiles: HouBo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
() D:\BAIDU\BaiduYunGuanjia\yundetectservice.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(深圳市迅雷网络技术有限公司) C:\Users\Public\Thunder Network\KKVideo\Core\Program\Xmp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Reprise Software Inc.) C:\Program Files\Next Limit\RealFlow 10\rlm\rlm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(深圳市迅雷网络技术有限公司) D:\Tencent QQ\1613416342\FileRecv\迅雷无限加速\Program\Thunder.exe
() C:\Program Files (x86)\D-Link\DWA-132\WPSHWPBC.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Reprise Software Inc.) C:\Program Files\Next Limit\RealFlow 10\rlm\rlm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(深圳市迅雷网络技术有限公司) D:\Tencent QQ\1613416342\FileRecv\迅雷无限加速\Program\ThunderPlatform.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Disc Soft Ltd) D:\DAEMON tools Lite\DiscSoftBusServiceLite.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [Google Pinyin 2 Autoupdater] => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [1620296 2015-03-26] (Google Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-06-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\Run: [BaiduYunDetect] => D:\BAIDU\BaiduYunGuanjia\YunDetectService.exe [1052192 2017-03-09] ()
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\MountPoints2: {2db6a4f9-f3db-11e5-87b9-0862662ac1ca} - F:\setup.exe
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\MountPoints2: {5137e299-e006-11e4-81cc-0862662ac1ca} - E:\AutoRun.exe
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\MountPoints2: {b9e84b01-3202-11e5-b4c1-0862662ac1ca} - rundll32.exe url.dll,FileProtocolHandler index.htm
HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\MountPoints2: {f35187e4-cef9-11e6-aa8b-0862662ac1ca} - F:\Setup.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll [2017-02-13] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\Pusher\reghelper\xappex.1.1.1.92.(729).dll [2016-11-07] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(53).dll -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{64F9672A-137B-403E-9AC9-63DE291BED80}: [NameServer] 1.9.1.9,202.188.0.133,192.168.1.1
Tcpip\..\Interfaces\{64F9672A-137B-403E-9AC9-63DE291BED80}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-114792344-691735885-1974725233-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-114792344-691735885-1974725233-1000 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=58051076_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-114792344-691735885-1974725233-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=58051076_oem_dg&ch=33
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\IDMIECC64.dll [2016-11-30] (Internet Download Manager, Tonec Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: VideoUrlSniffer Class -> {00000ADA-7E0D-47C1-986C-F017D09C4304} -> C:\Users\Public\Thunder Network\XMP5\Addins\VideoUrlSniffer.2.3.3.211.(827).dll [2016-04-21] (深圳市迅雷网络技术有限公司)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\IDMIECC.dll [2016-11-30] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-01] (Oracle Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\HouBo\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll => No File
BHO-x32: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> D:\Tencent QQ\1613416342\FileRecv\迅雷无限加速\Program\np_tdieplat.dll [2014-04-23] (深圳市迅雷网络技术有限公司)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HouBo\AppData\Roaming\Mozilla\Firefox\Profiles\6yEzXVu2.default [2017-04-07]
FF Homepage: Mozilla\Firefox\Profiles\6yEzXVu2.default -> www.google.com
FF Extension: (Avira Browser Safety) - C:\Users\HouBo\AppData\Roaming\Mozilla\Firefox\Profiles\6yEzXVu2.default\Extensions\abs@avira.com.xpi [2017-03-16]
FF Extension: (MEGA) - C:\Users\HouBo\AppData\Roaming\Mozilla\Firefox\Profiles\6yEzXVu2.default\Extensions\firefox@mega.co.nz.xpi [2017-04-06]
FF Extension: (Site Deployment Checker) - C:\Users\HouBo\AppData\Roaming\Mozilla\Firefox\Profiles\6yEzXVu2.default\features\{4c4072c9-495f-4d2e-851a-5f5a7f5c1662}\deployment-checker@mozilla.org.xpi [2017-03-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-06-01] [not signed]
FF HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\idmmzcc2.xpi
FF Extension: (IDM integration) - E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HouBo\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\HouBo\AppData\Roaming\IDM\idmmzcc5 [2017-04-07] [not signed]
FF HKU\S-1-5-21-114792344-691735885-1974725233-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> D:\BAIDU\BaiduYunGuanjia\npYunWebDetect.dll [2017-03-09] (Baidu.com, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [No File]
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [No File]
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [No File]
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-114792344-691735885-1974725233-1000: @1.qq.com/npqqwebgame -> C:\Users\HouBo\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [No File]
FF Plugin HKU\S-1-5-21-114792344-691735885-1974725233-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [No File]
FF Plugin HKU\S-1-5-21-114792344-691735885-1974725233-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> D:\迅雷\Data\npxunlei1.0.0.2.dll [2015-11-03] ( )
FF Plugin HKU\S-1-5-21-114792344-691735885-1974725233-1000: duowan.com/Checker -> C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.7\npChecker.dll [No File]
StartMenuInternet: FIREFOX.EXE - D:\Mozilla\firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/",""
CHR Profile: C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-26]
CHR Extension: (贴吧助手chrome增强器) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomlmfclmmhmohomfbmanahiinaagjop [2015-03-26]
CHR Extension: (MEGA) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-04-05]
CHR Extension: (Advanced Font Settings) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2016-08-29]
CHR Extension: (Adobe Acrobat) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (百度贴吧助手) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjhhagfolibokijbgljdmgibmpdfdmj [2015-03-26]
CHR Extension: (IDM Integration Module) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Unblock Youku) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2017-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\HouBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\IDMGCExt.crx [2016-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - E:\Storage ( Regular )\Video\Anime\IDM6.26.14\IDM\IDMGCExt.crx [2016-12-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R3 Disc Soft Lite Bus Service; D:\DAEMON tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-08-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-12] (NVIDIA Corporation)
R2 RLM_RF; C:\Program Files\Next Limit\RealFlow 10\rlm\rlm.exe [2123264 2016-12-01] (Reprise Software Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WPSHWPBC; C:\Program Files (x86)\D-Link\DWA-132\WPSHWPBC.exe [318976 2013-01-17] () [File not signed]
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174448 2015-11-03] (ShenZhen Xunlei Networking Technologies,LTD)
S2 QPCore; "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-23] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-27] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-07] (Malwarebytes)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-06-16] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [88184 2016-03-03] (Tencent)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-11-23] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-03-21] ()
R2 XLWFP; C:\Windows\System32\drivers\xlwfp.sys [56080 2015-08-31] (深圳市迅雷网络技术有限公司)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 QDAntiDrv; \??\C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 04:05 - 2017-04-07 04:16 - 00000000 ____D C:\FRST
2017-04-07 02:48 - 2017-04-07 02:48 - 00000000 ____D C:\ProgramData\Thunder Network
2017-04-07 02:25 - 2017-04-07 02:25 - 00000000 ____D C:\Users\HouBo\AppData\LocalLow\Thunder Network
2017-04-07 01:04 - 2017-04-07 04:15 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-07 01:04 - 2017-04-07 04:15 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-07 01:04 - 2017-04-07 04:15 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-07 01:04 - 2017-04-07 04:15 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-07 01:04 - 2017-04-07 04:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-07 01:04 - 2017-04-07 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-07 01:04 - 2017-04-07 01:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-07 01:04 - 2017-04-07 01:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-07 01:04 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-30 04:53 - 2017-03-30 04:53 - 00000000 ____D C:\Users\HouBo\hitman
2017-03-30 02:24 - 2017-03-30 02:24 - 00000000 ____D C:\Users\HouBo\AppData\Local\id Software
2017-03-28 16:10 - 2017-03-28 16:10 - 00301072 _____ C:\Windows\D5NR.6xlC6
2017-03-28 15:40 - 2017-03-28 15:40 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-03-26 01:59 - 2017-03-26 01:59 - 00000000 ____D C:\Users\HouBo\AppData\LocalLow\Games Farm s_r_o_
2017-03-21 05:42 - 2017-03-21 05:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-21 05:41 - 2017-03-21 05:45 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-19 15:24 - 2017-03-19 15:24 - 00088080 _____ C:\Windows\2.OCN21
2017-03-19 00:36 - 2017-03-19 00:36 - 00000000 ____D C:\Users\HouBo\Documents\Square Enix
2017-03-17 00:27 - 2017-03-17 00:27 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2017-03-17 00:27 - 2017-03-17 00:27 - 00000000 ____D C:\Users\HouBo\Documents\Sports Interactive
2017-03-17 00:27 - 2017-03-17 00:27 - 00000000 ____D C:\Users\HouBo\AppData\Local\Sports Interactive
2017-03-15 14:37 - 2017-03-15 14:37 - 00012304 _____ C:\Windows\C69j9.5SI57
2017-03-15 01:53 - 2017-03-15 01:53 - 49097850 _____ C:\final dragon_原档.mp4
2017-03-14 18:19 - 2017-03-14 18:19 - 34340949 _____ C:\final dragon_x264_flv封装.flv
2017-03-14 18:17 - 2017-03-14 18:17 - 34215989 _____ C:\final dragon_x264.mp4
2017-03-11 00:55 - 2017-03-11 00:55 - 00000000 ____D C:\Users\HouBo\AppData\Local\Tempzxpsignaefc44d808524512
2017-03-11 00:52 - 2016-12-01 15:43 - 13148672 _____ (Red Giant Software) C:\Windows\system32\Gpu_Shader_Engine_x64.dll
2017-03-11 00:52 - 2016-06-20 12:09 - 05528064 _____ (Noesis Technologies) C:\Windows\system32\Noesis.dll
2017-03-08 17:39 - 2017-03-08 17:40 - 00000000 ____D C:\DRMsoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 04:15 - 2015-12-12 14:43 - 11752306 _____ C:\Windows\ntbtlog.txt
2017-04-07 04:15 - 2015-08-04 03:17 - 00000000 ____D C:\ProgramData\Reprise
2017-04-07 04:14 - 2015-03-27 00:16 - 00000000 ____D C:\Users\HouBo\AppData\Roaming\DMCache
2017-04-07 04:14 - 2015-03-26 22:17 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-07 04:14 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-07 03:38 - 2009-07-14 12:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-07 03:38 - 2009-07-14 12:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-07 03:35 - 2009-07-14 13:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-07 03:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-04-07 03:30 - 2016-04-13 15:25 - 00000000 ____D C:\AdwCleaner
2017-04-07 02:58 - 2015-03-27 04:28 - 00007607 _____ C:\Users\HouBo\AppData\Local\Resmon.ResmonCfg
2017-04-07 02:57 - 2017-01-02 23:50 - 00000000 ____D C:\Users\HouBo\AppData\Local\CrashDumps
2017-04-07 01:29 - 2016-07-23 01:15 - 00000000 ____D C:\Program Files (x86)\kuwo
2017-04-07 01:29 - 2016-04-12 14:20 - 00000000 ____D C:\Users\HouBo\AppData\Roaming\qmacro
2017-04-06 20:53 - 2016-10-20 17:13 - 00000000 ____D C:\Users\HouBo\AppData\Roaming\qBittorrent
2017-04-06 17:02 - 2016-11-18 16:18 - 00000000 ____D C:\Users\HouBo\AppData\LocalLow\Mozilla
2017-04-06 14:30 - 2016-09-27 02:35 - 14151320 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-06 06:55 - 2015-03-26 21:53 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 04:06 - 2015-03-22 22:20 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-06 03:45 - 2015-03-27 01:04 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-04-06 03:44 - 2015-03-26 23:06 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-04-05 23:06 - 2015-03-22 22:39 - 00297936 _____ C:\Users\HouBo\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 00:33 - 2017-01-01 05:54 - 00000000 _____ C:\MBLPluginLog.txt
2017-04-05 00:20 - 2017-01-01 05:54 - 00151147 _____ C:\MBL_AE_LogFile.txt
2017-04-05 00:12 - 2015-08-04 03:18 - 00000000 ____D C:\ProgramData\GenArts
2017-04-04 15:10 - 2015-12-10 01:53 - 00000046 _____ C:\Users\HouBo\AppData\Roaming\CoreAVC.ini
2017-04-03 17:00 - 2015-07-23 14:20 - 00000000 ____D C:\Users\HouBo\AppData\Roaming\BaiduYunGuanjia
2017-03-30 23:40 - 2015-11-03 03:49 - 00000000 ____D C:\Users\Public\Thunder Network
2017-03-30 16:27 - 2016-07-19 22:26 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\迅雷影音.lnk
2017-03-30 08:30 - 2016-09-01 03:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-30 04:53 - 2015-03-22 22:08 - 00000000 ____D C:\Users\HouBo
2017-03-29 14:58 - 2015-06-07 19:17 - 00000000 ____D C:\ProgramData\rgt
2017-03-25 22:58 - 2015-03-26 23:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-22 02:36 - 2015-03-27 17:45 - 00000000 ____D C:\Users\HouBo\Documents\My Games
2017-03-21 17:29 - 2016-06-28 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-20 16:14 - 2015-03-29 13:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-20 16:14 - 2015-03-29 13:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-20 16:14 - 2015-03-29 13:17 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-20 16:14 - 2015-03-29 13:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 16:14 - 2015-03-29 13:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 16:14 - 2015-03-22 23:45 - 00000000 ____D C:\Users\HouBo\AppData\Local\Adobe
2017-03-19 00:36 - 2015-08-07 15:06 - 00000000 ____D C:\Users\HouBo\Documents\CPY_SAVES
2017-03-15 19:45 - 2017-01-01 05:53 - 00025112 _____ C:\Users\HouBo\Documents\CIV_LogFile.txt
2017-03-15 05:03 - 2016-07-23 01:20 - 00000000 ____D C:\Users\HouBo\AppData\LocalLow\baiduAddr
2017-03-13 00:18 - 2017-01-01 05:53 - 00000081 _____ C:\Users\HouBo\AppData\Local\FILM_AE_LogFile.txt
2017-03-11 00:55 - 2015-03-29 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-03-11 00:55 - 2015-03-29 13:47 - 00000000 ____D C:\Program Files (x86)\Red Giant
2017-03-10 17:52 - 2015-12-13 02:11 - 00000000 ____D C:\Users\HouBo\AppData\Roaming\BaiduYunKongMing

==================== Files in the root of some directories =======

2015-09-15 19:54 - 2015-09-15 19:54 - 0000020 _____ () C:\Users\HouBo\AppData\Roaming\004D5649544E41696E66
2015-09-15 19:16 - 2015-09-15 19:16 - 0000256 _____ () C:\Users\HouBo\AppData\Roaming\0348EE0CC3992D
2015-08-30 00:58 - 2016-01-22 10:19 - 0000132 _____ () C:\Users\HouBo\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2015-04-01 18:49 - 2016-02-29 12:28 - 0000132 _____ () C:\Users\HouBo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-10-08 22:56 - 2016-12-26 17:14 - 0000033 _____ () C:\Users\HouBo\AppData\Roaming\AdobeWLCMCache.dat
2015-12-10 01:53 - 2017-04-04 15:10 - 0000046 _____ () C:\Users\HouBo\AppData\Roaming\CoreAVC.ini
2015-12-11 20:04 - 2015-12-11 20:04 - 0001456 _____ () C:\Users\HouBo\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-01-01 05:53 - 2017-03-13 00:18 - 0000081 _____ () C:\Users\HouBo\AppData\Local\FILM_AE_LogFile.txt
2015-03-27 04:28 - 2017-04-07 02:58 - 0007607 _____ () C:\Users\HouBo\AppData\Local\Resmon.ResmonCfg
2015-03-23 00:05 - 2015-03-23 00:05 - 33293312 _____ () C:\Users\HouBo\AppData\Local\TempCOLOR_VALUE_I_DIV_J
2015-03-23 00:05 - 2015-03-23 00:05 - 0131072 _____ () C:\Users\HouBo\AppData\Local\TempCOLOR_VALUE_I_MULT_J
2015-03-23 00:05 - 2015-03-23 00:05 - 0003072 _____ () C:\Users\HouBo\AppData\Local\TempRGBTABLE
2015-03-22 22:19 - 2015-03-22 22:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-08-14 20:29 - 2015-07-30 04:08 - 0681097 _____ (SQLite Development Team) C:\Users\HouBo\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-04 18:56

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @Fedexi3 and :welcome:


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.