Jump to content

My Google Chrome is Hijacked?


xRT

Recommended Posts

My kids have downloaded something on this computer and now every time i open chrome I cannot delete the most visited tabs. I tried to reinstall chrome with no luck, the most visited boxes still have not changed. I was wondering if there is anything else I can do to get rid of this?

desk.png

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Here are my scan results:

FRST:~ ~ ~ ~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2017
Ran by Family (administrator) on T5500 (11-12-2017 21:14:46)
Running from C:\Users\Family\Desktop
Loaded Profiles: Family (Available Profiles: Family)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer

\NVDisplay.Container.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS

\dsAccessService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS

\dsAccessService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient

\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service

\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry

\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA

Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA

Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Family\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or

removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows

\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11]

(Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-

19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [CCleaner Monitoring] => C:\Program

Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Run: [Spotify Web Helper] => C:\Users

\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-29] (Spotify Ltd)
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: H - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {3147ad70-1cd8-11e4-962c-

0023aea9040f} - H:\Setup.exe
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {8a76d1c6-8319-11e2-a009-

806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {eab4b094-a749-11e3-bb44-

0023aea9040f} - G:\autorun.exe
HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\MountPoints2: {f4d49233-fca2-11e3-9633-

0023aea9040f} - H:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored

to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{737037F1-6F4E-448C-BE34-89773AE4F088}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{737037F1-6F4E-448C-BE34-89773AE4F088}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B32A1E68-654E-4ADF-96D2-1E185973FFD2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-286109471-3207669588-231307133-1000\SOFTWARE\Policies\Microsoft\Internet Explorer:

Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> DefaultScope {0633EE93-D776-

472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> {BB82DE59-BC4C-4172-9AC4-

73315F71CFFE} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files

\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {5eaecdf4-2f7f-49d0-9956-30c2bdbbf21d} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program

Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program

Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program

Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-19] (Oracle Corporation)
BHO-x32: No Name -> {f8c57169-9ac9-4513-853c-e945f1e3a468} -> No File
Toolbar: HKU\S-1-5-21-286109471-3207669588-231307133-1000 -> No Name - {2318C2B1-4965-11D4-9B18-

009027A5CD4F} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258}

hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {AA570693-00E2-4907-B6F1-60A1199B030C}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://svpn.avinc.com/dana-

cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\8uao7iqy.default [2017-

12-11]
FF Homepage: Mozilla\Firefox\Profiles\8uao7iqy.default -> hxxps://www.google.com/
FF Extension: (Enhance Net Extension) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\8d5722f08367402ca7e74cf2ef319f24@jetpack [2014-11-02] [Legacy] [not

signed]
FF Extension: (PPRiicceeMinus) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\8N6XEE@h2.org [2015-08-07] [Legacy] [not signed]
FF Extension: (CuuteThePriicE) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\nT@mqFL.org [2015-08-07] [Legacy] [not signed]
FF Extension: (youtubeadblocker) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\pt@HK.edu [2015-03-03] [Legacy] [not signed]
FF Extension: (UniDeaolsse) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\vvet@Bk.com [2015-03-03] [Legacy] [not signed]
FF Extension: (Greasemonkey) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles

\8uao7iqy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files

(x86)\AVG\AVG2012\Firefox4
FF Extension: (AVG Safe Search) - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-03-13]

[Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar

\FireFoxExt\18.1.9.790 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll

[2017-10-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight

\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM

\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_27_0_0_183.dll [2017-10-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director

\np32dsw_1229199.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin

\dtplugin\npDeployJava1.dll [2015-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java

\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight

\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:

\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:

\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\npnv3dv.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dvstreaming.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.33.7\npGoogleUpdate3.dll [2017-11-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.33.7\npGoogleUpdate3.dll [2017-11-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR

\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-286109471-3207669588-231307133-1000: @unity3d.com/UnityPlayer,version=1.0

-> C:\Users\Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-26] (Unity

Technologies ApS)
StartMenuInternet: FIREFOX.EXE - C:\Users\Family\AppData\Local\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-11]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-10]
CHR Extension: (Slides) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09]
CHR Extension: (Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-09]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-09]
CHR Extension: (Sheets) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data

\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User

Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-09]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Family\AppData\Local\Google\Chrome\User Data

\Profile 2\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-11-11]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile

2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data

\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-09]
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] -

hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] -

hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not

be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016

2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG

Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies

CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-21] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2017-01-05] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01]

(Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

[462784 2016-12-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

[462784 2016-12-11] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer

\NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers

\nvPDsvc.exe [6237800 2010-04-30] ()
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience

Service\nvwirelesscontroller.exe [1163712 2016-12-11] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry

\NvTelemetryContainer.exe [427064 2017-03-31] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-05-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft

Corporation)
S2 RzOvlMon; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not

be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG

Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG

Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ,

s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ,

s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ,

s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ,

s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ,

s.r.o.)
R3 BENDER; C:\Windows\System32\drivers\bender64.sys [253568 2006-11-27] (Pinnacle Systems)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-11-09] ()
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\Windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07]

(Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks,

Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-11]

(Malwarebytes)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy)

[File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-

11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-11] (NVIDIA

Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-20] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-20] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush

Productions)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 sf; \??\C:\AeriaGames\SoldierFront\avital\soldierf64.sys [X]
S3 slb; \??\C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not

be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-11 21:14 - 2017-12-11 21:14 - 000020745 _____ C:\Users\Family\Desktop\FRST.txt
2017-12-11 21:14 - 2017-12-11 21:14 - 000000000 ____D C:\Users\Family\Desktop\FRST-OlderVersion
2017-12-11 21:12 - 2017-12-11 21:12 - 002392064 _____ (Farbar) C:\Users\Family\Downloads

\FRST64.exe
2017-12-10 21:34 - 2017-12-10 21:35 - 000125864 _____ C:\Users\Family\Downloads\14-1 Outline .pdf
2017-12-10 13:57 - 2017-12-10 13:57 - 000311224 _____ (Mozilla) C:\Users\Family\Downloads\Firefox

Installer(1).exe
2017-12-05 22:51 - 2017-12-05 22:51 - 000061952 _____ C:\Users\Family\Downloads\13-3 Cornell

Notes .pdf
2017-12-04 20:17 - 2017-12-04 20:17 - 000064420 _____ C:\Users\Family\Downloads\13-1 & 2 Cornell

Notes.pdf
2017-11-29 00:22 - 2017-11-29 00:22 - 000111722 _____ C:\Users\Family\Downloads\11-4.pdf
2017-11-26 12:38 - 2017-11-26 12:38 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Square

Enix
2017-11-26 12:37 - 2017-11-26 12:37 - 000002699 _____ C:\Users\Family\Desktop\Play Life is

Strange - Before the Storm.lnk
2017-11-26 12:06 - 2017-11-26 12:16 - 000000000 ____D C:\Users\Family\Downloads\Life is Strange -

Before the Storm E1+E2 PC game ^^nosTEAM^^RO
2017-11-26 12:05 - 2017-11-26 12:32 - 000000000 ____D C:\Program Files (x86)\Life is Strange -

Before the Storm
2017-11-26 11:56 - 2017-11-26 12:01 - 053624595 _____ C:\Users\Family\Downloads

\LifeIsStrange_BS-E1+E2.exe
2017-11-26 11:32 - 2017-11-26 11:32 - 000116572 _____ C:\Users\Family\Downloads\Chapter 11-1

Outline.pdf
2017-11-23 14:25 - 2017-11-23 14:25 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Defiant

Development
2017-11-23 13:58 - 2017-11-26 12:06 - 000000000 ____D C:\Users\Family\AppData\LocalLow\uTorrent
2017-11-16 17:12 - 2017-11-16 17:12 - 000096190 _____ C:\Users\Family\Downloads\Chapter 10-4

Outline 10_35 (2-Red 9-Pictures).pdf
2017-11-13 17:07 - 2017-11-13 17:07 - 000125102 _____ C:\Users\Family\Downloads\10-2 Outline (3-

red 2-pics).pdf
2017-11-12 18:06 - 2017-11-12 18:06 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-12 18:04 - 2017-11-12 18:05 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-12 18:04 - 2017-11-12 18:04 - 036135784 _____ (Adlice Software ) C:\Users\Family

\Downloads\setup.exe
2017-11-12 18:04 - 2017-11-12 18:04 - 000000863 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-12 18:04 - 2017-11-12 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\RogueKiller
2017-11-12 18:04 - 2017-11-12 18:04 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-12 17:57 - 2017-11-16 15:48 - 000002107 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 17:56 - 2017-11-12 17:57 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-12 17:56 - 2017-11-12 17:56 - 001130328 _____ (Google Inc.) C:\Users\Family\Downloads

\ChromeSetup.exe
2017-11-11 22:23 - 2017-11-12 20:09 - 000000154 _____ C:\Users\Family\AppData\LocalLow

\rbxcsettings.rbx
2017-11-11 22:13 - 2017-11-11 22:13 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-11 21:14 - 2017-11-10 10:21 - 002392064 _____ (Farbar) C:\Users\Family\Desktop\FRST64

(1).exe
2017-12-11 21:14 - 2017-11-09 23:12 - 000000000 ____D C:\FRST
2017-12-11 21:11 - 2017-01-06 01:39 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla
2017-12-11 21:11 - 2013-03-02 01:46 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-11 21:10 - 2017-11-10 11:00 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers

\mbamswissarmy.sys
2017-12-11 21:10 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-10 21:36 - 2009-07-13 21:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-10 21:36 - 2009-07-13 20:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-10 21:36 - 2009-07-13 20:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-10 21:36 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-10 21:32 - 2013-07-13 23:29 - 000000000 ____D C:\Users\Family\AppData\Roaming\Mozilla
2017-12-10 13:57 - 2017-08-10 10:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-10 13:57 - 2017-01-06 01:38 - 000000929 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-10 13:57 - 2014-05-13 22:52 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Mozilla Firefox.lnk
2017-12-10 13:57 - 2014-05-13 22:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance

Service
2017-12-06 17:57 - 2013-03-02 01:28 - 000000000 ____D C:\Windows\system32\Drivers\AVG
2017-12-01 16:51 - 2017-03-20 19:36 - 000000000 ____D C:\Users\Family\AppData\Roaming\Spotify
2017-12-01 16:51 - 2017-03-20 19:36 - 000000000 ____D C:\Users\Family\AppData\Local\Spotify
2017-11-30 18:03 - 2017-02-19 14:25 - 000000000 ____D C:\Users\Family\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Roblox
2017-11-30 17:58 - 2015-06-17 14:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Acrobat Reader DC.lnk
2017-11-26 13:26 - 2017-10-29 12:09 - 000000000 ____D C:\Users\Family\AppData\Roaming\uTorrent
2017-11-26 13:26 - 2016-11-13 14:02 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-26 12:37 - 2016-10-02 11:20 - 000001602 _____ C:\Users\Family\Desktop\visit

www.nosteam.ro.lnk
2017-11-23 14:21 - 2017-11-09 17:49 - 000003330 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineUA
2017-11-23 14:21 - 2017-11-09 17:49 - 000003202 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineCore
2017-11-16 15:50 - 2015-06-17 14:13 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat

Update Task
2017-11-16 15:48 - 2017-11-09 17:49 - 000002119 _____ C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Google Chrome.lnk
2017-11-12 16:03 - 2014-02-09 17:31 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2017-11-11 22:13 - 2013-06-13 14:20 - 000000827 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-11 22:13 - 2013-06-13 14:20 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2014-02-10 14:41 - 2013-07-08 11:33 - 002450464 _____ (SPAMfighter ApS - SPAMfighter.com) C:

\Users\Family\sfhtml.dll
2014-02-10 14:41 - 2013-07-08 11:33 - 000951328 _____ (SPAMfighter ApS) C:\Users\Family

\SuiteClient.dll
2016-10-28 03:17 - 2016-11-05 04:00 - 000000429 _____ () C:\Users\Family\update-

WarfareRemasterd.bat
2013-09-26 22:34 - 2013-09-26 22:34 - 000061367 _____ () C:\Users\Family\AppData\Roaming\icarus-

dxdiag.xml
2014-06-25 12:17 - 2014-08-25 17:37 - 000000012 _____ () C:\Users\Family\AppData\Roaming\id.txt
2014-02-07 21:57 - 2014-05-13 21:34 - 000034816 _____ () C:\Users\Family\AppData\Roaming

\RZR_0060fc43455390be466a0c37e436.db
2015-01-22 16:45 - 2015-01-22 16:45 - 000000088 _____ () C:\Users\Family\AppData\Local

\c1908001ff7b97913e150b59be1f3794
2013-08-15 21:12 - 2013-08-15 21:12 - 000000000 ___SH () C:\Users\Family\AppData\Local\LumaEmu
2014-06-24 09:11 - 2014-06-24 09:11 - 000000000 _____ () C:\Users\Family\AppData\Local\Mozilla

Firefoxsafeguard-secure-search.xml
2017-01-06 00:41 - 2016-11-23 05:37 - 000000570 _____ () C:\Users\Family\AppData\Local

\TroubleshooterConfig.json
2014-01-25 15:49 - 2014-01-25 20:42 - 000000914 _____ () C:\Users\Family\AppData\Local

\_settings.ini
2014-09-19 14:04 - 2014-09-19 14:04 - 000000000 _____ () C:\Users\Family\AppData\Local\{331A67C7

-76A5-4416-8690-AD79190E3823}
2014-07-03 14:04 - 2014-07-03 14:04 - 000000000 _____ () C:\Users\Family\AppData\Local\{DC3B1D31

-FCB4-4C70-8923-6F76B2F68300}

Some files in TEMP:
====================
2017-11-12 18:04 - 2016-04-08 22:59 - 001732864 _____ (Microsoft Corporation) C:\Users\Family

\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-03 11:32

==================== End of FRST.txt ============================

 

 

Addition Txt:~ ~ ~ ~

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2017
Ran by Family (11-12-2017 21:15:11)
Running from C:\Users\Family\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-03-02 09:23:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-286109471-3207669588-231307133-500 - Administrator - Disabled)
Family (S-1-5-21-286109471-3207669588-231307133-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-286109471-3207669588-231307133-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-286109471-3207669588-231307133-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AVG 2012 (HKLM\...\{151C1354-B1CD-4768-A691-E03D84929073}) (Version: 12.0.4365 - AVG Technologies) Hidden
AVG 2012 (HKLM\...\{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}) (Version: 12.1.2240 - AVG Technologies) Hidden
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2240 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hand of Fate 2 (HKLM\...\aGFuZG9mZmF0ZTI_is1) (Version: 1 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Infinity (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Infinity) (Version: 3.0.35 - WeMod)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.2.1 (HKLM-x32\...\PyCharm Community Edition 2017.2.1) (Version: 172.3544.46 - JetBrains s.r.o.)
Juniper Networks Setup Client (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
Junos Pulse Core Components (HKLM-x32\...\{CFEA6426-1BD5-4AD4-A095-A1830D8B90D4}) (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (HKLM\...\{01A43787-60A3-4568-A7AE-A6894A05C364}) (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (HKLM-x32\...\{D99E257C-F639-4423-B1E4-DB241029E52A}) (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (HKLM-x32\...\{A368881F-F47D-404D-87EB-C4669F6674DA}) (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (HKLM-x32\...\{5B73AA8E-8F1F-4BB6-A9A5-9D81DC93B00F}) (Version: 5.0.48695 - Juniper Networks) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9825 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12575 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.2.5.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Python 3.6.2 (32-bit) (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Add to Path (32-bit) (HKLM-x32\...\{5FEE3F00-F984-49A6-880C-CDEB3A9DC308}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (32-bit symbols) (HKLM-x32\...\{77259715-4E95-461D-B7C0-5D94B821CFCA}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (32-bit symbols) (HKLM-x32\...\{49C645E6-ED07-4A99-971D-C78DA6C4ACFE}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (32-bit symbols) (HKLM-x32\...\{93C956E0-8513-464B-A862-B26A0F59140F}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (32-bit symbols) (HKLM-x32\...\{C286663D-0309-4480-B282-AEF543D93814}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (32-bit symbols) (HKLM-x32\...\{0084DB64-F560-4F30-9FD6-147A641B859C}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Roblox Player for Family (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
RogueKiller version 12.11.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.23.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC8 CRT (HKLM\...\{F1842B04-3399-4595-AD78-CD8E1DDD2C3B}) (Version: 8.0.50727.762 - Juniper Networks) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\AVG2012\avgsea.dll [2012-02-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-03-31] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\AVG2012\avgsea.dll [2012-02-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2014-06-26] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DBFF7B-13BF-426A-B6B9-E586959D7FE7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation)
Task: {09AA4E44-DF67-4293-84AB-E243851638DA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation)
Task: {1A01BBEB-A9AD-4CE5-BC28-A9D3FBDF852E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation)
Task: {25A32556-4A64-413C-8EE0-2282752F0D0D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-11] (NVIDIA Corporation)
Task: {27673577-B7B4-4FA4-83EF-7D05D642B825} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {29523539-F744-458C-B19D-51C549E882CE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-11] (NVIDIA Corporation)
Task: {370E2FB9-4E61-4A5B-8B07-BBE23B612F9A} - System32\Tasks\{B9E0C865-7A0E-4AB5-B468-62B240BD4BDF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {37F74C43-B0BC-4E7C-98BA-9F707B3AA748} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {3A70897B-DE38-4DD2-96D1-121410AC9506} - System32\Tasks\{429AA244-4951-4197-A501-F2D7E51D180A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Downloads\Cube World setup (June 2013).exe" -d C:\Users\Family\Downloads
Task: {49A6BB42-573E-4395-BF55-4F833FB09F35} - System32\Tasks\{D947D6AD-23A5-49B6-88AE-EB45C2A85F35} => C:\Users\Family\Desktop\DS4Windows.exe
Task: {4C85C552-85D1-4594-89BF-88E14091F670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.)
Task: {5079128D-D055-4A01-AAE6-5249E00A0F31} - System32\Tasks\{BC831BD6-48D8-4D41-AC9D-BD9726AAD2C0} => C:\Windows\system32\pcalua.exe -a F:\installer.exe -d F:\
Task: {54A72429-1595-4503-8129-69ACB19A30EF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {54A72429-1595-4503-8129-69ACB19A30EF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {6081A041-A735-4A90-BDBE-B7220B354A8F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation)
Task: {6CDBD291-D119-4629-98AD-4F110864B66A} - System32\Tasks\{3F68A6FD-3901-43A7-BBCA-40CDEC5FC0DA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/226320
Task: {7123789F-1AE9-4C63-BD8F-AA3E1FB55262} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {7123789F-1AE9-4C63-BD8F-AA3E1FB55262} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {77B884EC-D4AB-4F94-8485-A7E5BB315DED} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {8BF71EC1-0048-49DD-A530-35087EF3175F} - System32\Tasks\{F528BAFE-BB7D-4085-A675-9B4E617EB0D0} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\AppData\Local\Temp\$PowerISO$\SPORESetup.exe -d "C:\Users\Family\Downloads\Spore [MULTI17][PCDVD][WwW.GamesTorrents.CoM]" <==== ATTENTION
Task: {98BA877A-7AD6-464E-8CC1-D126D474C474} - System32\Tasks\{57EE4C50-0742-4E4A-9AA4-3D91FFACFC60} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Play\Mini RLHream MGR.exe" -d "C:\Program Files (x86)\Play"
Task: {993E5E4B-0FF2-4E57-977E-E92BA1540E29} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A0DD8785-32D1-411D-81CD-B13EF0797252} - System32\Tasks\{6BFD953B-0E1B-44F8-8CD1-EB483DAC36BA} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {A2E8D8E0-2806-4C4E-ACC7-5EB02AA4F9D6} - System32\Tasks\{FC0C98E9-8E1B-4956-8A65-7F4BCAC3D72E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mini RLHream MGR.exe" -d "C:\Program Files (x86)"
Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A44F6EEF-4F27-4171-A4A5-220FB662F8DD} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {A654EC0A-C0C9-4190-9C0D-023FE5E7C0D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A98488B8-F943-497E-883C-0DBC2D49E419} - System32\Tasks\{1EB1E016-25D4-4001-BF8A-DFB5E8EF292B} => C:\Windows\system32\pcalua.exe -a "C:\Users\Family\Desktop\New folder\Setup.exe" -d "C:\Users\Family\Desktop\New folder"
Task: {B43463A1-62D8-4C4A-B119-FC5628027040} - System32\Tasks\{DE5C1BBA-B75D-483C-9D55-1B84B40C6B23} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\CutThePrice\94GBebAFmd2ilb.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C74365B2-883D-4FCA-AE09-446E65A6F65B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-12] (Google Inc.)
Task: {CFE911C7-D66C-4177-9126-1800010B3E47} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D1C6D311-AA81-42C8-A62E-6DBD12735BA4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-11-04] (Adobe Systems Incorporated)
Task: {D2BB6E1D-F45C-4DFD-BC43-D56CDC2B3242} - System32\Tasks\{9B5A693B-8AE3-4CC6-9C03-2CFA009DA5CE} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\Downloads\vtfedit125-11.exe -d C:\Users\Family\Downloads
Task: {DCD906B1-B745-46B3-90BF-B82E60318A7B} - \{0A7A7D47-7A78-7A0A-0A11-78080B79110C} -> No File <==== ATTENTION
Task: {E14E9F72-EEA1-4E2B-BC24-5FC6FEAC4625} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-286109471-3207669588-231307133-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E163338B-A684-49C2-8FD0-2BD2481D48D7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {E163338B-A684-49C2-8FD0-2BD2481D48D7} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E4239AC1-77D7-41DB-8B9C-6A9A1C75E4FC} - System32\Tasks\{EB0CA2C5-E8E5-4B1D-9D23-AFAA1E032BB5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Play\Mini RLHream.exe" -d "C:\Program Files (x86)\Play"
Task: {EAA097CF-F861-4388-AB62-C558C776B766} - System32\Tasks\{4AA52C7E-BA9D-48DB-96E3-44358ECDBB6F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\PowerISO.exe" -d C:\Windows\system32 -c -pf C:\Users\Family\AppData\Local\Temp\DA09.tmp <==== ATTENTION
Task: {F9FA3919-E153-4874-BDF9-06A407C96A6D} - System32\Tasks\{472AD09D-E621-4ED3-9DA6-74F8308D0788} => C:\Windows\system32\pcalua.exe -a C:\Users\Family\Desktop\forge-1.7.2-10.12.0.1024-installer-win.exe -d C:\Users\Family\Desktop
Task: {FFE593AB-703C-480B-8380-300E199081E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-10-06 22:18 - 2012-12-04 19:33 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 15:08 - 2017-03-16 15:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 000418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2010-04-30 06:52 - 2010-04-30 06:52 - 006237800 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2014-06-25 14:23 - 2016-05-25 18:30 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-11-09 17:56 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-06-18 07:24 - 2012-06-18 07:24 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-01-06 08:41 - 2016-01-06 08:41 - 000062168 _____ () C:\Program Files\CCleaner\branding.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 000900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 003774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 060817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-05 04:55 - 2016-12-11 18:37 - 000506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-05 04:55 - 2016-12-11 18:37 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-05 04:55 - 2016-12-11 18:37 - 002809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-05 04:55 - 2016-12-11 18:37 - 000245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-05 04:55 - 2016-12-11 18:37 - 000436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-01-05 04:55 - 2016-12-11 18:37 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-05 04:55 - 2016-12-11 18:37 - 000968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-286109471-3207669588-231307133-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-07-28 22:28 - 000000002 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-286109471-3207669588-231307133-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DS4Windows.lnk => C:\Windows\pss\DS4Windows.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: gflauncher => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
MSCONFIG\startupreg: iFunBox => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Spotify => C:\Users\Family\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Family\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{71491A61-B830-433B-9F7B-0939CBEEEA53}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{2EA3702B-E0FE-4303-B127-410711DD00F7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7463F226-55BC-4B5B-A746-84992B376187}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6BF63F69-7025-4EEE-AD14-071EF7D223A5}C:\users\family\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\family\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{FBFAE8F1-B4BA-4AE4-960E-290F7A312566}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43CD0EE3-DD0C-489D-9556-0CD4FEB333F1}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1CEF5146-5900-46B5-8537-D1FC3CEC58B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AC27D12F-A566-4880-BFCE-475CC16149B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A93A1F97-EEB5-4AE9-8C6F-D149D02B1091}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D80034F-A740-4729-A2C6-0E82A40741D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2D2498B3-8207-41E9-95F7-CB679D15AB32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{1F28B4B8-3300-47F6-9711-6202B66A59CB}C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe] => (Allow) C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe
FirewallRules: [UDP Query User{6BC6D1BA-087C-4F88-940C-39C4973EB48F}C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe] => (Allow) C:\program files (x86)\life is strange - before the storm\life is strange - before the storm\life is strange - before the storm.exe
FirewallRules: [TCP Query User{BC129858-34C2-4214-AAEE-3B1B2FD054D7}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AA1B6D8A-D435-480C-8B83-224EA0D515B3}C:\users\family\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\family\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEE0C5BB-1B8E-4BB8-AEFC-7877A527A303}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BE68EAA8-3E69-4942-AFEC-3337DCFBE976}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

09-11-2017 17:40:28 Checkpoint by HitmanPro
09-11-2017 17:42:04 Checkpoint by HitmanPro
09-11-2017 18:26:42 Checkpoint by HitmanPro
10-11-2017 10:24:49 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2017 09:12:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2017 09:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2017 01:49:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/06/2017 05:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/05/2017 10:29:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2017 08:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/01/2017 04:15:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2017 05:48:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2017 03:09:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2017 12:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/11/2017 09:10:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzOvlMon service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/11/2017 09:10:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2017 09:31:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzOvlMon service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/10/2017 09:31:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2017 09:30:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/10/2017 09:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzOvlMon service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/10/2017 09:29:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2017 01:48:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzOvlMon service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/10/2017 01:48:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
 and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/06/2017 06:01:38 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E43EFC97-FCB5-4845-A9DE-1B0FB6EC885F}.
The backup browser is stopping.


==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5540 @ 2.53GHz
Percentage of memory in use: 23%
Total physical RAM: 12285.59 MB
Available physical RAM: 9346.52 MB
Total Virtual: 24569.36 MB
Available Virtual: 21289.23 MB

==================== Drives ================================

Drive c: (T5500) (Fixed) (Total:238.4 GB) (Free:92.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (14-980-99-2) (CDROM) (Total:1.82 GB) (Free:0 GB) CDFS
Drive e: (DATA-T5500) (Fixed) (Total:149.01 GB) (Free:148.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: D8B14E35)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 9CA39CA3)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

No problem xRT, you're welcome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.