Jarek Posted September 1, 2017 ID:1159289 Share Posted September 1, 2017 So I was infected by this virus once again....And I don't want to reset my laptop all over again so I was looking for some solutions without resetting my laptop Link to post Share on other sites More sharing options...
Valinorum Posted September 1, 2017 ID:1159299 Share Posted September 1, 2017 Hi , My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s): Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance. Please do not install any new software while we are working on this system as it may hinder our process. Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean. Please do not try to fix anything without being asked. Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise. Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread. Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system. If you are confused about any instruction, stop and ask. Do not keep on going. Do not repeat the steps if you face any problems. I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed. Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication. The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage. Step #1 Scan with Malwarebytes' Anti-MalwareDownload and install Malwarebytes' Anti-Malware from the link below --Download Link Once the program has loaded, The MBAM dashboard will appear with an alert to update. Update the program should this happen;Navigate to the Settings > tab Protection and ensure that all the options under Scan Options turned on From the Dashboard, navigate to Scan and click on Scan Now; If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so; On completion of the scan click on Reports > Choose the Scan Report > View Report > Export > Export to .txt file, and save the report to your Desktop. Copy and Paste the contents of the log in your next reply. Step #2 Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.Download link for 32 bit systemDownload link for 64 bit system Right-click on the program and choose Run as administrator; Put tick-mark on all boxes under Whitelist and Optional Scan; Click on Scan; After the scan two notepad files will be opened --FRST.txt; Addition.txt Copy and Paste the contents of the logs in your next reply. Link to post Share on other sites More sharing options...
Jarek Posted September 1, 2017 Author ID:1159405 Share Posted September 1, 2017 (edited) Ahmm I can't open Malwarebytes and I think its the virus that won't let me open it Update: Neither FRST Edited September 1, 2017 by Jarek Update Link to post Share on other sites More sharing options...
Jarek Posted September 1, 2017 Author ID:1159418 Share Posted September 1, 2017 I uhh managed to tried the scan in safe mode so here it is. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/1/17 Scan Time: 8:58 PM Log File: 3b6cda36-8f15-11e7-a4dc-000000000000.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2652 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JAREK\jarek -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 292723 Threats Detected: 9 Threats Quarantined: 9 Time Elapsed: 15 min, 38 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarantined, [925], [331708],1.0.2652 HackTool.AutoKMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KMSEmulator, Quarantined, [1980], [370307],1.0.2652 Registry Value: 1 PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Quarantined, [925], [331708],1.0.2652 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 6 Trojan.Agent.Generic, C:\USERS\JAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\START.LNK, Quarantined, [458], [394779],1.0.2652 HackTool.AutoKMS, C:\PROGRAMDATA\KMSAUTO\BIN\KMSSS.EXE, Quarantined, [1980], [370307],1.0.2652 CrackTool.KMSPico, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, Quarantined, [7682], [103306],1.0.2652 CrackTool.KMSPico, C:\PROGRAM FILES\KMSPICO\AUTOPICO.EXE, Quarantined, [7682], [103305],1.0.2652 PUP.Optional.WinYahoo, C:\USERS\JAREK\APPDATA\LOCAL\TEMP\IN1A1AEB34\512F0DE8_STP\SETUP.EXE, Quarantined, [71], [394188],1.0.2652 PUP.Optional.SpyHunter, C:\USERS\JAREK\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [925], [345850],1.0.2652 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Jarek Posted September 1, 2017 Author ID:1159420 Share Posted September 1, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by jarek (administrator) on JAREK (01-09-2017 21:27:10) Running from C:\Users\jarek\Downloads Loaded Profiles: jarek (Available Profiles: jarek) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () D:\Garena Plus\ggdllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () D:\Garena Plus\ggdllhost.exe () D:\Garena Plus\GarenaMessenger.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Garena Plus\bbtalk\BBTalk.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [9184272 2017-08-10] () HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{278E98EB-612A-4C27-851A-7A55D5B16E50}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler: WSKVAllmytubechrome - No CLSID Value Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: i2mie363.default FF ProfilePath: C:\Users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\i2mie363.default [2017-09-01] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-12] (Microsoft Corporation) FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default [2017-09-01] CHR Extension: (Google Slides) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12] CHR Extension: (Google Docs) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12] CHR Extension: (Google Drive) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12] CHR Extension: (YouTube) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12] CHR Extension: (Google Sheets) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12] CHR Extension: (Google Docs Offline) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12] CHR Extension: (AdBlock) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12] CHR Extension: (Chrome Media Router) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09] CHR HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-02] (@ByELDI) [File not signed] S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. ) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-01] (Malwarebytes) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys ==> MD5 is legit C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 09391BA416AA29682298A612FDFDD7B8 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 4FC8D35A60FD9D989AF412EA2AEDF8C0 C:\Program Files (x86)\BlueStacks\BstkDrv.sys 7DB8EE09821A6D81A19A6591C9B8AA3A C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\drivers\MBAMSwissArmy.sys 94FCA94EE7937EA3ED75F39DE4C8E292 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\npf.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8 C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04 C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-01 21:24 - 2017-09-01 21:24 - 000002105 _____ C:\Users\jarek\Downloads\Malwarebytes.txt 2017-09-01 21:16 - 2017-09-01 21:16 - 000002190 _____ C:\Users\jarek\Documents\Malware report.txt 2017-09-01 20:56 - 2017-09-01 21:20 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-01 20:56 - 2017-09-01 20:56 - 000035701 _____ C:\Users\jarek\Downloads\Shortcut.txt 2017-09-01 20:56 - 2017-09-01 20:56 - 000029169 _____ C:\Users\jarek\Downloads\Addition.txt 2017-09-01 20:56 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-01 20:55 - 2017-09-01 21:27 - 000028421 _____ C:\Users\jarek\Downloads\FRST.txt 2017-09-01 20:55 - 2017-09-01 21:27 - 000000000 ____D C:\FRST 2017-09-01 20:48 - 2017-09-01 20:56 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-01 20:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-01 20:43 - 2017-09-01 20:46 - 066347240 _____ (Malwarebytes ) C:\Users\jarek\Downloads\mb3-setup-consumer-3.2.2.2018.exe 2017-09-01 20:40 - 2017-09-01 20:43 - 002395648 _____ (Farbar) C:\Users\jarek\Downloads\FRST64.exe 2017-09-01 13:30 - 2017-09-01 13:30 - 000000000 _____ C:\autoexec.bat 2017-08-30 20:56 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Mozilla 2017-08-30 20:51 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\Local\Mozilla 2017-08-30 20:51 - 2017-08-30 20:51 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-08-30 20:51 - 2017-08-30 20:51 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-30 20:39 - 2017-08-30 20:39 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Google 2017-08-23 19:34 - 2017-08-23 19:34 - 000220423 _____ C:\Users\jarek\Downloads\tf03895499.potx 2017-08-22 19:19 - 2017-08-22 19:44 - 541968498 _____ C:\Users\jarek\Downloads\SOCOM_US_Navy_SEALs_Fireteam_Bravo_2_USA_PSP-pSyPSP.rar 2017-08-20 19:29 - 2017-08-20 19:45 - 306190401 _____ C:\Users\jarek\Downloads\SOCOM_US_Navy_Seals_Fireteam_Bravo_USA_PSP-ARTiSAN.rar 2017-08-20 18:46 - 2017-09-01 21:16 - 000392630 _____ C:\Windows\ntbtlog.txt 2017-08-20 18:30 - 2017-08-20 18:31 - 000000000 ____D C:\Users\Public\Documents\GTA Vice City User Files 2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} 2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F} 2017-08-20 18:14 - 2017-09-01 15:33 - 000000000 ____D C:\Users\jarek\Documents\GTA Vice City User Files 2017-08-20 08:30 - 2017-09-01 20:46 - 000000000 ___HD C:\Users\jarek\AppData\Roaming\ohrakfvy 2017-08-18 07:45 - 2017-08-18 07:45 - 000000000 ____D C:\Users\jarek\AppData\Local\ASHelper 2017-08-17 20:13 - 2017-08-17 20:13 - 000000000 ____D C:\Users\jarek\AppData\Local\ElevatedDiagnostics 2017-08-16 11:54 - 2017-08-16 11:54 - 3730374656 ____N C:\Users\jarek\Downloads\Call of Duty 3 (USA).iso 2017-08-16 09:42 - 2017-08-16 11:51 - 2480861087 _____ C:\Users\jarek\Downloads\Call of Duty 3 (USA).7z 2017-08-16 07:26 - 2017-08-16 07:26 - 001895923 _____ C:\Users\jarek\Downloads\Handouts.zip 2017-08-16 07:21 - 2017-08-20 18:56 - 000000000 ____D C:\Users\jarek\Documents\PCSX2 2017-08-15 21:18 - 2017-08-15 21:20 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0 2017-08-15 21:18 - 2017-08-15 21:18 - 000001939 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk 2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2017-08-15 21:16 - 2017-08-15 21:17 - 017837152 _____ C:\Users\jarek\Downloads\pcsx2-1.4.0-setup.exe 2017-08-14 19:41 - 2017-08-14 19:41 - 000739551 _____ C:\Users\jarek\Downloads\MODULE-special-products.pdf 2017-08-13 12:59 - 2017-08-13 13:08 - 000000000 ____D C:\Users\jarek\Documents\GTA3 User Files 2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} 2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} 2017-08-13 12:21 - 2017-08-13 12:21 - 000003226 ____N C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} 2017-08-12 18:28 - 2017-08-12 18:28 - 000000012 _____ C:\Users\jarek\Documents\aw.txt 2017-08-06 18:00 - 2017-08-06 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City [Full] 2017-08-02 21:35 - 2017-08-05 11:12 - 000000000 ____D C:\Users\jarek\Downloads\Linkin Park 2017-07-28 23:38 - 2017-08-23 18:48 - 000000000 ____D C:\Users\jarek\Downloads\Games 2017-07-28 23:37 - 2017-08-16 20:24 - 000000000 ____D C:\Users\jarek\Downloads\UE 2017-07-26 18:21 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\MALWAREBYTES 2017-07-26 18:15 - 2017-07-26 18:15 - 000000000 ____D C:\Program Files\Malwarebytes 2017-07-26 07:20 - 2017-07-26 07:23 - 000000000 ____D C:\Users\jarek\Downloads\SHAREit 2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Umeng 2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Local\SHAREit Technologies 2017-07-26 07:19 - 2017-07-26 07:19 - 000001206 _____ C:\Users\Public\Desktop\SHAREit.lnk 2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit 2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies 2017-07-25 14:42 - 2017-07-25 16:04 - 000000000 ____D C:\Users\jarek\AppData\Roaming\audacity 2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\Users\Public\Desktop\Audacity.lnk 2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-07-25 14:42 - 2017-07-25 14:42 - 000000000 ____D C:\Users\jarek\AppData\Local\Audacity 2017-07-24 13:42 - 2017-08-20 00:11 - 000000000 ____D C:\Users\jarek\AppData\Roaming\lnjbt 2017-07-23 10:24 - 2017-07-23 10:24 - 000000932 ____N C:\Users\jarek\Desktop\PPSSPP.lnk 2017-07-19 21:37 - 2017-07-19 21:42 - 000000000 ____D C:\Users\jarek\Documents\Biology 2017-07-03 16:41 - 2017-07-03 16:41 - 000000000 ____D C:\Windows\system32\appmgmt 2017-07-02 09:16 - 2017-07-02 09:16 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Critical Force 2017-07-02 08:52 - 2017-07-02 08:52 - 000000000 ____D C:\Users\Public\Facebook Games 2017-06-30 20:12 - 2017-07-03 16:41 - 000000000 ____D C:\Users\jarek\AppData\Local\Facebook 2017-06-24 09:27 - 2017-08-23 18:47 - 000000000 ____D C:\Users\jarek\Documents\PPSSPP 2017-06-24 09:27 - 2017-06-24 09:27 - 000000547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk 2017-06-20 18:02 - 2017-06-20 18:02 - 000000000 ____D C:\Users\jarek\Documents\Custom Office Templates 2017-06-17 09:44 - 2017-08-26 16:18 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForjarek.job 2017-06-17 09:44 - 2017-08-26 11:03 - 000003186 ____N C:\Windows\System32\Tasks\HPCeeScheduleForjarek 2017-06-17 09:44 - 2017-06-17 09:44 - 000000000 ____D C:\Users\jarek\AppData\Local\HP_Inc ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-01 21:26 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-01 21:26 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-01 21:22 - 2017-05-12 15:44 - 000000000 ____D C:\Users\jarek\AppData\Roaming\GarenaPlus 2017-09-01 21:22 - 2017-05-12 15:44 - 000000000 ____D C:\ProgramData\GarenaMessenger 2017-09-01 21:20 - 2017-05-20 05:50 - 000003356 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service 2017-09-01 21:20 - 2017-05-12 16:31 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-09-01 21:20 - 2017-05-12 15:36 - 000000000 ____D C:\Program Files\KMSpico 2017-09-01 21:20 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-01 13:50 - 2017-05-20 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2017-09-01 13:50 - 2017-05-12 15:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-09-01 12:55 - 2009-07-14 13:13 - 000781298 ____N C:\Windows\system32\PerfStringBackup.INI 2017-09-01 12:55 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf 2017-08-30 20:56 - 2017-05-13 20:12 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Mozilla 2017-08-30 20:36 - 2017-05-13 19:58 - 000000000 ____D C:\ProgramData\BlueStacksSetup 2017-08-27 21:01 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF 2017-08-26 12:07 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache 2017-08-26 09:39 - 2017-05-12 14:28 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-26 09:39 - 2017-05-12 14:28 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-17 20:15 - 2017-05-12 14:25 - 000000000 ____D C:\Users\jarek 2017-08-17 20:14 - 2017-05-21 12:32 - 000000000 ____D C:\Windows\Minidump 2017-08-17 20:14 - 2017-05-12 14:44 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2017-08-17 20:14 - 2017-05-12 14:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2017-08-17 20:14 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration 2017-08-15 21:19 - 2017-05-13 12:40 - 000000000 ____D C:\Windows\SysWOW64\directx 2017-08-13 12:59 - 2017-05-20 19:41 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-08-08 19:59 - 2017-05-12 16:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-08 19:59 - 2017-05-12 16:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-08 19:59 - 2017-05-12 16:28 - 000004480 ____N C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-08 19:59 - 2017-05-12 16:28 - 000004324 ____N C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-08-08 19:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-08 19:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-06 18:01 - 2017-05-12 14:26 - 000000000 ____D C:\Users\jarek\AppData\Local\VirtualStore Some files in TEMP: ==================== 2017-08-13 12:38 - 2017-08-13 12:39 - 007850088 _____ (Microsoft Corporation) C:\Users\jarek\AppData\Local\Temp\BingBarSetup-Partner.exe 2017-07-13 18:45 - 2017-07-13 18:45 - 000460984 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170629to20170712.exe 2017-07-14 20:11 - 2017-07-14 20:11 - 000455912 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170712to20170714.exe 2017-07-27 10:01 - 2017-07-27 10:01 - 000462544 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170714to20170727_1.exe 2017-08-10 17:23 - 2017-08-10 17:23 - 000461432 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170727to20170810_2.exe 2017-08-24 19:19 - 2017-08-24 19:20 - 000465712 _____ () C:\Users\jarek\AppData\Local\Temp\PH_patch_20170810to20170824.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {04bc70dd-35ae-11e7-8e6c-f6e1b3d3e45e} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} path \windows\system32\winload.exe description Windows Recovery Environment locale en-gb inherit {bootloadersettings} custom:15000065 3 osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} systemroot \windows nx OptIn custom:250000c2 1 winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} nx OptIn Windows Boot Loader ------------------- identifier {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e} device ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi Device options -------------- identifier {04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\boot.sdi LastRegBack: 2017-06-12 15:56 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by jarek (01-09-2017 21:27:57) Running from C:\Users\jarek\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2017-05-12 06:25:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2947266498-225611615-1475648406-500 - Administrator - Disabled) Guest (S-1-5-21-2947266498-225611615-1475648406-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2947266498-225611615-1475648406-1002 - Limited - Enabled) jarek (S-1-5-21-2947266498-225611615-1475648406-1001 - Administrator - Enabled) => C:\Users\jarek ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform) Crossfire PH version 1231 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1231 - Gameclub) GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.19.3 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.7.27.15 - HP Inc.) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - ) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) PPSSPP version 1.4.2 (HKLM-x32\...\PPSSPP_is1) (Version: 1.4.2 - ) SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.5.171 - SHAREit Technologies Co.Ltd) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04A847D5-C8C6-4014-ABAE-C78E0A0D1212} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated) Task: {0C91F2AC-A18C-46B6-8C6E-44F0F7206600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {17611FD0-936E-424B-9EEF-A5D2048D74C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.) Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC" Task: {24533488-5CC9-4FCD-9275-5454307F388F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation) Task: {40C82AF3-43CC-48FA-A31D-FE819FEC2B8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.) Task: {47F32EBE-FB3B-4517-B5C2-D4C10010EE39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation) Task: {486A9A18-FF5B-45C7-9CBF-9DC6AB0682A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe Task: {5455D43A-5DA9-4CC9-A1B2-1325841119A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.) Task: {5A2B8F31-8538-4A83-84DC-39CF17D26647} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated) Task: {66B92E7F-97E0-4355-9A1B-82E9669FF428} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.) Task: {80CF7596-E6D2-4B37-8937-8E41D8443B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd) Task: {82C13354-39BE-4B94-ADA2-45B41E69C926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {85EDD8D6-23CC-4584-AC0F-6D2251B66D06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {910D1E07-4596-42C8-809A-EC2E216DFC41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.) Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe Task: {BCA2321A-9C6B-436B-8E67-1AFDCF741720} - System32\Tasks\HPCeeScheduleForjarek => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.) Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {C33B11FB-E581-4BD1-B6AF-94C0C67F9468} - System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F} => D:\GTA 4 Vice City\Tecsetup.exe Task: {C4C8DF7E-39C3-4FD3-9BBB-3E9420C94ED9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {D45FED2C-FEC2-49F9-A031-E7F45C47F1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation) Task: {E190336B-92F1-4101-93BC-5A3169809F95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation) Task: {ED1C5487-4ACD-4BD4-97A2-821703CFB82A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.) Task: {F63A759C-9344-487D-B02F-DAAEBBEB21DD} - System32\Tasks\Garena+ Plugin Host Service => D:\Garena Plus\ggdllhost.exe [2016-02-22] () Task: {F77AC097-9A59-48F1-96F2-A018796AA140} - System32\Tasks\{0F76952C-8374-46E8-A855-566EE328DEC7} => G:\Drive\GAMES\Assassin's Creed\Assassin's Creed Brotherhood\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForjarek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-12 14:35 - 2017-05-12 14:35 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-05-12 14:31 - 2015-08-16 00:21 - 000162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000174632 _____ () D:\Garena Plus\ggdllhost.exe 2017-05-12 15:44 - 2017-08-10 16:44 - 009184272 _____ () D:\Garena Plus\GarenaMessenger.exe 2017-08-26 09:39 - 2017-08-23 16:48 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libglesv2.dll 2017-08-26 09:39 - 2017-08-23 16:48 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libegl.dll 2017-05-12 15:44 - 2017-06-09 18:51 - 007334400 _____ () D:\Garena Plus\bbtalk\BBtalk.exe 2017-05-12 15:44 - 2017-06-23 18:10 - 002737384 _____ () D:\Garena Plus\ggspawn.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000116776 _____ () D:\Garena Plus\CommonLib.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000045608 _____ () D:\Garena Plus\DibModule.dll 2017-05-12 15:44 - 2017-08-30 12:49 - 000046704 _____ () D:\Garena Plus\VersionModule.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000063528 _____ () D:\Garena Plus\FileLoader.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000099368 _____ () D:\Garena Plus\PluginKernel.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000499240 _____ () D:\Garena Plus\CxImage.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000037416 _____ () D:\Garena Plus\PluginModule.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000182824 _____ () D:\Garena Plus\lib\fs\YYFileSystem.dll 2017-05-12 15:44 - 2016-06-24 20:05 - 000379744 _____ () D:\Garena Plus\lib\Http.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000196648 _____ () D:\Garena Plus\lib\MP3Module.dll 2017-05-12 15:44 - 2012-02-22 16:52 - 000162304 _____ () D:\Garena Plus\lame_enc.DLL 2017-05-12 15:44 - 2016-03-03 21:58 - 000231976 _____ () D:\Garena Plus\lib\TaskManagerLib.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000164392 _____ () D:\Garena Plus\lib\UILayout.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000970280 _____ () D:\Garena Plus\lib\XLL.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000067112 _____ () D:\Garena Plus\lib\XmlUIModule.dll 2017-05-12 15:44 - 2012-02-22 16:52 - 000573100 _____ () D:\Garena Plus\sqlite3.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000237608 _____ () D:\Garena Plus\Plugins\StatsPlugin.dll 2017-05-12 15:44 - 2017-08-30 12:49 - 002110480 _____ () D:\Garena Plus\Plugins\ggplugin.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000204840 _____ () D:\Garena Plus\ImageModule.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000167464 _____ () D:\Garena Plus\libmpg123.dll 2017-05-12 15:44 - 2016-08-29 15:48 - 004892664 _____ () D:\Garena Plus\ggdownloader.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000077864 _____ () D:\Garena Plus\lib\delay_load\AudioMixerLib.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000028712 _____ () D:\Garena Plus\lib\delay_load\ClientTcp.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 001557544 _____ () D:\Garena Plus\lib\delay_load\FileSender.dll 2017-05-12 15:44 - 2013-02-01 13:42 - 000153088 _____ () D:\Garena Plus\libzmq.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000968232 _____ () D:\Garena Plus\lib\delay_load\GaFileTransfer.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000257064 _____ () D:\Garena Plus\lib\delay_load\MediaEngine.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000038440 _____ () D:\Garena Plus\ServerMemAlloc.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000528936 _____ () D:\Garena Plus\lib\delay_load\RSALib.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000080424 _____ () D:\Garena Plus\lib\delay_load\UdtLib.dll 2017-05-12 15:44 - 2016-03-17 21:18 - 000113192 _____ () D:\Garena Plus\Plugins\PlatformPlugin.dll 2017-05-12 15:44 - 2016-11-30 21:35 - 000242680 _____ () D:\Garena Plus\Plugins\PluginNews.dll 2017-05-12 15:44 - 2016-03-17 21:18 - 000410152 _____ () D:\Garena Plus\Plugins\GarenaTalkPlugin.dll 2017-05-12 15:44 - 2016-11-10 14:00 - 000237560 _____ () D:\Garena Plus\Plugins\GameSalePlugin.dll 2017-05-12 14:35 - 2017-05-12 14:35 - 008903232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-05-12 15:44 - 2016-10-25 21:05 - 000079824 _____ () D:\Garena Plus\bbtalk\InputHook.dll 2017-05-12 15:44 - 2017-05-25 16:47 - 002499024 _____ () D:\Garena Plus\bbtalk\Overlay.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000075304 _____ () D:\Garena Plus\bbtalk\PluginKernel.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000116264 _____ () D:\Garena Plus\bbtalk\CommonLib.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000046032 _____ () D:\Garena Plus\bbtalk\DibModule.dll 2017-05-12 15:44 - 2017-01-13 21:16 - 000394744 _____ () D:\Garena Plus\bbtalk\ImageModule.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000053752 _____ () D:\Garena Plus\bbtalk\lollauncher.dll 2017-05-12 15:44 - 2017-06-09 19:07 - 000026112 _____ () D:\Garena Plus\bbtalk\VersionModule.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000460184 _____ () D:\Garena Plus\bbtalk\sqlite3.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000120872 _____ () D:\Garena Plus\bbtalk\lib\AudioMixerLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000042024 _____ () D:\Garena Plus\bbtalk\lib\ChannelUrlDll.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000436776 _____ () D:\Garena Plus\bbtalk\lib\exchndl.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000089592 _____ () D:\Garena Plus\bbtalk\lib\FileManager.dll 2017-05-12 15:44 - 2016-10-25 21:05 - 000065064 _____ () D:\Garena Plus\bbtalk\FileSystem.dll 2017-05-12 15:44 - 2016-10-13 16:41 - 000387024 _____ () D:\Garena Plus\bbtalk\lib\Http.dll 2017-05-12 15:44 - 2016-10-13 16:41 - 000059856 _____ () D:\Garena Plus\bbtalk\lib\InputHookLib.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000054736 _____ () D:\Garena Plus\bbtalk\lib\IPCLib.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000067624 _____ () D:\Garena Plus\bbtalk\lib\LangLib.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000102864 _____ () D:\Garena Plus\bbtalk\audiohost.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000146984 _____ () D:\Garena Plus\bbtalk\lib\MessagePumpLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000042536 _____ () D:\Garena Plus\bbtalk\lib\MP3Saver.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000250408 _____ () D:\Garena Plus\bbtalk\libmp3lame.DLL 2017-05-12 15:44 - 2016-09-23 19:06 - 001060344 _____ () D:\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000068648 _____ () D:\Garena Plus\bbtalk\lib\ResLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000111144 _____ () D:\Garena Plus\bbtalk\PngModule.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000139816 _____ () D:\Garena Plus\bbtalk\lib\TcpClient.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000149544 _____ () D:\Garena Plus\bbtalk\lib\UdpClient.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000122920 _____ () D:\Garena Plus\bbtalk\lib\UILayout.dll 2017-05-12 15:44 - 2017-06-09 18:53 - 000868904 _____ () D:\Garena Plus\bbtalk\lib\UILib.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000068560 _____ () D:\Garena Plus\bbtalk\lib\XmlUIModule.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: KeepVidProUpdateHelper.exe => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe MSCONFIG\startupreg: uTorrent => "C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D17D47BA-86AF-4062-B50F-00332781C0F0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{8A170E17-A7CC-4383-9AC1-106AACD75B36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4F667105-194C-42E5-92E3-2CDEA35CD541}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{84E59EF1-402B-445E-80E0-E18E337B7575}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{9366F3BA-16EB-445A-8AEF-E0DB17BB8AFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{F6C8413C-7526-43E8-9353-BAE5302FDAC6}] => (Allow) C:\Users\jarek\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{2E9408BA-0A56-4294-BA6B-52E448FEEDFA}] => (Allow) LPort=1688 FirewallRules: [TCP Query User{DF4C4EF9-2792-4C46-951E-7DB444BCEDDD}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe FirewallRules: [UDP Query User{8D7A6EA7-3530-4A8B-9D78-26EE08EB7913}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe FirewallRules: [{D6C0B2E0-3718-426B-A608-237CF4E71709}] => (Allow) LPort=8370 FirewallRules: [{8115AA1A-A3A5-4FDC-8EF8-9967265D0A20}] => (Allow) LPort=8370 FirewallRules: [{763DC8B6-20D3-4258-BC04-1923495FD0CD}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{7D35D09A-31E8-4338-996C-71024BA2E97B}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{C880E837-9389-471F-93A1-96C40C859130}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [{DCB79C30-E7E8-46F9-85C5-C6146F52D6D8}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [TCP Query User{BB00C0FF-55D2-4CB6-8DE0-40AE189A1EC3}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe FirewallRules: [UDP Query User{6DEC2523-1E03-4A72-BB63-CA4CD6CE0992}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe FirewallRules: [TCP Query User{95E61927-A0E8-48EA-A830-9C685E1F8C9D}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe FirewallRules: [UDP Query User{EA68048E-07B3-4C73-985E-5CED073459EB}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe FirewallRules: [{C20CCBD6-20C3-4B54-8FD3-DF0E981282D2}] => (Allow) LPort=1689 FirewallRules: [TCP Query User{017D7C5A-1252-4E29-9C24-71B6EFFFCE55}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe FirewallRules: [UDP Query User{D27A24E2-A12F-4333-B11D-276F5C671C4A}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe FirewallRules: [{1FB96FDD-CAD2-490F-986D-B79400C701AB}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71BCCA2E-D91C-42F0-94C3-49F7A62E83B1}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{63D2FF4D-33F8-4B51-BC98-113489BD5232}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EE2E0FFE-389B-4157-BF9A-458E9D542188}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{ED1235EC-F65C-4F87-8006-A8BDD5EF2D2C}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{954DE557-13A2-45C0-911F-FC72F234FDF5}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B2D37D98-071F-45A5-ACA1-01736857F20A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{294A749B-7020-4009-A9F3-0C1632B0F4F3}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{3ADDEC37-BBAE-44D2-9E5A-69B198175C0F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{11D7F6D2-2081-4303-96E4-A95B886AED56}] => (Allow) LPort=1688 FirewallRules: [{E8337313-6A71-44BE-9F65-4F4F58A9BAA7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{521492FA-96A1-4A9C-B835-E87D147332C4}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{A77EA475-694A-4939-B194-22378F64A3DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{12857F06-F9DB-4D02-896A-DE0954B13F51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 15-08-2017 21:18:38 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 15-08-2017 21:24:07 Windows Defender Checkpoint 26-08-2017 12:05:15 Scheduled Checkpoint 01-09-2017 13:50:11 Installed Grand Theft Auto Vice City ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2017 09:22:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/01/2017 09:22:19 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/01/2017 09:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/01/2017 09:20:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "D:\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/01/2017 09:20:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "D:\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/01/2017 08:54:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411 Exception code: 0xc0000005 Fault offset: 0x001a9fd6 Faulting process id: 0x684 Faulting application start time: 0x01d3232176c97018 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: bd7af1c2-8f14-11e7-a51b-c9143623fe4f Error: (09/01/2017 08:54:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/01/2017 08:53:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.1169, time stamp: 0x599723f1 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411 Exception code: 0xc0000005 Fault offset: 0x001a9fd6 Faulting process id: 0x508 Faulting application start time: 0x01d323214b42e6b5 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 93f8f2fb-8f14-11e7-a51b-c9143623fe4f Error: (09/01/2017 08:53:09 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "D:\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/01/2017 08:53:08 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "D:\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (09/01/2017 09:20:15 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (09/01/2017 08:53:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 45% Total physical RAM: 3999.19 MB Available physical RAM: 2170.46 MB Total Virtual: 7996.58 MB Available Virtual: 6112.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:102.05 GB) (Free:43.43 GB) NTFS Drive d: () (Fixed) (Total:195.55 GB) (Free:169.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA0A7A18) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=102.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Jarek Posted September 10, 2017 Author ID:1162174 Share Posted September 10, 2017 Its been a while....And I still don't know if my laptop is clean or not Link to post Share on other sites More sharing options...
Valinorum Posted September 11, 2017 ID:1162414 Share Posted September 11, 2017 I am really sorry for the delay. Step # Run Malwarebytes' Anti-Rootkit Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.Update the program if asked. In the Scan System option check all the boxes and click on Scan. Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked. After the clean-up process; locate two logs in the mbar folder namely--mbar-log-scan-date.txt; and system-log.txt Copy and paste the contents of the log in your next reply. Step # ESET Online Scanner Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. Download esetsmartinstaller_enu.exe by clicking here. Right-click on the program and choose Run as administrator. Accept their terms and condition and proceed. Install Add-On/Active X if prompted. From the Computer Scan Setting check the following box --Enable detection for potentially unwanted programs Click on Advanced Setting -- Check the box beside Remove Found Threats; Check the box beside Scan archives Check the box beside Scan for potentially unsafe applications Check the box beside Enable Anti-Stealth Technology Click on Start and wait for the virus signature database to update. The online scan will begin automatically and can take several hours. Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall. After the Scan finishes -- If no threats were found:Put a checkmark in Uninstall application on close. Close the program and report that nothing was found If threats were found:Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit). Copy and Paste contents of the log file in your next reply. Note: Enable your security programs afterwards. Link to post Share on other sites More sharing options...
Jarek Posted September 12, 2017 Author ID:1162793 Share Posted September 12, 2017 Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.09.12.05 rootkit: v2017.08.02.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 jarek :: JAREK [administrator] 9/12/2017 8:46:34 PM mbar-log-2017-09-12 (20-46-34).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 246489 Time elapsed: 21 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) -------------------------------------------------------- --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.094000 GHz Memory total: 4193456128, free: 1464090624 Downloaded database version: v2017.09.12.05 Downloaded database version: v2017.08.02.01 Downloaded database version: v2017.09.01.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 09/12/2017 20:46:23 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\BazisVirtualCDBus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\VSTAZL6.SYS \SystemRoot\system32\DRIVERS\VSTDPV6.SYS \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\urlmon.dll \Windows\System32\gdi32.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\oleaut32.dll \Windows\System32\lpk.dll \Windows\System32\imagehlp.dll \Windows\System32\usp10.dll \Windows\System32\nsi.dll \Windows\System32\Wldap32.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\msctf.dll \Windows\System32\sechost.dll \Windows\System32\advapi32.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\kernel32.dll \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\comdlg32.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2017.09.12.05 rootkit: v2017.08.02.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c39060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c38410, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c39060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046c7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: AA0A7A18 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 214016000 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 215042048 Numsec = 410097664 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8005a58790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005a57b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005a58790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005a3eb60, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\ ------------ End ---------- File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CB56443CBD1BAA73481DFCF1FCDFCF1B0BE17893.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-215042048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished Link to post Share on other sites More sharing options...
Jarek Posted September 13, 2017 Author ID:1163104 Share Posted September 13, 2017 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # end=init # utc_time=2017-09-12 01:22:17 # local_time=2017-09-12 09:22:17 (+0800, China Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Finalize Updated modules version: 34714 Update Init Update Download Update Finalize Updated modules version: 34714 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # end=updated # utc_time=2017-09-12 01:49:45 # local_time=2017-09-12 09:49:45 (+0800, China Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # engine=34714 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-09-12 02:26:52 # local_time=2017-09-12 10:26:52 (+0800, China Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 260813 256856262 0 0 # scanned=38042 # found=11 # cleaned=0 # scan_time=2226 sh=41F15B900A5900DF198B13F880B55FFD9F57BF9A ft=1 fh=472a2c58ae44d803 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe" sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll" sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\KMSAuto Net.exe" sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\bin\TunMirror.exe" sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\ProgramData\KMSAuto\bin\TunMirror2.exe" sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\KMSAuto Net.exe" sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror.exe" sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror2.exe" sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm" ac=I fn="C:\Users\jarek\AppData\Roaming\lnjbt\jdjucfy.js" sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm" ac=I fn="C:\Users\jarek\AppData\Roaming\ohrakfvy\qutdnd.js" sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=7ec746d6559b765e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jarek\Downloads\ccsetup533.exe" ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # end=init # utc_time=2017-09-13 11:34:15 # local_time=2017-09-13 07:34:15 (+0800, China Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 34728 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # end=updated # utc_time=2017-09-13 11:35:26 # local_time=2017-09-13 07:35:26 (+0800, China Standard Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=df6ac53b15c06a408dff80aa14fb0fa1 # engine=34728 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2017-09-13 01:00:37 # local_time=2017-09-13 09:00:37 (+0800, China Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 342038 256937487 0 0 # scanned=129492 # found=12 # cleaned=9 # scan_time=5111 sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\KMSAuto Net.exe" sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror.exe" sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application" ac=I fn="C:\Users\All Users\KMSAuto\bin\TunMirror2.exe" sh=41F15B900A5900DF198B13F880B55FFD9F57BF9A ft=1 fh=472a2c58ae44d803 vn="a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application (cleaned by deleting (after the next restart))" ac=C fn="C:\Program Files\KMSpico\Service_KMS.exe" sh=9AD987AED677A595CB6CB507A12A014989D4E597 ft=1 fh=3db0605f8b34f591 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll" sh=426DC93FA10D28CA6B93F851300026C0F58128C5 ft=1 fh=83535894ac5fb546 vn="a variant of MSIL/HackKMS.I potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\KMSAuto Net.exe" sh=1788775E01C6A73349BBC28708CD7227FC605E88 ft=1 fh=7b79c2527e515632 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\bin\TunMirror.exe" sh=9287D5212673CA8CD31AA2ED88ADA73184E7E981 ft=1 fh=5c5ffac21db3a4d7 vn="a variant of MSIL/HackTool.TunMirror.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\ProgramData\KMSAuto\bin\TunMirror2.exe" sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm (cleaned by deleting)" ac=C fn="C:\Users\jarek\AppData\Roaming\lnjbt\jdjucfy.js" sh=E6566643A5B6632FBC46D810AABC2196A88C8342 ft=0 fh=0000000000000000 vn="JS/Bondat.AN worm (cleaned by deleting)" ac=C fn="C:\Users\jarek\AppData\Roaming\ohrakfvy\qutdnd.js" sh=C705C0B0210EBDA6A3301C6CA9C6091B2EE11D5B ft=1 fh=7ec746d6559b765e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\jarek\Downloads\ccsetup533.exe" sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potentially unsafe application (cleaned by deleting)" ac=C fn="D:\Windows 7 Loader\Windows Loader\Windows Loader\Windows Loader.exe" Link to post Share on other sites More sharing options...
Valinorum Posted September 13, 2017 ID:1163154 Share Posted September 13, 2017 Looks like they removed quite a lot. Please, post a fresh set of FRST scan logs. Link to post Share on other sites More sharing options...
Jarek Posted September 14, 2017 Author ID:1163364 Share Posted September 14, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02 Ran by jarek (administrator) on JAREK (14-09-2017 16:06:34) Running from C:\Users\jarek\Downloads Loaded Profiles: jarek (Available Profiles: jarek) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () D:\Garena Plus\ggdllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe () D:\Garena Plus\GarenaMessenger.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () D:\Garena Plus\ggdllhost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe () D:\Garena Plus\bbtalk\BBTalk.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [9183064 2017-09-11] () HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{278E98EB-612A-4C27-851A-7A55D5B16E50}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation) Handler: WSKVAllmytubechrome - No CLSID Value Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: i2mie363.default FF ProfilePath: C:\Users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\i2mie363.default [2017-09-03] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-12] (Microsoft Corporation) FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-12] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default [2017-09-14] CHR Extension: (Google Slides) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12] CHR Extension: (Google Docs) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12] CHR Extension: (Google Drive) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12] CHR Extension: (YouTube) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12] CHR Extension: (Google Sheets) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12] CHR Extension: (Google Docs Offline) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12] CHR Extension: (AdBlock) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12] CHR Extension: (Chrome Media Router) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07] CHR HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. ) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys ==> MD5 is legit C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys 09391BA416AA29682298A612FDFDD7B8 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 4FC8D35A60FD9D989AF412EA2AEDF8C0 C:\Program Files (x86)\BlueStacks\BstkDrv.sys 7DB8EE09821A6D81A19A6591C9B8AA3A C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\MBAMSwissArmy.sys 94FCA94EE7937EA3ED75F39DE4C8E292 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\npf.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8 C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04 C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-14 16:06 - 2017-09-14 16:07 - 000027656 _____ C:\Users\jarek\Downloads\FRST.txt 2017-09-14 16:06 - 2017-09-14 16:06 - 000000000 ____D C:\Users\jarek\Downloads\FRST-OlderVersion 2017-09-12 21:09 - 2017-09-12 21:09 - 000000000 ____D C:\Program Files (x86)\ESET 2017-09-12 20:46 - 2017-09-12 21:09 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-09-12 20:43 - 2017-09-12 20:43 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-09-12 20:42 - 2017-09-12 21:09 - 000000000 ____D C:\Users\jarek\Desktop\mbar 2017-09-12 20:42 - 2017-09-12 20:50 - 002870984 _____ (ESET) C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe 2017-09-12 20:41 - 2017-09-12 20:42 - 016563352 _____ (Malwarebytes Corp.) C:\Users\jarek\Downloads\mbar-1.09.3.1001.exe 2017-09-09 11:19 - 2017-09-09 11:19 - 000021333 _____ C:\Users\jarek\Downloads\Application Form.html 2017-09-09 10:38 - 2017-09-09 11:54 - 000000000 ____D C:\Users\jarek\Downloads\Application Form_files 2017-09-07 19:12 - 2017-09-08 18:53 - 000000176 _____ C:\Users\jarek\Documents\yulex scoreboard (dont delete...).txt 2017-09-06 19:05 - 2017-09-07 18:15 - 000000135 _____ C:\Users\jarek\Documents\scoreboard (alexa) (do not delete).txt 2017-09-02 11:14 - 2017-09-02 11:14 - 000000641 _____ C:\Users\jarek\Desktop\GTA Vice City.lnk 2017-09-01 21:16 - 2017-09-01 21:16 - 000002190 _____ C:\Users\jarek\Documents\Malware report.txt 2017-09-01 20:56 - 2017-09-14 14:39 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-01 20:56 - 2017-09-01 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-01 20:55 - 2017-09-14 16:06 - 000000000 ____D C:\FRST 2017-09-01 20:48 - 2017-09-01 20:56 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-01 20:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-01 20:43 - 2017-09-01 20:46 - 066347240 _____ (Malwarebytes ) C:\Users\jarek\Downloads\mb3-setup-consumer-3.2.2.2018.exe 2017-09-01 20:40 - 2017-09-14 16:06 - 002398208 _____ (Farbar) C:\Users\jarek\Downloads\FRST64.exe 2017-09-01 13:30 - 2017-09-01 13:30 - 000000000 _____ C:\autoexec.bat 2017-08-30 20:56 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Mozilla 2017-08-30 20:51 - 2017-08-30 21:01 - 000000000 ____D C:\Users\jarek\AppData\Local\Mozilla 2017-08-30 20:51 - 2017-08-30 20:51 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-08-30 20:51 - 2017-08-30 20:51 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-08-30 20:51 - 2017-08-30 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-30 20:39 - 2017-08-30 20:39 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Google 2017-08-20 18:30 - 2017-08-20 18:31 - 000000000 ____D C:\Users\Public\Documents\GTA Vice City User Files 2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} 2017-08-20 18:26 - 2017-08-20 18:26 - 000002922 ____N C:\Windows\System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F} 2017-08-20 18:14 - 2017-09-02 14:08 - 000000000 ____D C:\Users\jarek\Documents\GTA Vice City User Files 2017-08-20 08:30 - 2017-09-13 20:59 - 000000000 ___HD C:\Users\jarek\AppData\Roaming\ohrakfvy 2017-08-18 07:45 - 2017-08-18 07:45 - 000000000 ____D C:\Users\jarek\AppData\Local\ASHelper 2017-08-17 20:13 - 2017-08-17 20:13 - 000000000 ____D C:\Users\jarek\AppData\Local\ElevatedDiagnostics 2017-08-16 11:54 - 2017-08-16 11:54 - 3730374656 ____N C:\Users\jarek\Downloads\Call of Duty 3 (USA).iso 2017-08-16 07:21 - 2017-08-20 18:56 - 000000000 ____D C:\Users\jarek\Documents\PCSX2 2017-08-15 21:18 - 2017-08-15 21:20 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0 2017-08-15 21:18 - 2017-08-15 21:18 - 000001939 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk 2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-15 21:18 - 2017-08-15 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2017-08-15 21:16 - 2017-08-15 21:17 - 017837152 _____ C:\Users\jarek\Downloads\pcsx2-1.4.0-setup.exe 2017-08-13 12:59 - 2017-08-13 13:08 - 000000000 ____D C:\Users\jarek\Documents\GTA3 User Files 2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} 2017-08-13 12:25 - 2017-08-13 12:25 - 000002926 ____N C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} 2017-08-13 12:21 - 2017-08-13 12:21 - 000003226 ____N C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} 2017-08-12 18:28 - 2017-08-12 18:28 - 000000012 _____ C:\Users\jarek\Documents\aw.txt 2017-08-06 18:00 - 2017-08-06 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City [Full] 2017-08-02 21:35 - 2017-08-05 11:12 - 000000000 ____D C:\Users\jarek\Downloads\Linkin Park 2017-07-28 23:38 - 2017-09-02 11:00 - 000000000 ____D C:\Users\jarek\Downloads\Games 2017-07-28 23:37 - 2017-08-16 20:24 - 000000000 ____D C:\Users\jarek\Downloads\UE 2017-07-26 18:21 - 2017-09-12 20:46 - 000000000 ____D C:\ProgramData\MALWAREBYTES 2017-07-26 18:15 - 2017-07-26 18:15 - 000000000 ____D C:\Program Files\Malwarebytes 2017-07-26 07:20 - 2017-07-26 07:23 - 000000000 ____D C:\Users\jarek\Downloads\SHAREit 2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Umeng 2017-07-26 07:20 - 2017-07-26 07:20 - 000000000 ____D C:\Users\jarek\AppData\Local\SHAREit Technologies 2017-07-26 07:19 - 2017-07-26 07:19 - 000001206 _____ C:\Users\Public\Desktop\SHAREit.lnk 2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit 2017-07-26 07:19 - 2017-07-26 07:19 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies 2017-07-25 14:42 - 2017-07-25 16:04 - 000000000 ____D C:\Users\jarek\AppData\Roaming\audacity 2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\Users\Public\Desktop\Audacity.lnk 2017-07-25 14:42 - 2017-07-25 14:42 - 000000544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-07-25 14:42 - 2017-07-25 14:42 - 000000000 ____D C:\Users\jarek\AppData\Local\Audacity 2017-07-24 13:42 - 2017-09-13 20:59 - 000000000 ____D C:\Users\jarek\AppData\Roaming\lnjbt 2017-07-23 10:24 - 2017-07-23 10:24 - 000000932 ____N C:\Users\jarek\Desktop\PPSSPP.lnk 2017-07-19 21:37 - 2017-07-19 21:42 - 000000000 ____D C:\Users\jarek\Documents\Biology 2017-07-03 16:41 - 2017-07-03 16:41 - 000000000 ____D C:\Windows\system32\appmgmt 2017-07-02 09:16 - 2017-07-02 09:16 - 000000000 ____D C:\Users\jarek\AppData\LocalLow\Critical Force 2017-07-02 08:52 - 2017-07-02 08:52 - 000000000 ____D C:\Users\Public\Facebook Games 2017-06-30 20:12 - 2017-07-03 16:41 - 000000000 ____D C:\Users\jarek\AppData\Local\Facebook 2017-06-24 09:27 - 2017-08-23 18:47 - 000000000 ____D C:\Users\jarek\Documents\PPSSPP 2017-06-24 09:27 - 2017-06-24 09:27 - 000000547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk 2017-06-20 18:02 - 2017-06-20 18:02 - 000000000 ____D C:\Users\jarek\Documents\Custom Office Templates 2017-06-17 09:44 - 2017-08-26 16:18 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForjarek.job 2017-06-17 09:44 - 2017-08-26 11:03 - 000003186 ____N C:\Windows\System32\Tasks\HPCeeScheduleForjarek 2017-06-17 09:44 - 2017-06-17 09:44 - 000000000 ____D C:\Users\jarek\AppData\Local\HP_Inc ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-14 14:46 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-14 14:46 - 2009-07-14 12:45 - 000026352 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-14 14:42 - 2017-05-12 15:44 - 000000000 ____D C:\Users\jarek\AppData\Roaming\GarenaPlus 2017-09-14 14:42 - 2017-05-12 15:44 - 000000000 ____D C:\ProgramData\GarenaMessenger 2017-09-14 14:39 - 2017-05-20 05:50 - 000003356 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service 2017-09-14 14:38 - 2017-05-12 15:36 - 000000000 ____D C:\Program Files\KMSpico 2017-09-14 14:38 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-13 20:59 - 2017-05-12 15:35 - 000000000 ____D C:\ProgramData\KMSAuto 2017-09-13 19:58 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-13 19:58 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf 2017-09-12 20:59 - 2017-05-12 16:28 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-12 20:59 - 2017-05-12 16:28 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-09-12 20:59 - 2017-05-12 16:28 - 000004468 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-09-12 20:59 - 2017-05-12 16:28 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-09-12 20:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-12 20:59 - 2017-05-12 16:28 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-10 10:30 - 2017-05-13 19:58 - 000000000 ____D C:\ProgramData\BlueStacksSetup 2017-09-06 16:48 - 2017-05-12 14:28 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-06 16:48 - 2017-05-12 14:28 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-02 23:58 - 2017-05-12 16:31 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-09-01 22:50 - 2017-05-12 16:31 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-09-01 22:50 - 2017-05-12 16:26 - 000000000 ____D C:\Users\jarek\AppData\Local\Adobe 2017-09-01 13:50 - 2017-05-20 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2017-09-01 13:50 - 2017-05-12 15:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-30 20:56 - 2017-05-13 20:12 - 000000000 ____D C:\Users\jarek\AppData\Roaming\Mozilla 2017-08-27 21:01 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\system32\NDF 2017-08-26 12:07 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\rescache 2017-08-17 20:15 - 2017-05-12 14:25 - 000000000 ____D C:\Users\jarek 2017-08-17 20:14 - 2017-05-21 12:32 - 000000000 ____D C:\Windows\Minidump 2017-08-17 20:14 - 2017-05-12 14:44 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2017-08-17 20:14 - 2017-05-12 14:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2017-08-17 20:14 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\registration 2017-08-15 21:19 - 2017-05-13 12:40 - 000000000 ____D C:\Windows\SysWOW64\directx ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {04bc70dd-35ae-11e7-8e6c-f6e1b3d3e45e} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} path \windows\system32\winload.exe description Windows Recovery Environment locale en-gb inherit {bootloadersettings} custom:15000065 3 osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} systemroot \windows nx OptIn custom:250000c2 1 winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} nx OptIn Windows Boot Loader ------------------- identifier {04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e} device ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\Winre.wim,{04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {04bc70df-35ae-11e7-8e6c-f6e1b3d3e45e} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {04bc70de-35ae-11e7-8e6c-f6e1b3d3e45e} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi Device options -------------- identifier {04bc70e2-35ae-11e7-8e6c-f6e1b3d3e45e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\04bc70e1-35ae-11e7-8e6c-f6e1b3d3e45e\boot.sdi LastRegBack: 2017-06-12 15:56 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02 Ran by jarek (14-09-2017 16:07:38) Running from C:\Users\jarek\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2017-05-12 06:25:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2947266498-225611615-1475648406-500 - Administrator - Disabled) Guest (S-1-5-21-2947266498-225611615-1475648406-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2947266498-225611615-1475648406-1002 - Limited - Enabled) jarek (S-1-5-21-2947266498-225611615-1475648406-1001 - Administrator - Enabled) => C:\Users\jarek ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated) Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) Crossfire PH version 1231 (HKLM-x32\...\{816BF8B4-A8BA-41EC-9ABB-6498E2AFF574}_is1) (Version: 1231 - Gameclub) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.19.3 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.7.27.15 - HP Inc.) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - ) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) PPSSPP version 1.4.2 (HKLM-x32\...\PPSSPP_is1) (Version: 1.4.2 - ) SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.5.171 - SHAREit Technologies Co.Ltd) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04A847D5-C8C6-4014-ABAE-C78E0A0D1212} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated) Task: {0C91F2AC-A18C-46B6-8C6E-44F0F7206600} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {17611FD0-936E-424B-9EEF-A5D2048D74C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.) Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC" Task: {24533488-5CC9-4FCD-9275-5454307F388F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation) Task: {40C82AF3-43CC-48FA-A31D-FE819FEC2B8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.) Task: {47F32EBE-FB3B-4517-B5C2-D4C10010EE39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation) Task: {486A9A18-FF5B-45C7-9CBF-9DC6AB0682A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe Task: {5455D43A-5DA9-4CC9-A1B2-1325841119A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.) Task: {5A2B8F31-8538-4A83-84DC-39CF17D26647} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-12] (Adobe Systems Incorporated) Task: {66B92E7F-97E0-4355-9A1B-82E9669FF428} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-04-06] (HP Inc.) Task: {80CF7596-E6D2-4B37-8937-8E41D8443B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd) Task: {82C13354-39BE-4B94-ADA2-45B41E69C926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {85EDD8D6-23CC-4584-AC0F-6D2251B66D06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {884A0A81-6E23-458E-84FF-978CC8C923D9} - System32\Tasks\Garena+ Plugin Host Service => D:\Garena Plus\ggdllhost.exe [2016-02-22] () Task: {910D1E07-4596-42C8-809A-EC2E216DFC41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-12] (Google Inc.) Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe Task: {BCA2321A-9C6B-436B-8E67-1AFDCF741720} - System32\Tasks\HPCeeScheduleForjarek => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.) Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {C33B11FB-E581-4BD1-B6AF-94C0C67F9468} - System32\Tasks\{603B553D-3644-412E-A9AE-6006B763455F} => D:\GTA 4 Vice City\Tecsetup.exe Task: {C4C8DF7E-39C3-4FD3-9BBB-3E9420C94ED9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {D45FED2C-FEC2-49F9-A031-E7F45C47F1AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation) Task: {E190336B-92F1-4101-93BC-5A3169809F95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation) Task: {ED1C5487-4ACD-4BD4-97A2-821703CFB82A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.) Task: {F77AC097-9A59-48F1-96F2-A018796AA140} - System32\Tasks\{0F76952C-8374-46E8-A855-566EE328DEC7} => G:\Drive\GAMES\Assassin's Creed\Assassin's Creed Brotherhood\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForjarek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-12 14:35 - 2017-05-12 14:35 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-05-12 14:31 - 2015-08-16 00:21 - 000162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000174632 _____ () D:\Garena Plus\ggdllhost.exe 2017-05-12 15:44 - 2017-09-11 21:02 - 009183064 _____ () D:\Garena Plus\GarenaMessenger.exe 2017-05-12 15:44 - 2017-06-09 18:51 - 007334400 _____ () D:\Garena Plus\bbtalk\BBtalk.exe 2017-09-06 16:48 - 2017-09-04 16:12 - 002692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libglesv2.dll 2017-09-06 16:48 - 2017-09-04 16:12 - 000138584 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\swiftshader\libegl.dll 2017-05-12 15:44 - 2017-06-23 18:10 - 002737384 _____ () D:\Garena Plus\ggspawn.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000116776 _____ () D:\Garena Plus\CommonLib.dll 2017-05-12 15:44 - 2017-09-11 21:02 - 000045392 _____ () D:\Garena Plus\DibModule.dll 2017-05-12 15:44 - 2017-09-12 13:21 - 000046928 _____ () D:\Garena Plus\VersionModule.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000063528 _____ () D:\Garena Plus\FileLoader.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000099368 _____ () D:\Garena Plus\PluginKernel.dll 2017-05-12 15:44 - 2016-02-22 19:24 - 000499240 _____ () D:\Garena Plus\CxImage.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000037416 _____ () D:\Garena Plus\PluginModule.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000182824 _____ () D:\Garena Plus\lib\fs\YYFileSystem.dll 2017-05-12 15:44 - 2016-06-24 20:05 - 000379744 _____ () D:\Garena Plus\lib\Http.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000196648 _____ () D:\Garena Plus\lib\MP3Module.dll 2017-05-12 15:44 - 2012-02-22 16:52 - 000162304 _____ () D:\Garena Plus\lame_enc.DLL 2017-05-12 15:44 - 2016-03-03 21:58 - 000231976 _____ () D:\Garena Plus\lib\TaskManagerLib.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000164392 _____ () D:\Garena Plus\lib\UILayout.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000970280 _____ () D:\Garena Plus\lib\XLL.dll 2017-05-12 15:44 - 2017-09-11 21:03 - 000066904 _____ () D:\Garena Plus\lib\XmlUIModule.dll 2017-05-12 15:44 - 2012-02-22 16:52 - 000573100 _____ () D:\Garena Plus\sqlite3.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000237608 _____ () D:\Garena Plus\Plugins\StatsPlugin.dll 2017-05-12 15:44 - 2017-09-11 21:03 - 002178896 _____ () D:\Garena Plus\Plugins\ggplugin.dll 2017-05-12 15:44 - 2017-09-11 21:02 - 000204632 _____ () D:\Garena Plus\ImageModule.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000167464 _____ () D:\Garena Plus\libmpg123.dll 2017-05-12 15:44 - 2016-08-29 15:48 - 004892664 _____ () D:\Garena Plus\ggdownloader.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000077864 _____ () D:\Garena Plus\lib\delay_load\AudioMixerLib.dll 2017-05-12 15:44 - 2017-09-11 21:03 - 000028504 _____ () D:\Garena Plus\lib\delay_load\ClientTcp.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 001557544 _____ () D:\Garena Plus\lib\delay_load\FileSender.dll 2017-05-12 15:44 - 2013-02-01 13:42 - 000153088 _____ () D:\Garena Plus\libzmq.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000968232 _____ () D:\Garena Plus\lib\delay_load\GaFileTransfer.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000257064 _____ () D:\Garena Plus\lib\delay_load\MediaEngine.dll 2017-05-12 15:44 - 2016-02-22 19:25 - 000038440 _____ () D:\Garena Plus\ServerMemAlloc.dll 2017-05-12 15:44 - 2016-03-03 21:58 - 000528936 _____ () D:\Garena Plus\lib\delay_load\RSALib.dll 2017-05-12 15:44 - 2017-09-11 21:03 - 000080208 _____ () D:\Garena Plus\lib\delay_load\UdtLib.dll 2017-05-12 15:44 - 2016-03-17 21:18 - 000113192 _____ () D:\Garena Plus\Plugins\PlatformPlugin.dll 2017-05-12 15:44 - 2016-11-30 21:35 - 000242680 _____ () D:\Garena Plus\Plugins\PluginNews.dll 2017-05-12 15:44 - 2016-03-17 21:18 - 000410152 _____ () D:\Garena Plus\Plugins\GarenaTalkPlugin.dll 2017-05-12 15:44 - 2017-09-11 21:03 - 000236888 _____ () D:\Garena Plus\Plugins\GameSalePlugin.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000116264 _____ () D:\Garena Plus\bbtalk\CommonLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000075304 _____ () D:\Garena Plus\bbtalk\PluginKernel.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000046032 _____ () D:\Garena Plus\bbtalk\DibModule.dll 2017-05-12 15:44 - 2017-01-13 21:16 - 000394744 _____ () D:\Garena Plus\bbtalk\ImageModule.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000053752 _____ () D:\Garena Plus\bbtalk\lollauncher.dll 2017-05-12 15:44 - 2017-06-09 19:07 - 000026112 _____ () D:\Garena Plus\bbtalk\VersionModule.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000460184 _____ () D:\Garena Plus\bbtalk\sqlite3.dll 2017-05-12 15:44 - 2017-05-25 16:47 - 002499024 _____ () D:\Garena Plus\bbtalk\Overlay.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000120872 _____ () D:\Garena Plus\bbtalk\lib\AudioMixerLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000042024 _____ () D:\Garena Plus\bbtalk\lib\ChannelUrlDll.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000436776 _____ () D:\Garena Plus\bbtalk\lib\exchndl.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000089592 _____ () D:\Garena Plus\bbtalk\lib\FileManager.dll 2017-05-12 15:44 - 2016-10-25 21:05 - 000065064 _____ () D:\Garena Plus\bbtalk\FileSystem.dll 2017-05-12 15:44 - 2016-10-13 16:41 - 000387024 _____ () D:\Garena Plus\bbtalk\lib\Http.dll 2017-05-12 15:44 - 2016-10-13 16:41 - 000059856 _____ () D:\Garena Plus\bbtalk\lib\InputHookLib.dll 2017-05-12 15:44 - 2016-10-25 21:05 - 000079824 _____ () D:\Garena Plus\bbtalk\InputHook.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000054736 _____ () D:\Garena Plus\bbtalk\lib\IPCLib.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000067624 _____ () D:\Garena Plus\bbtalk\lib\LangLib.dll 2017-05-12 15:44 - 2016-09-23 19:05 - 000102864 _____ () D:\Garena Plus\bbtalk\audiohost.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000146984 _____ () D:\Garena Plus\bbtalk\lib\MessagePumpLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000042536 _____ () D:\Garena Plus\bbtalk\lib\MP3Saver.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000250408 _____ () D:\Garena Plus\bbtalk\libmp3lame.DLL 2017-05-12 15:44 - 2016-09-23 19:06 - 001060344 _____ () D:\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000068648 _____ () D:\Garena Plus\bbtalk\lib\ResLib.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000111144 _____ () D:\Garena Plus\bbtalk\PngModule.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000139816 _____ () D:\Garena Plus\bbtalk\lib\TcpClient.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000149544 _____ () D:\Garena Plus\bbtalk\lib\UdpClient.dll 2017-05-12 15:44 - 2016-03-02 21:20 - 000122920 _____ () D:\Garena Plus\bbtalk\lib\UILayout.dll 2017-05-12 15:44 - 2017-06-09 18:53 - 000868904 _____ () D:\Garena Plus\bbtalk\lib\UILib.dll 2017-05-12 15:44 - 2016-09-23 19:06 - 000068560 _____ () D:\Garena Plus\bbtalk\lib\XmlUIModule.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2947266498-225611615-1475648406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: KeepVidProUpdateHelper.exe => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe MSCONFIG\startupreg: uTorrent => "C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D17D47BA-86AF-4062-B50F-00332781C0F0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{8A170E17-A7CC-4383-9AC1-106AACD75B36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4F667105-194C-42E5-92E3-2CDEA35CD541}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{84E59EF1-402B-445E-80E0-E18E337B7575}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{9366F3BA-16EB-445A-8AEF-E0DB17BB8AFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{F6C8413C-7526-43E8-9353-BAE5302FDAC6}] => (Allow) C:\Users\jarek\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{2E9408BA-0A56-4294-BA6B-52E448FEEDFA}] => (Allow) LPort=1688 FirewallRules: [TCP Query User{DF4C4EF9-2792-4C46-951E-7DB444BCEDDD}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe FirewallRules: [UDP Query User{8D7A6EA7-3530-4A8B-9D78-26EE08EB7913}D:\garena plus\bbtalk\bbtalk.exe] => (Allow) D:\garena plus\bbtalk\bbtalk.exe FirewallRules: [{D6C0B2E0-3718-426B-A608-237CF4E71709}] => (Allow) LPort=8370 FirewallRules: [{8115AA1A-A3A5-4FDC-8EF8-9967265D0A20}] => (Allow) LPort=8370 FirewallRules: [{763DC8B6-20D3-4258-BC04-1923495FD0CD}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{7D35D09A-31E8-4338-996C-71024BA2E97B}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{C880E837-9389-471F-93A1-96C40C859130}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [{DCB79C30-E7E8-46F9-85C5-C6146F52D6D8}] => (Allow) D:\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [TCP Query User{BB00C0FF-55D2-4CB6-8DE0-40AE189A1EC3}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe FirewallRules: [UDP Query User{6DEC2523-1E03-4A72-BB63-CA4CD6CE0992}G:\drive\left4dead 2 2013\left4dead2.exe] => (Allow) G:\drive\left4dead 2 2013\left4dead2.exe FirewallRules: [TCP Query User{95E61927-A0E8-48EA-A830-9C685E1F8C9D}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe FirewallRules: [UDP Query User{EA68048E-07B3-4C73-985E-5CED073459EB}G:\drive\games\call of duty\call of duty - world at war\codwaw.exe] => (Allow) G:\drive\games\call of duty\call of duty - world at war\codwaw.exe FirewallRules: [{C20CCBD6-20C3-4B54-8FD3-DF0E981282D2}] => (Allow) LPort=1689 FirewallRules: [TCP Query User{017D7C5A-1252-4E29-9C24-71B6EFFFCE55}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe FirewallRules: [UDP Query User{D27A24E2-A12F-4333-B11D-276F5C671C4A}D:\garena plus\garenamessenger.exe] => (Allow) D:\garena plus\garenamessenger.exe FirewallRules: [{1FB96FDD-CAD2-490F-986D-B79400C701AB}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71BCCA2E-D91C-42F0-94C3-49F7A62E83B1}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{63D2FF4D-33F8-4B51-BC98-113489BD5232}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EE2E0FFE-389B-4157-BF9A-458E9D542188}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{ED1235EC-F65C-4F87-8006-A8BDD5EF2D2C}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{954DE557-13A2-45C0-911F-FC72F234FDF5}] => (Allow) C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B2D37D98-071F-45A5-ACA1-01736857F20A}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{294A749B-7020-4009-A9F3-0C1632B0F4F3}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{A77EA475-694A-4939-B194-22378F64A3DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{12857F06-F9DB-4D02-896A-DE0954B13F51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{8D8E0D67-C04A-45BC-8258-5451E50C6194}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 26-08-2017 12:05:15 Scheduled Checkpoint 01-09-2017 13:50:11 Installed Grand Theft Auto Vice City 09-09-2017 21:59:25 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2017 03:59:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/14/2017 03:59:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/14/2017 02:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2017 09:11:11 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/13/2017 08:11:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/13/2017 07:33:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (09/13/2017 07:33:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/13/2017 07:33:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/13/2017 07:33:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\jarek\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/13/2017 07:33:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Garena Plus\bbtalk\GarenaTalkWeb.dll". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (09/14/2017 02:38:49 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error: (09/13/2017 09:00:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/13/2017 09:00:41 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/13/2017 09:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/13/2017 09:00:40 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/13/2017 09:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/13/2017 09:00:39 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/13/2017 09:00:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (09/13/2017 09:00:39 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\jarek\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/13/2017 09:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 53% Total physical RAM: 3999.19 MB Available physical RAM: 1844.37 MB Total Virtual: 7996.58 MB Available Virtual: 5759.94 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:102.05 GB) (Free:42.12 GB) NTFS Drive d: () (Fixed) (Total:195.55 GB) (Free:170.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA0A7A18) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=102.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Users shortcut scan result (x64) Version: 13-09-2017 02 Ran by jarek (14-09-2017 16:08:01) Running from C:\Users\jarek\Downloads Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> D:\Audacity\audacity.exe (The Audacity Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire PH.lnk -> D:\Crossfire PH\CFLauncher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk -> D:\ppsspp\PPSSPPWindows.exe (Henrik Rydgård) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit\SHAREit.lnk -> C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Play GTA San Andreas.lnk -> D:\GTA San Andreas\gta_sa.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\README.lnk -> D:\GTA San Andreas\ReadMe\Readme.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Play GTA Vice City.lnk -> D:\gta-vc.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\ReadMe.lnk -> D:\readme.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Frequently Asked Questions.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Docs\PCSX2_FAQ.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Readme.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Docs\PCSX2_Readme.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2\Uninstall PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\Uninst-pcsx2 1.4.0.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk -> C:\Program Files\KMSpico\AutoPico.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk -> C:\Program Files\KMSpico\KMSELDI.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk -> C:\Program Files\KMSpico\scripts\Log.cmd () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 2.0\Crossfire 2.0.lnk -> D:\Crossfire 2.0\CFLauncher.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\Links\Desktop.lnk -> C:\Users\jarek\Desktop () Shortcut: C:\Users\jarek\Links\Downloads.lnk -> C:\Users\jarek\Downloads () Shortcut: C:\Users\jarek\Links\OneDrive.lnk -> C:\Users\jarek\OneDrive () Shortcut: C:\Users\jarek\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}] Shortcut: C:\Users\jarek\Desktop\Garena +.lnk -> D:\Garena Plus\GarenaMessenger.exe () Shortcut: C:\Users\jarek\Desktop\GTA Vice City.lnk -> D:\Games\GTA Vice City\gta-vc.exe () Shortcut: C:\Users\jarek\Desktop\PPSSPP.lnk -> D:\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård) Shortcut: C:\Users\jarek\Desktop\µTorrent.lnk -> C:\Users\jarek\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\jarek\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto San Andreas™.lnk -> [LF6"pH,R GFSIBIA8"Grand Theft Auto: San Andreas"!(1SPSXFL8C&m] Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto™ 3.lnk -> [LF6"pH,R GFSI+~CSqrIbGrand Theft Auto"! 3(1SPSXFL8C&m] Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto™ Vice City.lnk -> [LF6"pH,R GFSIijNH3+Grand Theft Auto"!: Vice City(1SPSXFL8C&m] Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Garena +.lnk -> D:\Garena Plus\GarenaMessenger.exe () Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\jarek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\jarek\AppData\Local\Microsoft\Windows\GameExplorer\{95C5F9AB-6C7B-44B4-9942-0DE98995A721}\PlayTasks\0\Play.lnk -> D:\Games\GTA Vice City\gta-vc.exe () Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> D:\Audacity\audacity.exe (The Audacity Team) Shortcut: C:\Users\Public\Desktop\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.) Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\Users\Public\Desktop\Crossfire PH.lnk -> D:\Crossfire PH\CFLauncher.exe () Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\PCSX2 1.4.0.lnk -> C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe () Shortcut: C:\Users\Public\Desktop\SHAREit.lnk -> C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu\WinCDEmu Settings.lnk -> C:\Program Files (x86)\WinCDEmu\vmnt64.exe (Sysprogs OU) -> /settings ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Uninstall GTA San Andreas.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Uninstall GTA Vice City.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe (InstallShield Software Corporation) -> -l0009 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins001.exe () -> /LOG ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk -> C:\Program Files\KMSpico\UninsHs.exe (Han-soft) -> /u0=KMSpico ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc.) -> /p 1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Clash of Clans.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.supercell.clashofclans -a com.supercell.clashofclans.GameApp -v Android ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\fakelocation.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.providerV33 -a .Main -vmname: ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Garena.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.garena.gas -a com.garena.gxx.splash.GGSplashActivity -v Android ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Location Provider.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.provider -a com.location.provider.MapsActivity -v Android ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Photos.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.google.android.apps.photos -a com.google.android.apps.photos.home.HomeActivity -v Android ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Play Games.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.google.android.play.games -a com.google.android.gms.games.ui.destination.main.MainActivity -v Android ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\jarek\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Register Online.url -> URL: hxxp://www.rockstargames.com/register/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar Games.url -> URL: hxxp://www.rockstargames.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Rockstar North Ltd.url -> URL: hxxp://www.RockstarNorth.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Rockstar Games.url -> URL: hxxp://www.rockstargames.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto Vice City\Rockstar North Ltd.url -> URL: hxxp://www.rockstarnorth.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner InternetURL: C:\Users\jarek\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172 InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925 InternetURL: C:\Users\jarek\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\jarek\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661 InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424 InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920 InternetURL: C:\Users\jarek\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\jarek\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792 InternetURL: C:\Users\jarek\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791 InternetURL: C:\Users\jarek\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\jarek\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\jarek\Desktop\Gameclub Philippines.url -> URL: hxxp://ph.gameclub.com/ ==================== End of Shortcut.txt ============================= Link to post Share on other sites More sharing options...
Valinorum Posted September 17, 2017 ID:1164323 Share Posted September 17, 2017 Uninstall KMSpico (Hacktool) Step # Fix with FRST Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop. Open Notepad.exe. Do not use any other text editor software; Copy and Paste the contents inside the code-box to your Notepad --Start CreateRestorePoint: CloseProcesses: EmptyTemp: Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC" Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe C:\Program Files\KMSpico\ HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe Handler: WSKVAllmytubechrome - No CLSID Value CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX" File: D:\Garena Plus\ggdllhost.exe CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers End Click on File > Save as...Inside the File Name box type fixlist.txt; From the Save as type drop down list, choose All Files Save the file to your Desktop; Re-run FRST.exe and click Fix; Note: If FRST advises there is a new updated version to be downloaded, do so/allow this. After the completion, a log will be produced; Copy and Paste the contents of the log in your next reply. Link to post Share on other sites More sharing options...
Jarek Posted September 20, 2017 Author ID:1165562 Share Posted September 20, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017 Ran by jarek (20-09-2017 20:30:11) Run:1 Running from C:\Users\jarek\Downloads Loaded Profiles: jarek (Available Profiles: jarek) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: EmptyTemp: Task: {1F4086CB-014B-4385-80EB-AF197C5DBF82} - System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => D:\GTA Vice City\gta-vc.exe Task: {22E9DD43-D662-4141-A44E-641D28BD876C} - System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => C:\Windows\system32\pcalua.exe -a "C:\Users\jarek\Downloads\Gta VC\gta Vice City full!!!! working version.exe" -d "C:\Users\jarek\Downloads\Gta VC" Task: {5167994A-7659-46B0-A701-B6D85575EC3F} - System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => D:\GTA Vice City\gta-vc.exe Task: {B80145A9-991F-4F09-93C3-EF32485922FD} - System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => D:\GTA 4 Vice City\Tecsetup.exe Task: {BE953FB7-D6F5-4112-B890-55E74D782AE8} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe C:\Program Files\KMSpico\ HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {00b85262-3cdd-11e7-b506-001f16da4c70} - V:\Install.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {5e5660ef-8ec2-11e7-a081-001f16da4c70} - V:\Setup.exe HKU\S-1-5-21-2947266498-225611615-1475648406-1001\...\MountPoints2: {67d08722-3772-11e7-ba21-001f16da4c70} - V:\setup.exe Handler: WSKVAllmytubechrome - No CLSID Value CHR HomePage: Default -> hxxp://www.search.ask.com/?p2=%5EB7N%5EYYYYYY%5EYY%5EPH&gct=hp&o=APN11293cr&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5EPH&tpid=CME-V7&apn_dbr=iexplore.exe_6_10.0.9200.16537&trgb=CR&apn_uid=6FC8EF5B-A7F5-4524-9574-3BC0A49BC51E&itbv=12.3.0.861&doi=2013-09-11&psv=barid%253D%257B33B8CB3A%252D1A7F%252D11E3%252DBE96%252D2C59E5A4AACA%257D%2526cargo%253DCME%252DV7%2526spr%253Da CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1399637750&from=amt&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-05 09:07:58&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={86068EBB-1328-481D-AD75-5EBC5F2A3AED}&mid=402e7d2adb4e47d39dcffd991c328662-9e33100d3961e091c4acb88528f105b9636d413a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-08-05 09:07:58&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://www.mystartsearch.com/?type=hp&ts=1443225501&z=9c851e1fe15cc700785b812g2zaz8c3o6oew0c5g1w&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxps://www.google.com/?trackid=sp-006","hxxp://www.mystartsearch.com/?type=hp&ts=1443434260&z=380852f09fa076ba0a3b0b7g7z1z2c3z7c4zee9q8t&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX","hxxp://www.mystartsearch.com/?type=hp&ts=1443522904&z=58b2ca7e4846b7f5a18c3fagdz3zcccwfo9o3wbzft&from=cmi&uid=HGSTXHTS545032A7E380_TE8411L506XVNK06XVNKX" File: D:\Garena Plus\ggdllhost.exe CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers End ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F4086CB-014B-4385-80EB-AF197C5DBF82} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F4086CB-014B-4385-80EB-AF197C5DBF82} => key removed successfully C:\Windows\System32\Tasks\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A006BFE-5735-43C7-A008-C62F7901E3DD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22E9DD43-D662-4141-A44E-641D28BD876C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22E9DD43-D662-4141-A44E-641D28BD876C} => key removed successfully C:\Windows\System32\Tasks\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37FFD5A5-39BB-4C81-A857-2128C76C9413} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5167994A-7659-46B0-A701-B6D85575EC3F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5167994A-7659-46B0-A701-B6D85575EC3F} => key removed successfully C:\Windows\System32\Tasks\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34B7E54F-C68C-49C6-9E55-81FDA5555C14} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80145A9-991F-4F09-93C3-EF32485922FD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80145A9-991F-4F09-93C3-EF32485922FD} => key removed successfully C:\Windows\System32\Tasks\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A13344D1-BE8B-4AB0-AE24-FE1FA67FFB37} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE953FB7-D6F5-4112-B890-55E74D782AE8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE953FB7-D6F5-4112-B890-55E74D782AE8} => key removed successfully C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully C:\Program Files\KMSpico => moved successfully HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b85262-3cdd-11e7-b506-001f16da4c70} => key removed successfully HKLM\Software\Classes\CLSID\{00b85262-3cdd-11e7-b506-001f16da4c70} => key not found. HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5660ef-8ec2-11e7-a081-001f16da4c70} => key removed successfully HKLM\Software\Classes\CLSID\{5e5660ef-8ec2-11e7-a081-001f16da4c70} => key not found. HKU\S-1-5-21-2947266498-225611615-1475648406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d08722-3772-11e7-ba21-001f16da4c70} => key removed successfully HKLM\Software\Classes\CLSID\{67d08722-3772-11e7-ba21-001f16da4c70} => key not found. HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => key removed successfully Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully ========================= File: D:\Garena Plus\ggdllhost.exe ======================== File is digitally signed MD5: 92E3B9223934E3A632FF9A2DAB7E87C5 Creation and modification date: 2017-05-12 15:44 - 2016-02-22 19:24 Size: 000174632 Attributes: ----A Company Name: Internal Name: Original Name: Product: Description: Garena+ Plugin Host Service File Version: 2.1.6.0 Product Version: 2.1.6.0 Copyright: Copyright (C) 2013 VirusTotal: https://www.virustotal.com/file/195cd629a7e218fb510976aca807beae4a878d32a9409bc6523b60a1e6fdf2e2/analysis/1502424247/ ====== End of File: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13197547 B Java, Flash, Steam htmlcache => 379 B Windows/system/drivers => 233075395 B Edge => 0 B Chrome => 506987651 B Firefox => 10663792 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 83391 B systemprofile32 => 66228 B LocalService => 66228 B NetworkService => 66228 B jarek => 437179883 B RecycleBin => 2404890955 B EmptyTemp: => 3.4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:31:06 ==== Link to post Share on other sites More sharing options...
Valinorum Posted September 24, 2017 ID:1166710 Share Posted September 24, 2017 How is your PC performing? Link to post Share on other sites More sharing options...
Jarek Posted September 25, 2017 Author ID:1166942 Share Posted September 25, 2017 Its quite good now and I think its gone already since I can open Malwarebytes and anti-viruses now in which It wont let me do it in the past weeks Link to post Share on other sites More sharing options...
Valinorum Posted September 27, 2017 ID:1167576 Share Posted September 27, 2017 Sounds good. If everything is okay, I will mark this as resolved. Link to post Share on other sites More sharing options...
Jarek Posted September 28, 2017 Author ID:1167798 Share Posted September 28, 2017 Thanks for the help Valinorum! My laptop looks free of that drive.bat virus. I'll take it from here. Thanks again! Link to post Share on other sites More sharing options...
Valinorum Posted September 28, 2017 ID:1167829 Share Posted September 28, 2017 You are welcome. Link to post Share on other sites More sharing options...
Recommended Posts