Masked Posted December 6, 2017 ID:1189303 Share Posted December 6, 2017 Hi there! I'm wondering If I can get some help. These two viruses (igfxmtc and Isntize) have been bogging down my pc. In Google Chrome it redirects me to citypage extension, and then to bing search bar. Any help would be appreciated. FRST.txt Addition.txt scan log.txt Link to post Share on other sites More sharing options...
Aura Posted December 6, 2017 ID:1189310 Share Posted December 6, 2017 Hi Masked My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. Link to post Share on other sites More sharing options...
Masked Posted December 6, 2017 Author ID:1189330 Share Posted December 6, 2017 Hello Aura thank you for assisting me. I was able launch MBAR and scan it. Here's the file mbar-log-2017-12-05 (19-44-20).txt Link to post Share on other sites More sharing options...
Aura Posted December 6, 2017 ID:1189405 Share Posted December 6, 2017 So it didn't find anything, alright. Do you have a USB Flash Drive? If so, how big is it? Also, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system:FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Make sure the Addition.txt box is checked Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply Link to post Share on other sites More sharing options...
Masked Posted December 6, 2017 Author ID:1189472 Share Posted December 6, 2017 I have a 4 gig usb flash drive, but I've been using it with this infected computer. Should I still use it? can I use an sd card, since I don't have any more usb flash drives? Here's the text from FRST and Addition Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017 Ran by Mask (administrator) on TONY (06-12-2017 09:24:32) Running from C:\Users\Mask\Desktop Loaded Profiles: Mask (Available Profiles: Mask) Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\WINDOWS\System32\exenisrsvc.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (The Within Network, LLC) C:\WINDOWS\unsignedthemes.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\WINDOWS\runSW.exe (Realtek) C:\WINDOWS\SwUSB.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Users\Mask\AppData\Local\igfxmtc\igfxmtc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (Flux Software LLC) C:\Users\Mask\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-12] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8850344 2017-11-30] (Emsisoft Ltd) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [uTorrent] => C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-04] (BitTorrent Inc.) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\MountPoints2: {0a3756e0-18ae-11e5-bef2-f065dd6449f8} - "D:\LaunchU3.exe" -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C31A6F0A-842F-4E34-9E92-04E018C7F29D}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{DB1B3F01-A4ED-475E-A9AF-E28E365A8A0D}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Mask\AppData\Roaming\Mozilla\Firefox\Profiles\64vbxj6y.default-1468980204841 [2017-12-05] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default [2017-12-06] CHR Extension: (Slides) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04] CHR Extension: (YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04] CHR Extension: (Tampermonkey) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14] CHR Extension: (Dark Reader) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2017-09-20] CHR Extension: (uBlock) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-04-04] CHR Extension: (Sheets) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-12-04] CHR Extension: (Gmail) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04] CHR Extension: (Chrome Media Router) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-22] CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-22] CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-23] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9216648 2017-11-30] (Emsisoft Ltd) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed] S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-13] () R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-12] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-12] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 RunSwUSB; C:\WINDOWS\runSW.exe [44760 2014-12-12] () R2 UnsignedThemes; C:\WINDOWS\unsignedthemes.exe [13824 2013-09-23] (The Within Network, LLC) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 01679346; C:\WINDOWS\System32\drivers\82601126.sys [208216 2017-12-05] (Kaspersky Lab, GERT) S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-12] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-12] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-12] (AVG Technologies CZ, s.r.o.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-03-08] (Disc Soft Ltd) R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net) S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-30] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-30] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-30] (Malwarebytes) S3 mt7612US; C:\WINDOWS\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.) S3 NSTDUSB3; C:\WINDOWS\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation) S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] () S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] () S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] () S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [5632528 2016-12-05] (Realtek Semiconductor Corporation ) R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R2 uxstyle; C:\WINDOWS\system32\Drivers\uxstyle.sys [31440 2013-09-23] (The Within Network, LLC) S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation) S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S3 ysusb_w8_1_64; C:\WINDOWS\system32\drivers\ysusb_w8_1_64.sys [136432 2017-03-07] (Yamaha Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-05] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-05] (Zemana Ltd.) U0 aswVmm; no ImagePath S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] S1 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X] R3 udiskMgr; system32\drivers\wzcfjm.sys [X] S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-06 09:24 - 2017-12-06 09:24 - 000020923 _____ C:\Users\Mask\Desktop\FRST.txt 2017-12-06 09:12 - 2017-12-06 09:12 - 002391552 _____ (Farbar) C:\Users\Mask\Desktop\FRST64.exe 2017-12-06 01:13 - 2017-12-06 01:13 - 000140112 ____N C:\WINDOWS\system32\Drivers\nihlosvy.sys 2017-12-05 19:44 - 2017-12-05 19:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\332141CA.sys 2017-12-05 19:42 - 2017-12-05 22:05 - 000000000 ____D C:\Users\Mask\Desktop\mbar 2017-12-05 19:41 - 2017-12-05 19:41 - 014161479 _____ C:\Users\Mask\Desktop\mbar-1.10.3.1001-nr.exe 2017-12-05 15:20 - 2017-12-05 15:20 - 000001167 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\IObit 2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\Program Files (x86)\IObit 2017-12-05 15:00 - 2017-12-05 15:13 - 000000000 ____D C:\EEK 2017-12-05 14:57 - 2017-12-05 14:59 - 304451232 _____ C:\Users\Mask\Desktop\EmsisoftEmergencyKit.exe 2017-12-05 14:54 - 2017-12-05 14:54 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2017-12-05 14:02 - 2017-12-05 14:02 - 008187336 _____ (Malwarebytes) C:\Users\Mask\Desktop\adwcleaner_7.0.5.0.exe 2017-12-05 13:43 - 2017-12-05 13:43 - 000001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-12-05 13:43 - 2017-12-05 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-12-05 13:43 - 2017-12-05 13:43 - 000000000 ____D C:\Program Files\HitmanPro 2017-12-05 13:42 - 2017-12-05 13:42 - 011584088 _____ (SurfRight B.V.) C:\Users\Mask\Desktop\hitmanpro_x64.exe 2017-12-05 13:02 - 2017-12-05 13:02 - 000000000 ____D C:\WINDOWS\pss 2017-12-05 12:54 - 2017-12-05 12:55 - 000003690 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.54.22_log.txt 2017-12-05 12:51 - 2017-12-05 12:51 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\82601126.sys 2017-12-05 12:51 - 2017-12-05 12:51 - 000000000 ____D C:\TDSSKiller_Quarantine 2017-12-05 12:50 - 2017-12-05 12:51 - 000160444 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.50.08_log.txt 2017-12-05 11:15 - 2017-12-05 11:15 - 000000576 _____ C:\Users\Mask\Documents\Quarantine_171205-111500.txt 2017-12-05 10:54 - 2017-12-05 10:54 - 000001131 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-12-05 10:54 - 2017-12-05 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-12-05 09:39 - 2017-12-05 12:40 - 000000000 ____D C:\ProgramData\Emsisoft 2017-12-05 09:27 - 2017-12-05 09:27 - 000000915 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2017-12-05 09:27 - 2017-12-05 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2017-12-05 09:26 - 2017-12-06 09:20 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware 2017-12-05 01:53 - 2017-12-05 01:53 - 000000877 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-12-05 01:53 - 2017-12-05 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-12-05 01:53 - 2017-12-05 01:53 - 000000000 ____D C:\Program Files\RogueKiller 2017-12-05 01:22 - 2017-12-05 01:22 - 000003190 _____ C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} 2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-12-04 21:12 - 2017-12-04 21:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\775AE746.sys 2017-12-04 21:10 - 2017-12-06 01:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-12-04 21:10 - 2017-12-05 19:43 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-04 20:47 - 2017-12-04 21:24 - 000000000 ____D C:\Program Files (x86)\Task Killer 2017-12-04 20:47 - 2017-12-04 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Killer 2017-12-04 19:57 - 2017-12-05 09:20 - 000000000 ____D C:\Users\Mask\AppData\LocalLow\uTorrent 2017-12-04 19:24 - 2017-12-05 14:54 - 000000000 ____D C:\ProgramData\HitmanPro 2017-12-04 19:14 - 2017-12-04 19:14 - 000106051 _____ C:\Users\Mask\Documents\bookmarks_12_4_17.html 2017-12-04 16:24 - 2017-12-06 09:18 - 000000000 ____D C:\FRST 2017-12-02 17:40 - 2017-12-05 19:12 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-12-02 17:39 - 2017-12-02 18:27 - 000000000 ____D C:\ProgramData\RogueKiller 2017-12-02 13:41 - 2017-12-02 13:41 - 000000000 ____D C:\ProgramData\dbg 2017-12-02 13:36 - 2017-12-06 09:24 - 000061144 _____ C:\WINDOWS\ZAM.krnl.trace 2017-12-02 13:36 - 2017-12-06 09:24 - 000032134 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-12-02 13:36 - 2017-12-05 13:53 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-12-02 13:36 - 2017-12-02 13:36 - 000000000 ____D C:\Users\Mask\AppData\Local\Zemana 2017-12-02 13:18 - 2017-12-05 00:46 - 000004130 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 12:37 - 2017-12-05 14:08 - 000000000 ____D C:\AdwCleaner 2017-12-01 13:54 - 2017-12-01 13:54 - 000000000 _____ C:\WINDOWS\system32\last.dump 2017-11-29 08:49 - 2017-11-30 09:49 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-11-29 08:49 - 2017-11-30 09:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-11-26 20:35 - 2017-11-26 20:35 - 000000000 ___HD C:\$AV_AVG 2017-11-23 11:52 - 2017-11-23 11:52 - 000099876 _____ C:\Users\Mask\Downloads\bookmarks_11_23_17.html 2017-11-22 17:18 - 2017-11-22 21:08 - 000000000 ____D C:\Users\Mask\AppData\Local\secohpr 2017-11-22 17:16 - 2017-11-30 09:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-11-22 17:15 - 2017-12-06 09:05 - 000000000 ____D C:\Users\Mask\AppData\Local\lsntize 2017-11-22 17:15 - 2017-11-30 09:51 - 000000000 ____D C:\Users\Mask\AppData\Local\igfxmtc 2017-11-22 17:13 - 2017-12-06 09:02 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\exenisrsvc.exe 2017-11-22 17:13 - 2017-11-23 15:47 - 000000000 ____D C:\Users\Mask\AppData\Local\eai 2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\wdbuzxi 2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\WINDOWS\system32\wdbuzxi 2017-11-22 17:13 - 2017-11-22 17:13 - 000000000 ____D C:\Users\Mask\AppData\Roaming\et 2017-11-20 19:09 - 2017-12-04 13:41 - 000000000 ____D C:\Users\Mask\Desktop\Flip&Staw 2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\Program Files (x86)\ASUS 2017-11-20 17:17 - 2016-12-05 07:03 - 005632528 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys 2017-11-20 17:17 - 2016-12-05 02:59 - 000014443 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt 2017-11-20 17:17 - 2016-12-05 02:59 - 000011488 _____ C:\WINDOWS\system32\Drivers\FJCP.txt 2017-11-20 17:17 - 2016-12-05 02:59 - 000011332 _____ C:\WINDOWS\system32\Drivers\CCEN.txt 2017-11-20 17:17 - 2016-06-30 16:21 - 000454360 _____ (Realtek) C:\WINDOWS\SwUSB.exe 2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe 2017-11-17 01:49 - 2017-11-17 01:49 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-11-15 16:27 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\AppData\Roaming\iZotope 2017-11-15 16:01 - 2017-11-15 16:01 - 000001637 _____ C:\Users\Public\Desktop\RX 6 Audio Editor (64-bit).lnk 2017-11-15 15:58 - 2017-11-15 16:07 - 000000000 ____D C:\Program Files (x86)\Vstplugins 2017-11-15 15:58 - 2017-11-15 16:00 - 000000000 ____D C:\Program Files\Vstplugins 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\VST3 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\Avid 2017-11-15 15:57 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\Documents\iZotope 2017-11-15 15:57 - 2017-11-15 15:57 - 000000000 ____D C:\Program Files (x86)\iZotope 2017-11-15 14:14 - 2017-11-15 15:51 - 000000000 ____D C:\Users\Mask\AppData\Local\ImpaqSpeed 2017-11-15 08:26 - 2017-10-17 11:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-15 08:26 - 2017-10-16 10:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-15 08:26 - 2017-10-14 05:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-15 08:26 - 2017-10-14 00:38 - 025731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-15 08:26 - 2017-10-14 00:23 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-11-15 08:26 - 2017-10-14 00:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-11-15 08:26 - 2017-10-14 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-15 08:26 - 2017-10-14 00:09 - 005979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-15 08:26 - 2017-10-14 00:01 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-15 08:26 - 2017-10-13 23:36 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-11-15 08:26 - 2017-10-13 23:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-11-15 08:26 - 2017-10-13 23:30 - 015266816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-15 08:26 - 2017-10-13 23:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-15 08:26 - 2017-10-13 23:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-15 08:26 - 2017-10-13 23:29 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-15 08:26 - 2017-10-13 23:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-15 08:26 - 2017-10-13 23:21 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-15 08:26 - 2017-10-13 23:14 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-15 08:26 - 2017-10-13 23:09 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-11-15 08:26 - 2017-10-13 23:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-15 08:26 - 2017-10-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-11-15 08:26 - 2017-10-13 22:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-15 08:26 - 2017-10-13 22:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-11-15 08:26 - 2017-10-13 22:45 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-15 08:26 - 2017-10-13 22:33 - 004542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-15 08:26 - 2017-10-13 22:28 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-15 08:26 - 2017-10-13 22:28 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-11-15 08:26 - 2017-10-13 22:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-11-15 08:26 - 2017-10-13 22:24 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-15 08:26 - 2017-10-13 22:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-15 08:26 - 2017-10-13 22:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-15 08:26 - 2017-10-13 22:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-15 08:26 - 2017-10-13 22:10 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-15 08:26 - 2017-10-13 22:07 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-11-15 08:26 - 2017-10-13 22:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-11-15 08:26 - 2017-10-10 08:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-15 08:26 - 2017-10-10 07:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-15 08:26 - 2017-10-10 07:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-15 08:26 - 2017-10-10 07:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-15 08:26 - 2017-10-10 07:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-15 08:26 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-15 08:26 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-15 08:26 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-11-15 08:26 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-11-15 08:26 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-15 08:26 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-15 08:26 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-15 08:26 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls 2017-11-15 08:26 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-11-15 08:26 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-11-15 08:26 - 2017-09-06 15:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-15 08:26 - 2017-09-06 13:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-15 08:26 - 2017-09-06 13:17 - 000443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2017-11-15 08:26 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-15 08:26 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2017-11-15 08:26 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2017-11-15 08:18 - 2017-10-10 23:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-15 08:18 - 2017-10-10 07:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-15 08:18 - 2017-10-10 05:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\ProgramData\Yamaha_Uninstaller 2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\Program Files (x86)\Yamaha 2017-11-12 10:39 - 2017-11-12 10:39 - 000001951 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk 2017-11-12 10:39 - 2017-11-12 10:38 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-11-12 10:39 - 2017-11-12 10:38 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2017-11-11 11:25 - 2017-11-11 11:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xinputhid_01011.Wdf 2017-11-10 22:21 - 2017-11-10 22:21 - 000000000 ____D C:\Program Files\Tobias Erichsen 2017-11-06 23:22 - 2017-11-11 01:10 - 000000000 ____D C:\Users\Mask\AppData\Roaming\DarkAudacity 2017-11-06 23:22 - 2017-11-06 23:22 - 000000000 ____D C:\Users\Mask\AppData\Local\DarkAudacity ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-06 09:18 - 2013-11-14 13:31 - 000000000 ____D C:\Users\Mask\AppData\Roaming\ClassicShell 2017-12-06 09:07 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-12-06 09:04 - 2015-01-28 01:17 - 000000000 ____D C:\Users\Mask 2017-12-06 09:04 - 2013-08-22 06:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-06 09:03 - 2015-01-28 01:08 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-06 08:22 - 2013-08-22 05:25 - 016515072 _____ C:\WINDOWS\system32\config\HARDWARE 2017-12-05 22:46 - 2013-08-22 05:36 - 000000000 ____D C:\WINDOWS\Inf 2017-12-05 17:26 - 2013-10-22 21:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2499287152-2841305583-4123039165-1002 2017-12-05 16:50 - 2013-08-26 22:27 - 000000000 ____D C:\Users\Mask\Desktop\Youtube Files,turtle beach etc 2017-12-05 13:09 - 2013-10-27 19:55 - 000000000 ____D C:\Users\Mask\AppData\Local\ElevatedDiagnostics 2017-12-05 11:24 - 2016-09-25 20:24 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-12-05 09:20 - 2016-10-23 13:09 - 000000000 ____D C:\Users\Mask\AppData\Roaming\uTorrent 2017-12-05 00:46 - 2017-05-27 10:44 - 000004178 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2017-12-04 21:12 - 2015-08-01 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-04 16:40 - 2014-11-20 20:44 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-03 02:57 - 2013-08-22 05:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2017-12-02 21:44 - 2015-01-31 04:56 - 005876224 ___SH C:\Users\Mask\Desktop\Thumbs.db 2017-12-02 16:52 - 2012-07-25 23:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 16:36 - 2013-10-22 21:23 - 000000000 ____D C:\Users\Mask\AppData\Local\Packages 2017-12-02 16:36 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 13:18 - 2013-10-23 22:52 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 13:18 - 2013-10-23 22:52 - 000000000 ____D C:\Program Files\CCleaner 2017-12-01 14:03 - 2013-08-22 07:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-30 21:59 - 2017-09-11 19:06 - 000001224 _____ C:\Users\Mask\Desktop\Roblox Studio.lnk 2017-11-30 21:59 - 2017-09-11 19:06 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-30 00:17 - 2017-06-05 14:14 - 000000000 ____D C:\Users\Mask\Desktop\NSMB2 Files 2017-11-29 16:53 - 2013-10-25 11:18 - 000000000 ____D C:\Users\Mask\AppData\Roaming\vlc 2017-11-27 23:37 - 2013-10-27 20:08 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Audacity 2017-11-25 22:39 - 2015-04-03 15:00 - 000000000 ____D C:\Users\Mask\Desktop\Dxtory 2017-11-24 12:10 - 2010-01-31 14:00 - 000000000 ____D C:\Users\Mask\Desktop\OpenHardwareMonitor 2017-11-23 18:15 - 2015-08-20 17:08 - 000000000 ____D C:\Users\Mask\Desktop\Pc Games 2017-11-23 17:20 - 2013-11-15 12:03 - 000000000 ____D C:\Users\Mask\AppData\Local\CrashDumps 2017-11-20 17:17 - 2013-10-23 21:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-11-19 18:52 - 2013-10-24 09:07 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-19 18:48 - 2017-10-10 23:10 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-19 18:48 - 2016-04-13 12:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-17 01:49 - 2017-09-26 18:04 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-16 09:33 - 2013-08-22 06:44 - 000525280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-16 02:53 - 2015-04-16 14:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-15 13:28 - 2016-04-04 20:17 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-15 10:39 - 2017-05-27 10:44 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2017-11-14 16:18 - 2016-04-14 00:57 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-11-14 16:18 - 2016-04-14 00:57 - 000000990 _____ C:\Users\Public\Desktop\Audacity.lnk 2017-11-14 16:18 - 2016-04-14 00:57 - 000000000 ____D C:\Program Files (x86)\Audacity 2017-11-14 09:28 - 2017-06-28 13:56 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 09:28 - 2017-06-28 13:55 - 000004464 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-13 13:31 - 2016-04-04 20:16 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-13 13:31 - 2016-04-04 20:16 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-12 10:38 - 2017-05-27 10:44 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-11-12 10:37 - 2017-05-27 10:44 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys 2017-11-12 10:11 - 2016-12-06 15:48 - 000000000 ____D C:\ProgramData\PreSonus 2017-11-10 22:20 - 2014-04-26 00:55 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-06 21:08 - 2017-05-27 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-11-06 21:08 - 2017-05-27 10:41 - 000001028 _____ C:\Users\Public\Desktop\AVG.lnk ==================== Files in the root of some directories ======= 2013-02-16 19:27 - 2013-02-16 19:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2017-03-16 16:47 - 2017-03-16 16:47 - 000000132 _____ () C:\Users\Mask\AppData\Roaming\Adobe IllExport Filter CS6 Prefs 2013-12-29 18:29 - 2013-12-29 18:47 - 000099384 _____ () C:\Users\Mask\AppData\Roaming\inst.exe 2013-12-29 18:29 - 2013-12-29 18:47 - 000007859 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.cat 2013-12-29 18:29 - 2013-12-29 18:47 - 000001167 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.inf 2013-12-29 18:29 - 2013-12-29 18:47 - 000000055 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.log 2013-12-29 18:29 - 2013-12-29 18:47 - 000082816 _____ (VSO Software) C:\Users\Mask\AppData\Roaming\pcouffin.sys 2014-01-02 01:31 - 2017-08-21 20:26 - 000001456 _____ () C:\Users\Mask\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-03-06 03:14 - 2016-08-15 01:35 - 000004608 _____ () C:\Users\Mask\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-07-07 10:20 - 2016-07-07 10:20 - 000000764 _____ () C:\Users\Mask\AppData\Local\recently-used.xbel 2014-05-14 10:40 - 2014-05-14 10:40 - 000007606 _____ () C:\Users\Mask\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-12-05 12:51 - 2017-12-05 12:46 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Mask\AppData\Local\Temp\79104729-3343-4B5B-BA05-1861AD80E16C.exe 2017-12-02 17:39 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Users\Mask\AppData\Local\Temp\dllnt_dump.dll 2017-12-01 02:21 - 2017-12-01 02:21 - 000000000 _____ () C:\Users\Mask\AppData\Local\Temp\jl-9p9i7.dll 2017-10-31 14:29 - 2017-10-31 14:29 - 001856576 _____ (Oracle Corporation) C:\Users\Mask\AppData\Local\Temp\jre-8u151-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed C:\WINDOWS\system32\drivers\nihlosvy.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION LastRegBack: 2017-06-24 22:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Mask (06-12-2017 09:25:01) Running from C:\Users\Mask\Desktop Windows 8.1 Single Language (Update) (X64) (2015-01-28 09:38:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2499287152-2841305583-4123039165-500 - Administrator - Disabled) Guest (S-1-5-21-2499287152-2841305583-4123039165-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2499287152-2841305583-4123039165-1005 - Limited - Enabled) Mask (S-1-5-21-2499287152-2841305583-4123039165-1002 - Administrator - Enabled) => C:\Users\Mask ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Emsisoft Anti-Malware (Enabled - Out of date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D} AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Emsisoft Anti-Malware (Enabled - Out of date) {CB7D53ED-CD86-A552-2B56-E5019C280620} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.) 1.0 (HKLM-x32\...\ALAN Wake_is1) (Version: - ) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden AnyMedia Player 4.5.1 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.1 - cyan soft ltd) Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) ASUS USB-AC68 WLAN Card Driver (HKLM-x32\...\{56A6C59A-E783-41CB-A5F9-9240CA3C6B87}) (Version: 2.1.3.9 - ASUS) Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team) AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies) Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.) Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Dolphin 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Development Team) Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.11 - Emsisoft Ltd.) Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) f.lux (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Flux) (Version: - ) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HackingToolkit3DS version 5.3 (HKLM-x32\...\{E76AC66E-D0AA-4274-BF9B-7704C777C3C3}_is1) (Version: 5.3 - Asia81) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) Kholat (HKLM-x32\...\Kholat_is1) (Version: - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - ) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia) Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OpenToonz version 1.0 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0 - DWANGO Co., Ltd.) PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software) Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Roblox Player for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Studio for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software) RX 6 Audio Editor Advanced (HKLM-x32\...\RX 6 Audio Editor Advanced) (Version: 6.00 - iZotope, Inc.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps) Sonic Adventure 2 (c) SEGA version 1 (HKLM-x32\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version: - ) TEKKEN 7 (HKLM-x32\...\TEKKEN 7_is1) (Version: - ) teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: 1.2.11.41 - Tobias Erichsen) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi) UxStyle (HKLM\...\{86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1}) (Version: 0.2.3.0 - The Within Network, LLC) Hidden UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC) Vegas Pro 12.0 (64-bit) (HKLM-x32\...\Vegas Pro 12.0 (64-bit)) (Version: 12.0 (64-bit) - Exµs ™) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham) Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass (12/03/2012 1.2.0000.00000) (HKLM\...\32F8755FAEB4107085D8EB430DFE56CD6E5ADDB7) (Version: 12/03/2012 1.2.0000.00000 - Amazon.com) Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg)) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Yamaha Steinberg USB Driver (HKLM\...\{BEA06A39-583D-486E-A3EB-2A434ED45940}) (Version: 1.9.10 - Yamaha Corporation) Hidden Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.9.10 - Yamaha Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2499287152-2841305583-4123039165-1002_Classes\CLSID\2A89C3F9-59CC-4F4B-9252-C5E7A6F4B248\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers2-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] () ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-07-10] (NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] () ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6-x32: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers6-x32: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit) ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] () ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {12A7EE85-4764-4F4B-A8EC-163381E72F1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {188C6A92-31C8-40C7-817C-19A0AF262025} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {369EF934-BC6B-4BB7-B098-93FF2370196E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe" Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop Task: {5984D908-6534-4927-85EE-1B0072A6D7E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.) Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION Task: {9D9EFBBC-836E-4F91-A600-C2869FB70322} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c /uninstall Task: {B4B8431F-A304-45BE-8E53-847E7A5ED0F0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated) Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST Task: {BAD6B62E-C38E-4375-B8EF-740230A2E6D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe" Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {E7B7AFE5-AEF9-4E6F-88CD-A4B7DB363AFC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {E859EFB6-A8AE-465A-9F30-10238A8DA1E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.) Task: {EDB39FA2-06FF-4B11-BADB-8222A72ED960} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-19] (Microsoft Corporation) Task: {FDD11B9A-CD73-4264-832E-45489CF8E8C5} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-12] (AVG Technologies CZ, s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-28 01:08 - 2016-07-10 15:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-08-06 11:24 - 2012-08-06 11:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-06 11:24 - 2012-08-06 11:24 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2017-12-05 01:17 - 2017-12-05 01:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe 2017-09-26 18:04 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2017-11-15 13:28 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-15 13:28 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll 2017-07-05 14:44 - 2017-07-05 14:44 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2016-11-28 21:13 - 2016-11-28 21:13 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122] AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126] AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2016-10-27 16:27 - 000001196 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.techsmith.com 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 oscount.techsmith.com 127.0.0.1 updater.techsmith.com 127.0.0.1 camtasiatudi.techsmith.com 127.0.0.3 tsccloud.cloudapp.net 127.0.0.2 assets.cloud.techsmith.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mask\Desktop\pacman_maze_harassment_search_22082_1920x1080.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{85D609B1-9B9A-4E32-83D5-933545E75204}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{30D30666-D7C7-419F-B490-690EE8A3136C}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F63CD267-436B-4458-A091-987AB229AD50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{725C65EA-C79D-4BDD-94CF-9B6257FE6A44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4EC40540-9DE5-42B4-B5A3-A6D07F6732B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{70B726BE-AB78-4D3C-9BDD-D498418C6157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BA409F4F-B315-4AA4-99A5-2931333A17DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{5EBDEF40-1DF9-48FF-B58F-DA97FA21C8EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4E59D1EB-AEE1-4403-89BB-31EA1CE2622D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D55C04CC-416D-4B83-B12B-8B568E0FAE6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1B1D5FB6-0DD1-4D8D-BA40-002AA8E855F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C9FAC8BC-57FA-4276-9051-ACE4CE9C8B87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DD5F3C78-00B5-4DC0-A8A7-617E60752790}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{92704457-23A0-41B2-ACE0-770E92156CBB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{7CC227D0-CFBB-4FB2-B921-6FD67AECAB47}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [UDP Query User{A5AEB0D4-84D6-42E9-9544-A8A6AD2508D1}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [TCP Query User{363B4324-8EE0-4D0E-9352-1E695FD0FA8E}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [UDP Query User{868E5372-9337-4DB5-823A-995CBEC3BB08}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [TCP Query User{72C30C3E-ECFB-4644-A601-0D15797CC03A}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [UDP Query User{A43F93B8-923C-4FDB-8A6D-2AD455AC97F7}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [TCP Query User{27941305-0BDE-4267-9424-728F83977ACA}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [UDP Query User{E9EA21FF-91E2-4E38-8A19-A17EE7874871}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [TCP Query User{739BCC6F-181E-4170-8252-4E9C0E5588EA}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe FirewallRules: [UDP Query User{D52887C8-A902-40B3-B287-8F190F6B6FAC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe FirewallRules: [TCP Query User{29E2F539-CBCD-4348-A2AA-5059E69CD01F}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [UDP Query User{18A74D76-83AD-409A-9548-B4458B6AA7CC}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [{1094284D-104E-424E-BFB9-02D0C3537D2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{71204660-BCA1-453C-B403-C10083A80819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{4741B901-D5C8-471D-B94E-C5D54C20C7B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{6E04AA46-8713-4E99-AF96-E19316F37866}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C39C8FDB-C23E-4912-A169-F3BE1A67A10C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{659025CC-4B70-4E5E-A0D7-1AE197966DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe FirewallRules: [{493208C6-757C-4044-8D18-329CB54078EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe FirewallRules: [{4EDD233B-0FEF-4E8D-BE47-18E79CEDC26D}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6CD0CCAB-2CDB-4DDC-9923-17A0EF7B1608}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{592B65F9-E897-48BC-8B53-5F4E61D729CA}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7BD09E46-9A73-4168-ABF6-884658B180C9}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B7343664-36A7-4020-96D7-A2766CC73FEB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{59ACB803-966D-42C6-9C8A-C18C4E5E4834}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5FF79ABB-8AA2-425F-8DC8-0F149E7CA33A}] => (Allow) LPort=8317 FirewallRules: [{9D7C13EC-1258-4189-9B13-3650B31028AF}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe FirewallRules: [{0BFCAF9C-C19E-4F51-ADE3-B0B75B78B09C}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe FirewallRules: [{B26549F3-0285-4BE5-A813-73C76B8FC52D}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe FirewallRules: [{22793626-828F-457F-90AE-CAAF03073F36}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{6E9C4DCD-A237-4846-9287-F0A0F23CF054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: vJoy Device Description: vJoy Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Shaul Eizikovich Service: vjoy Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2017 09:24:05 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1dd4 Start Time: 01d36eb6e71ce51b Termination Time: 4294967295 Application Path: C:\Users\Mask\Desktop\FRST64.exe Report Id: 3fbdd3f7-daaa-11e7-8032-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 09:23:12 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: eb8 Start Time: 01d36eb57afa36fd Termination Time: 0 Application Path: C:\Users\Mask\Desktop\FRST64.exe Report Id: 21d7338b-daaa-11e7-8032-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 09:05:06 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/06/2017 01:13:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0 Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb Exception code: 0xc0000005 Fault offset: 0x00000000000d45a0 Faulting process id: 0x890 Faulting application start time: 0x01d36e1714d99501 Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Faulting module path: NvMdnsPlugin.dll Report Id: c1f42691-da65-11e7-8031-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 01:13:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x000000000003683b Faulting process id: 0x7ec Faulting application start time: 0x01d36e1700079767 Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: c0be796c-da65-11e7-8031-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/05/2017 05:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 30.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 158c Start Time: 01d36e29f4657b70 Termination Time: 4294967295 Application Path: C:\Users\Mask\Desktop\FRST64.exe Report Id: c124ec77-da21-11e7-8031-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/05/2017 04:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19b0 Start Time: 01d36e1d13232a51 Termination Time: 74 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: e6cab8cc-da19-11e7-8031-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/05/2017 03:15:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/05/2017 03:15:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/05/2017 03:15:21 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 System errors: ============= Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (12/06/2017 09:16:44 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. CodeIntegrity: =================================== Date: 2017-12-06 09:23:15.386 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-06 09:12:07.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-06 09:11:36.056 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-12-06 08:30:03.639 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-12-05 14:59:25.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-05 14:27:12.281 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. Date: 2017-12-05 14:20:20.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-05 14:02:24.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-05 13:42:50.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-05 13:29:20.050 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 11% Total physical RAM: 32666.98 MB Available physical RAM: 28946.79 MB Total Virtual: 65434.98 MB Available Virtual: 61592.15 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1857.69 GB) (Free:286.63 GB) NTFS Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive e: (USB DRIVE) (Removable) (Total:3.74 GB) (Free:1.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A977CDC0) Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1857.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted December 6, 2017 ID:1189475 Share Posted December 6, 2017 Your USB will do the trick Now, open FRST and copy/paste the following inside the text box. Once done, click on the Fix button. A file called fixlog.txt should be created on your desktop afterwards. Attach it here. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes CMD: fltmc instances CMD: dir C:\Windows\system32\drivers End:: Link to post Share on other sites More sharing options...
Masked Posted December 6, 2017 Author ID:1189490 Share Posted December 6, 2017 It's not doing anything, is it okay to relaunch the program? Link to post Share on other sites More sharing options...
Masked Posted December 6, 2017 Author ID:1189501 Share Posted December 6, 2017 Never mind Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017 Ran by Mask (06-12-2017 11:45:29) Run:1 Running from C:\Users\Mask\AppData\Local\Temp Loaded Profiles: Mask (Available Profiles: Mask) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes CMD: fltmc instances CMD: dir C:\Windows\system32\drivers ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ========= fltmc instances ========= Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus -------------------- ------------------------------------- ------------ ---------------------- ----- -------- -------- FileInfo D: 45000 FileInfo 0 00000003 FileInfo 45000 FileInfo 0 00000003 FileInfo C: 45000 FileInfo 0 00000003 FileInfo E: 45000 FileInfo 0 00000003 FileInfo \Device\Mup 45000 FileInfo 0 00000003 ZAM D: 80681 ZAMDefaultFilter 0 00000000 ZAM 80681 ZAMDefaultFilter 0 00000000 ZAM C: 80681 ZAMDefaultFilter 0 00000000 ZAM E: 80681 ZAMDefaultFilter 0 00000000 ZAM \Device\Mup 80681 ZAMDefaultFilter 0 00000000 avgMonFlt D: 320730 avgMonFlt Instance 0 00000000 avgMonFlt 320730 avgMonFlt Instance 0 00000000 avgMonFlt C: 320730 avgMonFlt Instance 0 00000000 avgMonFlt E: 320730 avgMonFlt Instance 0 00000000 avgMonFlt \Device\Mup 320730 avgMonFlt Instance 0 00000000 avgSP D: 388431 avgSP Instance 0 00000000 avgSP 388431 avgSP Instance 0 00000000 avgSP C: 388431 avgSP Instance 0 00000000 avgSP E: 388431 avgSP Instance 0 00000000 avgSnx D: 137630 avgSnx Instance 0 00000000 avgSnx 137630 avgSnx Instance 0 00000000 avgSnx C: 137630 avgSnx Instance 0 00000000 avgSnx E: 137630 avgSnx Instance 0 00000000 avgSnx \Device\Mup 137630 avgSnx Instance 0 00000000 epp D: 328900 epp Instance 0 00000000 epp 328900 epp Instance 0 00000000 epp C: 328900 epp Instance 0 00000000 epp E: 328900 epp Instance 0 00000000 epp \Device\Mup 328900 epp Instance 0 00000000 lgbrzop C: 45666 lgbrzop Instance 0 00000000 lgbrzop \Device\Mup 45666 lgbrzop Instance 0 00000000 luafv C: 135000 luafv 0 00000003 npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000000 udiskMgr D: 45888 udiskMgr Instance 0 00000000 udiskMgr 45888 udiskMgr Instance 0 00000000 udiskMgr C: 45888 udiskMgr Instance 0 00000000 udiskMgr E: 45888 udiskMgr Instance 0 00000000 ========= End of CMD: ========= ========= dir C:\Windows\system32\drivers ========= Volume in drive C is Windows Volume Serial Number is 1431-BAB0 Directory of C:\Windows\system32\drivers 12/06/2017 11:37 AM <DIR> . 12/06/2017 11:37 AM <DIR> .. 08/22/2013 03:38 AM 231,424 1394ohci.sys 12/05/2017 07:44 PM 255,928 332141CA.sys 08/22/2013 04:43 AM 108,896 3ware.sys 12/04/2017 09:12 PM 255,928 775AE746.sys 12/05/2017 12:51 PM 208,216 82601126.sys 11/20/2014 09:14 PM 533,824 acpi.sys 08/22/2013 04:49 AM 79,712 acpiex.sys 08/22/2013 03:38 AM 10,240 acpipagr.sys 08/22/2013 03:38 AM 12,288 acpipmi.sys 08/22/2013 03:38 AM 10,752 acpitime.sys 08/22/2013 04:43 AM 782,176 adp80xx.sys 10/13/2015 09:10 AM 559,616 afd.sys 07/07/2016 02:32 PM 95,744 agilevpn.sys 08/22/2013 04:43 AM 62,304 AGP440.sys 03/19/2015 05:56 PM 80,384 ahcache.sys 08/22/2013 12:46 AM 95,744 amdk8.sys 08/22/2013 12:46 AM 98,816 amdppm.sys 08/22/2013 04:43 AM 79,200 amdsata.sys 08/22/2013 04:43 AM 259,424 amdsbs.sys 08/22/2013 04:43 AM 25,952 amdxata.sys 07/23/2012 09:35 AM 79,528 amd_sata.sys 07/23/2012 09:35 AM 26,280 amd_xata.sys 11/28/2011 02:51 PM 33,872 anvsnddrv.sys 11/20/2014 09:15 PM 82,944 appid.sys 10/25/2012 08:01 AM 22,680 AppleCharger.sys 08/22/2013 04:43 AM 114,016 arcsas.sys 05/27/2017 10:44 AM 0 asw5C24.tmp 05/27/2017 10:44 AM 0 asw5C44.tmp 05/27/2017 10:44 AM 0 asw5C64.tmp 05/27/2017 10:44 AM 0 asw5CB3.tmp 05/27/2017 10:44 AM 0 aswEDE8.tmp 05/09/2014 03:05 PM 447,888 aswndisflt.sys.1400169557895 05/09/2014 03:05 PM 1,039,096 aswsnx.sys.1400169557895 05/09/2014 03:05 PM 423,240 aswsp.sys.1400169557895 08/22/2013 03:38 AM 26,624 asyncmac.sys 08/22/2013 04:43 AM 26,464 atapi.sys 08/22/2013 04:43 AM 199,520 ataport.sys 07/15/2012 09:46 PM 17,064 AtiPcie64.sys 11/12/2017 10:38 AM 176,000 avgArPot.sys 11/12/2017 10:36 AM 166,624 avgbdiska.sys 11/12/2017 10:36 AM 314,640 avgbidsdrivera.sys 11/12/2017 10:36 AM 192,584 avgbidsha.sys 11/12/2017 10:36 AM 336,896 avgbloga.sys 11/12/2017 10:36 AM 51,336 avgbuniva.sys 11/12/2017 10:38 AM 39,424 avgHwid.sys 11/12/2017 10:38 AM 140,704 avgMonFlt.sys 07/25/2017 10:50 AM 139,112 avgmonflt.sys.150100864560901 11/12/2017 10:38 AM 102,792 avgRdr2.sys 11/12/2017 10:38 AM 76,832 avgRvrt.sys 11/12/2017 10:37 AM 1,018,648 avgSnx.sys 11/15/2017 10:39 AM 447,800 avgSP.sys 11/12/2017 10:38 AM 196,392 avgStm.sys 11/12/2017 10:38 AM 356,880 avgVmm.sys 07/05/2017 02:45 PM 353,232 avgvmm.sys.149929473165604 08/22/2013 03:39 AM 50,688 BasicDisplay.sys 03/12/2017 07:04 AM 33,792 BasicRender.sys 08/22/2013 04:49 AM 35,168 battc.sys 08/12/2013 03:25 PM 17,624 bcmfn2.sys 08/22/2013 03:40 AM 7,680 beep.sys 10/04/2016 12:39 PM 101,376 bowser.sys 11/20/2014 09:15 PM 115,712 bridge.sys 11/20/2014 08:52 PM 19,456 BtaMPM.sys 01/29/2015 07:01 PM 132,608 BthA2DP.sys 08/22/2013 03:38 AM 36,992 BthAvrcpTg.sys 06/09/2015 02:39 PM 53,248 bthenum.sys 03/08/2015 06:02 PM 57,856 bthhfenum.sys 08/22/2013 03:38 AM 30,720 BthhfHid.sys 11/20/2014 09:14 PM 64,000 bthmodem.sys 07/06/2017 12:52 AM 119,296 bthpan.sys 06/09/2015 02:38 PM 1,201,664 bthport.sys 06/09/2015 02:39 PM 81,920 BTHUSB.SYS 08/22/2013 04:43 AM 531,296 bxvbda.sys 12/05/2016 02:59 AM 11,332 CCEN.txt 08/22/2013 03:40 AM 88,576 cdfs.sys 08/22/2013 12:46 AM 164,352 cdrom.sys 08/22/2013 03:38 AM 44,032 circlass.sys 05/06/2016 01:59 PM 331,608 Classpnp.sys 07/08/2017 12:14 PM 376,672 clfs.sys 08/22/2013 03:39 AM 25,472 CmBatt.sys 10/10/2016 10:18 AM 22,360 cmimcext.sys 01/21/2017 01:37 PM 567,152 cng.sys 08/22/2013 03:38 AM 36,352 CompositeBus.sys 08/22/2013 05:25 AM 43,008 condrv.sys 08/22/2013 04:43 AM 68,960 crashdmp.sys 10/18/2011 11:03 AM 47,616 cyusb.sys 11/04/2014 11:33 AM 58,176 dam.sys 01/10/2017 02:37 PM 138,752 dfsc.sys 07/07/2017 07:14 PM 100,184 disk.sys 08/22/2013 04:43 AM 36,192 Diskdump.sys 08/22/2013 03:40 AM 13,312 Dmpusbstor.sys 08/22/2013 03:37 AM 29,696 dmvsc.sys 10/19/2012 03:52 AM 151,968 Dot4.sys 10/19/2012 03:52 AM 27,040 Dot4Prt.sys 10/19/2012 03:52 AM 49,056 Dot4usb.sys 11/20/2014 09:14 PM 89,088 drmk.sys 11/20/2014 09:14 PM 14,528 drmkaud.sys 03/08/2014 01:32 PM 283,064 dtsoftbus01.sys 08/22/2013 04:39 AM 33,632 Dumpata.sys 06/18/2016 12:06 PM 72,408 dumpfve.sys 03/12/2015 08:03 PM 154,432 dumpsd.sys 10/14/2017 05:04 AM 1,548,624 dxgkrnl.sys 04/09/2017 02:00 PM 388,448 dxgmms1.sys 08/22/2013 04:43 AM 82,784 EhStorClass.sys 08/22/2013 04:43 AM 114,016 EhStorTcgDrv.sys 07/12/2017 01:52 AM <DIR> en-US 08/22/2013 03:38 AM 10,240 errdev.sys 04/16/2016 12:22 AM <DIR> etc 08/06/2012 11:09 PM 88,832 EtronXHCI.sys 08/22/2013 04:43 AM 3,357,024 evbda.sys 08/22/2013 03:40 AM 200,704 exfat.sys 11/30/2017 09:49 AM 110,016 farflt.sys 08/22/2013 04:49 AM 217,952 fastfat.sys 08/22/2013 03:40 AM 30,720 fdc.sys 11/20/2014 08:52 PM 79,192 fileinfo.sys 08/22/2013 03:39 AM 34,816 filetrace.sys 12/05/2016 02:59 AM 11,488 FJCP.txt 08/22/2013 03:40 AM 25,088 flpydisk.sys 11/20/2014 09:14 PM 354,112 fltMgr.sys 11/20/2014 09:14 PM 61,248 fsdepends.sys 08/22/2013 05:25 AM 30,048 fs_rec.sys 06/18/2016 12:06 PM 590,688 fvevol.sys 06/06/2017 08:25 PM 428,888 FWPKCLNT.SYS 12/08/2015 12:43 PM 70,008 FW_ACC_00U.bin 08/22/2013 12:46 AM 27,136 fxppm.sys 08/22/2013 04:43 AM 65,888 GAGP30KX.SYS 06/18/2013 06:41 AM 3,440,660 gm.dls 06/18/2013 06:41 AM 646 gmreadme.txt 11/20/2014 09:14 PM 76,800 hdaudbus.sys 08/22/2013 03:38 AM 395,776 HdAudio.sys 08/22/2013 03:39 AM 26,624 hidbatt.sys 01/29/2015 07:01 PM 97,792 hidbth.sys 05/13/2016 03:08 PM 111,616 hidclass.sys 08/22/2013 03:37 AM 41,472 hidi2c.sys 08/22/2013 03:39 AM 45,568 hidir.sys 05/05/2015 07:40 AM 17,648 hidkmdf.sys 05/13/2016 03:08 PM 32,512 hidparse.sys 05/13/2016 03:08 PM 32,768 hidusb.sys 08/22/2013 04:43 AM 64,352 HpSAMD.sys 09/14/2017 03:52 PM 986,968 http.sys 08/22/2013 04:39 AM 24,416 hwpolicy.sys 08/22/2013 03:37 AM 13,824 hyperkbd.sys 08/22/2013 03:39 AM 22,016 HyperVideo.sys 11/03/2014 10:54 PM 108,544 i8042prt.sys 07/30/2013 10:47 AM 24,568 iaLPSSi_GPIO.sys 07/25/2013 11:05 AM 99,320 iaLPSSi_I2C.sys 08/09/2013 04:39 PM 651,248 iaStorAV.sys 08/22/2013 04:43 AM 412,000 iaStorV.sys 08/22/2013 04:43 AM 18,272 intelide.sys 10/16/2014 08:56 PM 39,744 intelpep.sys 08/22/2013 12:46 AM 98,816 intelppm.sys 08/22/2013 03:35 AM 84,992 ipfltdrv.sys 02/03/2016 07:14 AM 80,896 IPMIDrv.sys 11/20/2014 08:52 PM 142,848 ipnat.sys 08/22/2013 03:37 AM 118,784 irda.sys 08/22/2013 03:38 AM 17,920 irenum.sys 08/22/2013 04:43 AM 21,856 isapnp.sys 11/04/2014 11:25 AM 59,712 kbdclass.sys 11/03/2014 10:54 PM 32,256 kbdhid.sys 08/22/2013 03:38 AM 19,456 kdnic.sys 11/20/2014 09:15 PM 295,424 ks.sys 08/22/2016 08:06 AM 100,184 ksecdd.sys 05/18/2016 03:16 PM 178,016 ksecpkg.sys 08/22/2013 03:39 AM 21,248 ksthunk.sys 11/23/2014 04:20 PM 43,456 libusb0.sys 08/22/2013 03:36 AM 59,392 lltdio.sys 08/22/2013 04:43 AM 109,408 lsi_sas.sys 08/22/2013 04:43 AM 93,536 lsi_sas2.sys 08/22/2013 04:43 AM 81,760 lsi_sas3.sys 08/22/2013 04:43 AM 82,784 lsi_sss.sys 10/10/2017 08:36 AM 124,416 luafv.sys 11/01/2017 08:54 AM 77,432 mbae64.sys 11/30/2017 09:49 AM 46,008 mbam.sys 12/05/2017 07:43 PM 192,952 MbamChameleon.sys 08/22/2013 03:39 AM 22,016 mcd.sys 08/22/2013 04:43 AM 56,672 megasas.sys 08/22/2013 04:43 AM 575,840 megasr.sys 08/22/2013 03:40 AM 40,960 modem.sys 08/22/2013 03:36 AM 30,208 monitor.sys 11/04/2014 11:25 AM 51,008 mouclass.sys 11/03/2014 10:54 PM 30,208 mouhid.sys 05/10/2017 10:19 AM 101,720 mountmgr.sys 11/20/2014 09:15 PM 74,240 mpsdrv.sys 09/08/2016 06:00 AM 140,800 mrxdav.sys 06/14/2017 09:29 AM 401,408 mrxsmb.sys 09/07/2017 01:32 PM 285,184 mrxsmb10.sys 06/14/2017 09:29 AM 201,728 mrxsmb20.sys 08/22/2013 05:25 AM 30,208 msfs.sys 06/18/2013 06:52 AM 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf 06/18/2013 07:20 AM 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf 11/20/2014 09:15 PM 146,752 msgpioclx.sys 08/22/2013 04:43 AM 41,824 msgpiowin32.sys 08/22/2013 03:39 AM 8,192 mshidkmdf.sys 08/22/2013 03:39 AM 9,728 mshidumdf.sys 08/22/2013 04:43 AM 17,248 msisadrv.sys 06/11/2017 04:14 PM 276,320 msiscsi.sys 08/22/2013 03:39 AM 10,624 mskssrv.sys 11/20/2014 09:15 PM 66,560 mslldp.sys 08/22/2013 03:39 AM 7,040 mspclock.sys 08/22/2013 03:39 AM 6,784 mspqm.sys 08/22/2013 05:25 AM 366,432 msrpc.sys 08/22/2013 04:49 AM 37,728 mssmbios.sys 08/22/2013 03:38 AM 7,936 mstee.sys 12/08/2015 01:53 PM 376,200 mt7612US.sys 08/22/2013 03:37 AM 13,312 MTConfig.sys 04/06/2016 01:21 PM 114,528 mup.sys 08/22/2013 04:43 AM 63,840 mvumis.sys 11/30/2017 09:49 AM 94,144 mwac.sys 01/18/2017 06:18 PM 1,113,944 ndis.sys 11/20/2014 09:15 PM 43,008 ndiscap.sys 11/20/2014 09:15 PM 126,464 NdisImPlatform.sys 11/07/2014 08:00 PM 24,576 ndistapi.sys 08/22/2013 03:37 AM 60,416 ndisuio.sys 08/22/2013 03:36 AM 16,384 NdisVirtualBus.sys 04/05/2016 02:37 PM 205,824 ndiswan.sys 01/05/2015 07:01 PM 72,192 ndproxy.sys 11/20/2014 09:15 PM 103,424 Ndu.sys 11/20/2014 09:15 PM 48,128 netbios.sys 08/10/2017 07:27 PM 281,600 netbt.sys 05/31/2017 01:20 PM 470,360 netio.sys 11/20/2014 09:14 PM 87,040 netvsc63.sys 12/06/2017 11:36 AM 140,112 nihfilos.sys 07/15/2010 04:45 PM 35,344 npf.sys 08/22/2013 05:25 AM 58,880 npfs.sys 08/22/2013 03:38 AM 23,040 npsvctrig.sys 08/13/2017 09:19 AM 40,960 nsiproxy.sys 10/16/2017 10:38 AM 2,013,016 ntfs.sys 08/22/2013 05:25 AM 5,632 null.sys 07/15/2016 10:15 AM 214,592 nvhda64v.sys 07/10/2016 06:13 PM 13,581,880 nvlddmkm.sys 08/22/2013 04:43 AM 150,368 nvraid.sys 08/22/2013 04:43 AM 168,288 nvstor.sys 04/13/2016 09:38 PM 56,384 nvvad64v.sys 08/22/2013 04:43 AM 124,768 NV_AGP.SYS 09/13/2017 05:32 AM 445,952 nwifi.sys 11/20/2014 09:15 PM 151,040 pacer.sys 05/24/2012 01:51 PM 71,544 paeusbaudiodsp_x64.sys 05/24/2012 01:51 PM 53,112 paeusbaudioks_x64.sys 05/24/2012 01:51 PM 252,280 paeusbaudio_x64.sys 08/11/2016 10:33 AM 96,256 parport.sys 11/20/2014 09:14 PM 88,896 partmgr.sys 11/20/2014 09:14 PM 280,384 pci.sys 08/22/2013 04:43 AM 14,688 pciide.sys 08/22/2013 04:43 AM 48,992 pciidex.sys 08/22/2013 04:49 AM 114,528 pcmcia.sys 08/22/2013 04:39 AM 50,016 pcw.sys 07/07/2017 07:16 PM 86,360 pdc.sys 11/20/2014 08:52 PM 663,040 PEAuth.sys 12/05/2016 02:59 AM 14,443 PHY_REG_PG.txt 11/20/2014 09:14 PM 272,384 portcls.sys 08/22/2013 12:46 AM 92,160 processr.sys 11/20/2014 09:15 PM 47,104 qwavedrv.sys 11/20/2014 09:15 PM 17,408 rasacd.sys 02/02/2016 10:16 AM 112,640 rasl2tp.sys 08/22/2013 03:36 AM 84,992 raspppoe.sys 08/22/2013 03:35 AM 107,520 raspptp.sys 11/20/2014 09:15 PM 93,696 rassstp.sys 04/06/2016 10:20 AM 402,432 rdbss.sys 08/22/2013 03:38 AM 22,528 rdpbus.sys 11/20/2014 08:20 PM 195,584 rdpdr.sys 11/20/2014 09:16 PM 27,456 rdpvideominiport.sys 11/20/2014 08:52 PM 249,688 rdyboost.sys 10/12/2016 01:11 PM 922,968 refs.sys 01/29/2015 07:00 PM 167,424 rfcomm.sys 05/14/2007 04:06 PM 27,520 RimUsb_AMD64.sys 11/05/2015 12:59 AM 145,408 rmcast.sys 08/22/2013 03:38 AM 32,256 RNDISMP.sys 11/20/2014 09:15 PM 11,776 rootmdm.sys 08/22/2013 03:36 AM 80,384 rspndr.sys 06/18/2013 06:46 AM 591,360 Rt630x64.sys 10/30/2012 12:43 AM 369,117 RTAIODAT.DAT 10/30/2012 01:59 AM 4,201,104 RTKVHD64.sys 06/18/2013 06:46 AM 694,856 RTL8192su.sys 12/05/2016 07:03 AM 5,632,528 rtwlanu.sys 08/22/2013 04:39 AM 107,872 sbp2port.sys 12/24/2016 05:21 PM 40,960 scfilter.sys 08/22/2013 04:43 AM 170,848 scsiport.sys 03/12/2015 08:03 PM 239,424 sdbus.sys 11/20/2014 08:52 PM 79,192 sdstor.sys 08/22/2013 07:35 AM 23,040 secdrv.sys 08/22/2013 04:43 AM 69,472 SerCx.sys 11/20/2014 08:52 PM 146,776 SerCx2.sys 08/11/2016 10:33 AM 23,040 serenum.sys 08/11/2016 10:33 AM 83,456 serial.sys 11/03/2014 10:55 PM 26,112 sermouse.sys 08/22/2013 03:40 AM 17,408 sfloppy.sys 08/22/2013 04:43 AM 44,896 sisraid2.sys 08/22/2013 04:43 AM 81,760 sisraid4.sys 08/22/2013 03:40 AM 19,968 smclib.sys 01/11/2017 09:28 AM 422,744 spaceport.sys 08/22/2013 04:43 AM 72,032 SpbCx.sys 09/07/2017 01:33 PM 415,744 srv.sys 09/07/2017 01:33 PM 686,592 srv2.sys 09/07/2017 01:32 PM 243,200 srvnet.sys 08/22/2013 04:43 AM 31,072 stexstor.sys 08/22/2013 04:43 AM 107,872 storahci.sys 05/15/2017 02:09 PM 57,688 stornvme.sys 10/04/2017 11:17 PM 380,248 storport.sys 08/22/2013 04:36 AM 45,888 storvsc.sys 08/22/2013 03:39 AM 67,584 stream.sys 11/20/2014 09:14 PM 14,144 swenum.sys 08/22/2013 03:39 AM 29,696 tape.sys 11/20/2014 09:14 PM 21,824 tbs.sys 06/07/2017 05:48 PM 2,457,936 tcpip.sys 11/20/2014 09:54 PM 49,152 tcpipreg.sys 08/22/2013 05:25 AM 30,208 tdi.sys 08/01/2017 07:17 PM 107,520 tdx.sys 11/20/2014 08:20 PM 37,216 terminpt.sys 08/31/2016 11:59 AM 41,016 teVirtualMIDI64.sys 05/15/2017 11:58 AM 121,184 tm.sys 09/29/2015 04:24 AM 155,480 tpm.sys 12/05/2017 07:12 PM 28,272 TrueSight.sys 08/22/2013 03:37 AM 56,320 TsUsbFlt.sys 11/20/2014 09:14 PM 29,696 TsUsbGD.sys 09/04/2015 11:24 AM 154,112 tunnel.sys 08/22/2013 04:43 AM 64,864 UAGP35.SYS 08/22/2013 04:43 AM 74,080 uaspstor.sys 11/20/2014 09:14 PM 189,248 UCX01000.SYS 03/12/2015 06:02 PM 316,416 udfs.sys 08/22/2013 04:39 AM 26,976 uefi.sys 08/22/2013 04:43 AM 65,888 ULIAGPKX.SYS 08/22/2013 03:38 AM 46,080 umbus.sys 03/19/2015 07:37 PM <DIR> UMDF 08/22/2013 03:38 AM 11,776 umpass.sys 08/16/2016 03:18 AM 159,936 usb2ser.sys 04/24/2015 06:25 PM 20,992 usb8023.sys 06/10/2015 10:08 PM 54,784 usbaapl64.sys 11/20/2014 08:52 PM 121,088 USBAUDIO.sys 08/22/2013 03:39 AM 32,512 USBCAMD2.sys 09/06/2017 03:07 PM 158,552 usbccgp.sys 11/20/2014 09:14 PM 98,304 usbcir.sys 10/10/2015 10:34 PM 27,992 usbd.sys 01/08/2016 05:38 PM 91,992 usbehci.sys 06/18/2012 02:07 PM 57,000 usbfilter.sys 09/06/2017 01:17 PM 461,144 usbhub.sys 10/10/2015 10:34 PM 468,824 USBHUB3.SYS 10/10/2015 10:41 AM 30,208 usbohci.sys 09/06/2017 01:17 PM 443,224 usbport.sys 08/22/2013 03:36 AM 26,112 usbprint.sys 08/22/2013 03:39 AM 30,720 usbrpm.sys 11/20/2014 09:14 PM 44,544 usbscan.sys 01/31/2016 11:16 AM 148,832 USBSTOR.SYS 10/10/2015 10:41 AM 37,376 usbuhci.sys 04/15/2015 10:17 PM 325,464 USBXHCI.SYS 09/23/2013 03:19 AM 31,440 uxstyle.sys 08/22/2013 04:37 AM 37,728 vdrvroot.sys 11/20/2014 08:52 PM 175,960 VerifierExt.sys 10/09/2016 02:59 PM 551,256 vhdmp.sys 08/22/2013 04:43 AM 19,808 viaide.sys 08/22/2013 03:39 AM 49,152 videoprt.sys 05/05/2015 07:40 AM 44,784 vjoy.sys 11/20/2014 09:14 PM 89,368 vmbkmcl.sys 11/20/2014 09:14 PM 97,048 vmbus.sys 08/22/2013 03:37 AM 21,760 VMBusHID.sys 08/22/2013 03:38 AM 11,264 vmgencounter.sys 08/22/2013 03:38 AM 7,168 vms3cap.sys 11/20/2014 09:14 PM 49,944 vmstorfl.sys 04/10/2016 10:21 PM 74,584 volmgr.sys 07/07/2017 07:46 PM 377,688 volmgrx.sys 03/14/2016 08:50 AM 316,760 volsnap.sys 01/26/2016 11:15 AM 72,024 vpci.sys 08/22/2013 04:43 AM 168,800 vsmraid.sys 08/22/2013 04:43 AM 305,504 VSTXRAID.SYS 08/12/2016 04:03 PM 24,576 vwifibus.sys 08/12/2016 04:02 PM 71,680 vwififlt.sys 08/12/2016 04:01 PM 38,912 vwifimp.sys 08/22/2013 03:39 AM 26,752 wacompen.sys 01/05/2015 06:59 PM 80,896 wanarp.sys 11/20/2014 08:52 PM 54,272 watchdog.sys 02/10/2017 06:37 AM 46,600 WdBoot.sys 08/22/2013 05:25 AM 839,488 Wdf01000.sys 12/08/2015 01:53 PM 1,804,696 WdfCoInstaller01011.dll 01/12/2017 08:51 AM 274,776 WdFilter.sys 08/22/2013 05:25 AM 60,224 WdfLdr.sys 01/12/2017 08:51 AM 117,592 WdNisDrv.sys 08/22/2013 04:39 AM 38,240 werkernel.sys 11/10/2014 10:06 AM 136,512 wfplwfs.sys 11/20/2014 09:14 PM 33,600 wimmount.sys 11/20/2014 09:14 PM 61,208 winhv.sys 10/10/2015 10:40 AM 78,848 winusb.sys 08/22/2013 03:40 AM 16,384 wmiacpi.sys 08/22/2013 05:25 AM 18,272 wmilib.sys 11/20/2014 09:16 PM 157,016 wof.sys 11/20/2014 09:16 PM 54,784 wpcfltr.sys 08/22/2013 04:36 AM 26,976 WpdUpFltr.sys 08/22/2013 05:25 AM 23,392 WppRecorder.sys 08/22/2013 03:40 AM 21,504 ws2ifsl.sys 11/20/2014 09:15 PM 113,664 WUDFPf.sys 11/20/2014 09:15 PM 226,304 WUDFRd.sys 02/22/2016 11:05 PM 42,760 xb1usb.sys 12/08/2015 01:53 PM 243,080 xboxgip.sys 12/08/2015 01:53 PM 39,312 xinputhid.sys 07/02/2014 07:49 PM 26,200 xspltspk.sys 03/07/2017 02:06 PM 136,432 ysusb_w8_1_64.sys 12/05/2017 01:17 AM 203,680 zam64.sys 12/05/2017 01:17 AM 203,680 zamguard64.sys 392 File(s) 91,688,252 bytes 5 Dir(s) 307,734,278,144 bytes free ========= End of CMD: ========= ==== End of Fixlog 11:45:31 ==== Link to post Share on other sites More sharing options...
Aura Posted December 7, 2017 ID:1189594 Share Posted December 7, 2017 (edited) Alright. For the next part, you'll need to download FRST.exe and the fixlist.txt on another computer and move them on the USB from there. Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply. Item(s) required: USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media) CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small) Another computer (optional: only needed if you cannot work from the infected computer directly) Preparing the USB Flash Drive Download the right version of FRST for your system: FRST 64-bit Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive Download the attached fixlist.txt, and move it on your USB Flash Drive as well Boot in the Recovery Environment Plug your USB Flash Drive in the infected computer To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below: Restart the computer Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears Use the arrow keys to select Repair your computer, and press on Enter Select your keyboard layout (US, French, etc.) and click on Next Click on Command Prompt to open the command promptNote:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums. To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial. To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Once in the command prompt In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Fix button and wait for the scan to complete A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply fixlist.txt Edited December 7, 2017 by Aura Link to post Share on other sites More sharing options...
Masked Posted December 7, 2017 Author ID:1189617 Share Posted December 7, 2017 Hey Aura once I get to command prompt it says "The subsystem needed to support the image type is not present." I've tried to double... no tripple check on typing it. It doesn't seem to work, this is what I type "c:\frst64.exe" Link to post Share on other sites More sharing options...
Aura Posted December 7, 2017 ID:1189704 Share Posted December 7, 2017 Did you download FRST64.exe from the infected computer? If so, it isn't going to work. Hence why you need to download it from another computer. Link to post Share on other sites More sharing options...
Masked Posted December 7, 2017 Author ID:1189873 Share Posted December 7, 2017 (edited) I re downloaded the file on another laptop and this time it worked. Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2017 Ran by SYSTEM (07-12-2017 12:07:32) Run:2 Running from y:\ Boot Mode: Recovery ============================================== fixlist content: ***************** DeleteKey: HKLM\SYSTEM\ControlSet001\Services\lgbrzop R3 udiskMgr; system32\drivers\cfimps.sys [X] C:\Users\Mask\AppData\Local\eai C:\Users\Mask\AppData\Local\igfxmtc C:\Users\Mask\AppData\Local\secohpr C:\Users\Mask\AppData\Local\lsntize C:\Users\Mask\AppData\Local\Temp\ndfapi.exe C:\Users\Mask\AppData\Roaming\et C:\WINDOWS\system32\wdbuzxi C:\WINDOWS\System32\exenisrsvc.exe C:\WINDOWS\system32\Drivers\nih*.sys C:\WINDOWS\SysWOW64\wdbuzxi ***************** "HKLM\SYSTEM\ControlSet001\Services\lgbrzop" => removed successfully "HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully udiskMgr => service removed successfully C:\Users\Mask\AppData\Local\eai => moved successfully C:\Users\Mask\AppData\Local\igfxmtc => moved successfully C:\Users\Mask\AppData\Local\secohpr => moved successfully C:\Users\Mask\AppData\Local\lsntize => moved successfully "C:\Users\Mask\AppData\Local\Temp\ndfapi.exe" => not found. C:\Users\Mask\AppData\Roaming\et => moved successfully C:\WINDOWS\system32\wdbuzxi => moved successfully C:\WINDOWS\System32\exenisrsvc.exe => moved successfully =========== "C:\WINDOWS\system32\Drivers\nih*.sys" ========== C:\WINDOWS\system32\Drivers\nihlosvy.sys => moved successfully ========= End -> "C:\WINDOWS\system32\Drivers\nih*.sys" ======== C:\WINDOWS\SysWOW64\wdbuzxi => moved successfully ==== End of Fixlog 12:07:40 ==== Fixlog.txt Edited December 7, 2017 by Masked Link to post Share on other sites More sharing options...
Aura Posted December 8, 2017 ID:1189936 Share Posted December 8, 2017 Awesome! Now you should be able to install and run a scan with Malwarebytes. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan Let the scan run, the time required to complete the scan depends of your system and computer specs Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected buttonIf it asks you to restart your computer to complete the removal, do so Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1189952 Share Posted December 8, 2017 Oh my gosh it worked! No more igfxmtc, Isntize and other viruses, thank you, thank you, and thank you! Here's the export summary Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/7/17 Scan Time: 5:10 PM Log File: a110ba4c-dbb4-11e7-8671-d017c29739b7.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3419 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: Tony\Mask -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 295899 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 7 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted December 8, 2017 ID:1189959 Share Posted December 8, 2017 That's good news Now let's do a sweep with AdwCleaner and RogueKiller. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply RogueKiller Download the right version of RogueKiller for your Windows version (32 or 64-bit) Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete On completion, the results will be displayed Check every single entry (threat found), and click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log Copy/pasted RogueKiller clean log Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1189971 Share Posted December 8, 2017 AdwareClearner clean log # AdwCleaner 7.0.5.0 - Logfile created on Fri Dec 08 02:39:00 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-06-2017.1 # Running on Windows 8.1 Single Language (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [4744 B] - [2017/12/2 20:43:45] C:/AdwCleaner/AdwCleaner[C1].txt - [1419 B] - [2017/12/2 20:51:41] C:/AdwCleaner/AdwCleaner[C2].txt - [1671 B] - [2017/12/5 22:13:33] C:/AdwCleaner/AdwCleaner[S0].txt - [5164 B] - [2017/12/2 20:41:8] C:/AdwCleaner/AdwCleaner[S1].txt - [1258 B] - [2017/12/2 20:51:25] C:/AdwCleaner/AdwCleaner[S2].txt - [1228 B] - [2017/12/2 21:6:48] C:/AdwCleaner/AdwCleaner[S3].txt - [1295 B] - [2017/12/3 0:16:47] C:/AdwCleaner/AdwCleaner[S4].txt - [1362 B] - [2017/12/5 0:13:42] C:/AdwCleaner/AdwCleaner[S5].txt - [1429 B] - [2017/12/5 10:39:7] C:/AdwCleaner/AdwCleaner[S6].txt - [1515 B] - [2017/12/5 22:8:8] ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ########## Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1189972 Share Posted December 8, 2017 RogueKiller clean log RogueKiller V12.11.27.0 (x64) [Dec 4 2017] (Premium) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : Mask [Administrator] Started from : C:\Users\Mask\Desktop\RogueKiller_portable64.exe Mode : Scan -- Date : 12/07/2017 18:43:30 (Duration : 00:41:58) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST2000DM001-1CH164 +++++ --- User --- [MBR] de1598a9d486893f1dab824479b3ec80 [BSP] 5273890d4c1fba6617cf65e3d8e1e970 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 923648 | Size: 1902277 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3896786944 | Size: 5000 MB User = LL1 ... OK User = LL2 ... OK Link to post Share on other sites More sharing options...
Aura Posted December 8, 2017 ID:1190020 Share Posted December 8, 2017 No detections, that's good! Now, please run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants. Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1190086 Share Posted December 8, 2017 FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017 Ran by Mask (administrator) on TONY (08-12-2017 09:07:11) Running from C:\Users\Mask\Desktop Loaded Profiles: Mask (Available Profiles: Mask) Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\WINDOWS\runSW.exe (Realtek) C:\WINDOWS\SwUSB.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Flux Software LLC) C:\Users\Mask\AppData\Local\FluxSoftware\Flux\flux.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-12] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [uTorrent] => C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-04] (BitTorrent Inc.) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\MountPoints2: {0a3756e0-18ae-11e5-bef2-f065dd6449f8} - "D:\LaunchU3.exe" -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C31A6F0A-842F-4E34-9E92-04E018C7F29D}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{DB1B3F01-A4ED-475E-A9AF-E28E365A8A0D}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-31] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Mask\AppData\Roaming\Mozilla\Firefox\Profiles\64vbxj6y.default-1468980204841 [2017-12-05] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default [2017-12-08] CHR Extension: (Slides) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04] CHR Extension: (YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-04] CHR Extension: (Tampermonkey) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14] CHR Extension: (Dark Reader) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2017-09-20] CHR Extension: (uBlock) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-04-04] CHR Extension: (Sheets) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-12-07] CHR Extension: (Gmail) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-04] CHR Extension: (Chrome Media Router) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-22] CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-22] CHR Extension: (Quick Searcher v16.2) - C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-11-22] CHR Profile: C:\Users\Mask\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-23] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed] S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-13] () R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-11-12] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-11-12] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 RunSwUSB; C:\WINDOWS\runSW.exe [44760 2014-12-12] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 01679346; C:\WINDOWS\System32\drivers\82601126.sys [208216 2017-12-05] (Kaspersky Lab, GERT) S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-11-12] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-11-12] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-11-12] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-11-12] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-11-12] (AVG Technologies CZ, s.r.o.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-03-08] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-12-06] () S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net) S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-30] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-30] (Malwarebytes) R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-06] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-30] (Malwarebytes) S3 mt7612US; C:\WINDOWS\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.) S3 NSTDUSB3; C:\WINDOWS\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation) S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] () S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] () S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] () S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [5632528 2016-12-05] (Realtek Semiconductor Corporation ) R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen) U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [28272 2017-12-07] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [42760 2016-02-22] (Microsoft Corporation) S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S3 ysusb_w8_1_64; C:\WINDOWS\system32\drivers\ysusb_w8_1_64.sys [136432 2017-03-07] (Yamaha Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-12-05] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-05] (Zemana Ltd.) U0 aswVmm; no ImagePath S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] S3 VBAudioVACMME; \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-08 09:07 - 2017-12-08 09:08 - 000019980 _____ C:\Users\Mask\Desktop\FRST.txt 2017-12-07 18:42 - 2017-12-07 18:42 - 000001630 _____ C:\Users\Mask\Desktop\New Text Document.txt 2017-12-07 18:40 - 2017-12-07 18:41 - 026851912 _____ (Adlice Software) C:\Users\Mask\Desktop\RogueKiller_portable64.exe 2017-12-07 18:37 - 2017-12-07 18:37 - 008172032 _____ (Malwarebytes) C:\Users\Mask\Desktop\AdwCleaner.exe 2017-12-06 18:27 - 2017-12-06 18:36 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-12-06 11:28 - 2017-12-08 09:06 - 000000000 ____D C:\Users\Mask\Desktop\FRST-OlderVersion 2017-12-06 09:12 - 2017-12-08 09:06 - 002390528 _____ (Farbar) C:\Users\Mask\Desktop\FRST64.exe 2017-12-05 19:44 - 2017-12-05 19:44 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\332141CA.sys 2017-12-05 19:42 - 2017-12-05 22:05 - 000000000 ____D C:\Users\Mask\Desktop\mbar 2017-12-05 19:41 - 2017-12-05 19:41 - 014161479 _____ C:\Users\Mask\Desktop\mbar-1.10.3.1001-nr.exe 2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\ProgramData\IObit 2017-12-05 15:20 - 2017-12-05 15:20 - 000000000 ____D C:\Program Files (x86)\IObit 2017-12-05 15:00 - 2017-12-05 15:13 - 000000000 ____D C:\EEK 2017-12-05 14:54 - 2017-12-05 14:54 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2017-12-05 13:43 - 2017-12-08 00:47 - 000000000 ____D C:\Program Files\HitmanPro 2017-12-05 13:02 - 2017-12-05 13:02 - 000000000 ____D C:\WINDOWS\pss 2017-12-05 12:54 - 2017-12-05 12:55 - 000003690 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.54.22_log.txt 2017-12-05 12:51 - 2017-12-05 12:51 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\82601126.sys 2017-12-05 12:51 - 2017-12-05 12:51 - 000000000 ____D C:\TDSSKiller_Quarantine 2017-12-05 12:50 - 2017-12-05 12:51 - 000160444 _____ C:\TDSSKiller.2.8.16.0_05.12.2017_12.50.08_log.txt 2017-12-05 11:15 - 2017-12-05 11:15 - 000000576 _____ C:\Users\Mask\Documents\Quarantine_171205-111500.txt 2017-12-05 09:26 - 2017-12-07 17:50 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware 2017-12-05 01:22 - 2017-12-05 01:22 - 000003190 _____ C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} 2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-12-05 01:17 - 2017-12-05 01:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-12-04 21:12 - 2017-12-04 21:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\775AE746.sys 2017-12-04 21:10 - 2017-12-06 01:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-12-04 21:10 - 2017-12-05 19:43 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-12-04 20:47 - 2017-12-04 21:24 - 000000000 ____D C:\Program Files (x86)\Task Killer 2017-12-04 20:47 - 2017-12-04 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Killer 2017-12-04 19:57 - 2017-12-05 09:20 - 000000000 ____D C:\Users\Mask\AppData\LocalLow\uTorrent 2017-12-04 19:24 - 2017-12-05 14:54 - 000000000 ____D C:\ProgramData\HitmanPro 2017-12-04 19:14 - 2017-12-04 19:14 - 000106051 _____ C:\Users\Mask\Documents\bookmarks_12_4_17.html 2017-12-04 16:24 - 2017-12-08 09:07 - 000000000 ____D C:\FRST 2017-12-02 17:40 - 2017-12-07 18:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-12-02 17:39 - 2017-12-02 18:27 - 000000000 ____D C:\ProgramData\RogueKiller 2017-12-02 13:41 - 2017-12-02 13:41 - 000000000 ____D C:\ProgramData\dbg 2017-12-02 13:36 - 2017-12-08 09:08 - 000051828 _____ C:\WINDOWS\ZAM.krnl.trace 2017-12-02 13:36 - 2017-12-08 09:08 - 000022330 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-12-02 13:36 - 2017-12-08 00:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-12-02 13:36 - 2017-12-02 13:36 - 000000000 ____D C:\Users\Mask\AppData\Local\Zemana 2017-12-02 13:18 - 2017-12-07 18:00 - 000004130 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-12-02 12:37 - 2017-12-07 18:39 - 000000000 ____D C:\AdwCleaner 2017-12-01 13:54 - 2017-12-01 13:54 - 000000000 _____ C:\WINDOWS\system32\last.dump 2017-11-29 08:49 - 2017-11-30 09:49 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-11-29 08:49 - 2017-11-30 09:49 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-11-26 20:35 - 2017-11-26 20:35 - 000000000 ___HD C:\$AV_AVG 2017-11-23 11:52 - 2017-11-23 11:52 - 000099876 _____ C:\Users\Mask\Downloads\bookmarks_11_23_17.html 2017-11-22 17:16 - 2017-11-30 09:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-11-20 19:09 - 2017-12-08 01:12 - 000000000 ____D C:\Users\Mask\Desktop\Flip&Staw 2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2017-11-20 17:17 - 2017-11-20 17:17 - 000000000 ____D C:\Program Files (x86)\ASUS 2017-11-20 17:17 - 2016-12-05 07:03 - 005632528 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlanu.sys 2017-11-20 17:17 - 2016-12-05 02:59 - 000014443 _____ C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt 2017-11-20 17:17 - 2016-12-05 02:59 - 000011488 _____ C:\WINDOWS\system32\Drivers\FJCP.txt 2017-11-20 17:17 - 2016-12-05 02:59 - 000011332 _____ C:\WINDOWS\system32\Drivers\CCEN.txt 2017-11-20 17:17 - 2016-06-30 16:21 - 000454360 _____ (Realtek) C:\WINDOWS\SwUSB.exe 2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe 2017-11-17 01:49 - 2017-11-17 01:49 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-11-15 16:27 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\AppData\Roaming\iZotope 2017-11-15 16:01 - 2017-11-15 16:01 - 000001637 _____ C:\Users\Public\Desktop\RX 6 Audio Editor (64-bit).lnk 2017-11-15 15:58 - 2017-11-15 16:07 - 000000000 ____D C:\Program Files (x86)\Vstplugins 2017-11-15 15:58 - 2017-11-15 16:00 - 000000000 ____D C:\Program Files\Vstplugins 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\VST3 2017-11-15 15:58 - 2017-11-15 15:58 - 000000000 ____D C:\Program Files\Common Files\Avid 2017-11-15 15:57 - 2017-11-15 16:27 - 000000000 ____D C:\Users\Mask\Documents\iZotope 2017-11-15 15:57 - 2017-11-15 15:57 - 000000000 ____D C:\Program Files (x86)\iZotope 2017-11-15 14:14 - 2017-11-15 15:51 - 000000000 ____D C:\Users\Mask\AppData\Local\ImpaqSpeed 2017-11-15 08:26 - 2017-10-17 11:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-15 08:26 - 2017-10-16 10:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-15 08:26 - 2017-10-14 05:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-15 08:26 - 2017-10-14 00:38 - 025731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-15 08:26 - 2017-10-14 00:23 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-11-15 08:26 - 2017-10-14 00:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-11-15 08:26 - 2017-10-14 00:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-15 08:26 - 2017-10-14 00:09 - 005979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-15 08:26 - 2017-10-14 00:01 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-15 08:26 - 2017-10-13 23:36 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-11-15 08:26 - 2017-10-13 23:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-11-15 08:26 - 2017-10-13 23:30 - 015266816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-11-15 08:26 - 2017-10-13 23:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-11-15 08:26 - 2017-10-13 23:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-11-15 08:26 - 2017-10-13 23:29 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-11-15 08:26 - 2017-10-13 23:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-11-15 08:26 - 2017-10-13 23:21 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-15 08:26 - 2017-10-13 23:14 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-15 08:26 - 2017-10-13 23:09 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-11-15 08:26 - 2017-10-13 23:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-15 08:26 - 2017-10-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-11-15 08:26 - 2017-10-13 22:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-15 08:26 - 2017-10-13 22:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-11-15 08:26 - 2017-10-13 22:45 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-15 08:26 - 2017-10-13 22:33 - 004542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-15 08:26 - 2017-10-13 22:28 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-11-15 08:26 - 2017-10-13 22:28 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-11-15 08:26 - 2017-10-13 22:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-11-15 08:26 - 2017-10-13 22:24 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-11-15 08:26 - 2017-10-13 22:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-11-15 08:26 - 2017-10-13 22:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-11-15 08:26 - 2017-10-13 22:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-15 08:26 - 2017-10-13 22:10 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-15 08:26 - 2017-10-13 22:07 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-11-15 08:26 - 2017-10-13 22:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-11-15 08:26 - 2017-10-10 08:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-15 08:26 - 2017-10-10 07:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-11-15 08:26 - 2017-10-10 07:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll 2017-11-15 08:26 - 2017-10-10 07:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-11-15 08:26 - 2017-10-10 07:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll 2017-11-15 08:26 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-15 08:26 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-11-15 08:26 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-11-15 08:26 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-11-15 08:26 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-11-15 08:26 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-11-15 08:26 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-11-15 08:26 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-11-15 08:26 - 2017-09-07 09:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls 2017-11-15 08:26 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-11-15 08:26 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-11-15 08:26 - 2017-09-06 15:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-11-15 08:26 - 2017-09-06 13:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-11-15 08:26 - 2017-09-06 13:17 - 000443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2017-11-15 08:26 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-11-15 08:26 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2017-11-15 08:26 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2017-11-15 08:18 - 2017-10-10 23:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-15 08:18 - 2017-10-10 07:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-15 08:18 - 2017-10-10 05:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-15 08:18 - 2017-10-10 05:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\ProgramData\Yamaha_Uninstaller 2017-11-13 16:08 - 2017-11-13 16:08 - 000000000 ____D C:\Program Files (x86)\Yamaha 2017-11-12 10:39 - 2017-11-12 10:39 - 000001951 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk 2017-11-12 10:39 - 2017-11-12 10:38 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-11-12 10:39 - 2017-11-12 10:38 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2017-11-11 11:25 - 2017-11-11 11:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xinputhid_01011.Wdf 2017-11-10 22:21 - 2017-11-10 22:21 - 000000000 ____D C:\Program Files\Tobias Erichsen ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-08 09:07 - 2013-10-22 21:29 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2499287152-2841305583-4123039165-1002 2017-12-08 09:04 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-12-08 09:03 - 2013-11-14 13:31 - 000000000 ____D C:\Users\Mask\AppData\Roaming\ClassicShell 2017-12-08 09:02 - 2015-01-28 01:08 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-08 09:02 - 2013-08-22 06:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-08 00:48 - 2014-04-26 00:55 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-07 23:50 - 2014-11-20 20:44 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-07 23:50 - 2013-08-22 05:36 - 000000000 ____D C:\WINDOWS\Inf 2017-12-07 18:20 - 2013-11-15 12:03 - 000000000 ____D C:\Users\Mask\AppData\Local\CrashDumps 2017-12-07 17:59 - 2017-05-27 10:44 - 000004178 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2017-12-07 17:49 - 2015-01-28 01:17 - 000000000 ____D C:\Users\Mask 2017-12-06 18:55 - 2013-08-22 05:25 - 016515072 _____ C:\WINDOWS\system32\config\HARDWARE 2017-12-06 15:47 - 2017-09-26 18:04 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-06 12:08 - 2016-09-25 20:24 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-12-05 16:50 - 2013-08-26 22:27 - 000000000 ____D C:\Users\Mask\Desktop\Youtube Files,turtle beach etc 2017-12-05 13:09 - 2013-10-27 19:55 - 000000000 ____D C:\Users\Mask\AppData\Local\ElevatedDiagnostics 2017-12-05 09:20 - 2016-10-23 13:09 - 000000000 ____D C:\Users\Mask\AppData\Roaming\uTorrent 2017-12-04 21:12 - 2015-08-01 01:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-03 02:57 - 2013-08-22 05:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2017-12-02 21:44 - 2015-01-31 04:56 - 005876224 ___SH C:\Users\Mask\Desktop\Thumbs.db 2017-12-02 16:52 - 2012-07-25 23:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-02 16:36 - 2013-10-22 21:23 - 000000000 ____D C:\Users\Mask\AppData\Local\Packages 2017-12-02 16:36 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-02 13:18 - 2013-10-23 22:52 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-12-02 13:18 - 2013-10-23 22:52 - 000000000 ____D C:\Program Files\CCleaner 2017-12-01 14:03 - 2013-08-22 07:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-30 21:59 - 2017-09-11 19:06 - 000001224 _____ C:\Users\Mask\Desktop\Roblox Studio.lnk 2017-11-30 21:59 - 2017-09-11 19:06 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-30 00:17 - 2017-06-05 14:14 - 000000000 ____D C:\Users\Mask\Desktop\NSMB2 Files 2017-11-29 16:53 - 2013-10-25 11:18 - 000000000 ____D C:\Users\Mask\AppData\Roaming\vlc 2017-11-27 23:37 - 2013-10-27 20:08 - 000000000 ____D C:\Users\Mask\AppData\Roaming\Audacity 2017-11-25 22:39 - 2015-04-03 15:00 - 000000000 ____D C:\Users\Mask\Desktop\Dxtory 2017-11-24 12:10 - 2010-01-31 14:00 - 000000000 ____D C:\Users\Mask\Desktop\OpenHardwareMonitor 2017-11-23 18:15 - 2015-08-20 17:08 - 000000000 ____D C:\Users\Mask\Desktop\Pc Games 2017-11-20 17:17 - 2013-10-23 21:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-11-19 18:52 - 2013-10-24 09:07 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-19 18:48 - 2017-10-10 23:10 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-19 18:48 - 2016-04-13 12:44 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-17 01:49 - 2017-09-26 18:04 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-16 09:33 - 2013-08-22 06:44 - 000525280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-16 02:53 - 2015-04-16 14:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-15 13:28 - 2016-04-04 20:17 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-15 10:39 - 2017-05-27 10:44 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2017-11-14 16:18 - 2016-04-14 00:57 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-11-14 16:18 - 2016-04-14 00:57 - 000000990 _____ C:\Users\Public\Desktop\Audacity.lnk 2017-11-14 16:18 - 2016-04-14 00:57 - 000000000 ____D C:\Program Files (x86)\Audacity 2017-11-14 09:28 - 2017-06-28 13:56 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-11-14 09:28 - 2017-06-28 13:55 - 000004464 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-11-14 09:28 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-11-13 13:31 - 2016-04-04 20:16 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-13 13:31 - 2016-04-04 20:16 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-12 10:38 - 2017-05-27 10:44 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-11-12 10:38 - 2017-05-27 10:44 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-11-12 10:37 - 2017-05-27 10:44 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys 2017-11-12 10:36 - 2017-05-27 10:44 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys 2017-11-12 10:11 - 2016-12-06 15:48 - 000000000 ____D C:\ProgramData\PreSonus 2017-11-11 01:10 - 2017-11-06 23:22 - 000000000 ____D C:\Users\Mask\AppData\Roaming\DarkAudacity ==================== Files in the root of some directories ======= 2013-02-16 19:27 - 2013-02-16 19:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2017-03-16 16:47 - 2017-03-16 16:47 - 000000132 _____ () C:\Users\Mask\AppData\Roaming\Adobe IllExport Filter CS6 Prefs 2013-12-29 18:29 - 2013-12-29 18:47 - 000099384 _____ () C:\Users\Mask\AppData\Roaming\inst.exe 2013-12-29 18:29 - 2013-12-29 18:47 - 000007859 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.cat 2013-12-29 18:29 - 2013-12-29 18:47 - 000001167 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.inf 2013-12-29 18:29 - 2013-12-29 18:47 - 000000055 _____ () C:\Users\Mask\AppData\Roaming\pcouffin.log 2013-12-29 18:29 - 2013-12-29 18:47 - 000082816 _____ (VSO Software) C:\Users\Mask\AppData\Roaming\pcouffin.sys 2014-01-02 01:31 - 2017-08-21 20:26 - 000001456 _____ () C:\Users\Mask\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-03-06 03:14 - 2016-08-15 01:35 - 000004608 _____ () C:\Users\Mask\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-07-07 10:20 - 2016-07-07 10:20 - 000000764 _____ () C:\Users\Mask\AppData\Local\recently-used.xbel 2014-05-14 10:40 - 2014-05-14 10:40 - 000007606 _____ () C:\Users\Mask\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2017-12-06 11:45 - 2017-12-06 11:45 - 002390528 _____ (Farbar) C:\Users\Mask\AppData\Local\Temp\4A26.tmp.exe 2017-12-06 11:41 - 2017-12-06 11:41 - 002390528 _____ (Farbar) C:\Users\Mask\AppData\Local\Temp\688F.tmp.exe 2017-12-05 12:51 - 2017-12-05 12:46 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Mask\AppData\Local\Temp\79104729-3343-4B5B-BA05-1861AD80E16C.exe 2017-12-02 17:39 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Users\Mask\AppData\Local\Temp\dllnt_dump.dll 2017-12-08 00:47 - 2017-12-05 13:42 - 011584088 _____ (SurfRight B.V.) C:\Users\Mask\AppData\Local\Temp\HitmanPro.exe 2017-12-01 02:21 - 2017-12-01 02:21 - 000000000 _____ () C:\Users\Mask\AppData\Local\Temp\jl-9p9i7.dll 2017-10-31 14:29 - 2017-10-31 14:29 - 001856576 _____ (Oracle Corporation) C:\Users\Mask\AppData\Local\Temp\jre-8u151-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-24 22:25 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1190087 Share Posted December 8, 2017 Addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017 Ran by Mask (08-12-2017 09:09:30) Running from C:\Users\Mask\Desktop Windows 8.1 Single Language (Update) (X64) (2015-01-28 09:38:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2499287152-2841305583-4123039165-500 - Administrator - Disabled) Guest (S-1-5-21-2499287152-2841305583-4123039165-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2499287152-2841305583-4123039165-1005 - Limited - Enabled) Mask (S-1-5-21-2499287152-2841305583-4123039165-1002 - Administrator - Enabled) => C:\Users\Mask ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.) 1.0 (HKLM-x32\...\ALAN Wake_is1) (Version: - ) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden AnyMedia Player 4.5.1 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 4.5.1 - cyan soft ltd) Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) ASUS USB-AC68 WLAN Card Driver (HKLM-x32\...\{56A6C59A-E783-41CB-A5F9-9240CA3C6B87}) (Version: 2.1.3.9 - ASUS) Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team) AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies) Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.) Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) BioShock Infinite (HKLM-x32\...\{2F82B501-6358-476E-A9AC-A6DABD2E52F9}) (Version: 6.0 - Black Box) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform) Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Dolphin 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Development Team) Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.) Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) f.lux (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\Flux) (Version: - ) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HackingToolkit3DS version 5.3 (HKLM-x32\...\{E76AC66E-D0AA-4274-BF9B-7704C777C3C3}_is1) (Version: 5.3 - Asia81) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) Kholat (HKLM-x32\...\Kholat_is1) (Version: - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - ) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia) Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OpenToonz version 1.0 (HKLM\...\{D9A9B1A3-9370-4BE9-9C8F-7B52EEECB973}_is1) (Version: 1.0 - DWANGO Co., Ltd.) PackBit Codec version 1.0.0.1Beta (HKLM-x32\...\{5AFD98DE-0AF5-497F-BE7E-F93DEDF74573}_is1) (Version: 1.0.0.1Beta - Dxtory Software) Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Roblox Player for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Studio for Mask (HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) RX 6 Audio Editor Advanced (HKLM-x32\...\RX 6 Audio Editor Advanced) (Version: 6.00 - iZotope, Inc.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps) Sonic Adventure 2 (c) SEGA version 1 (HKLM-x32\...\Sonic Adventure 2 (c) SEGA_is1) (Version: 1 - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Task Killer (remove only) (HKLM-x32\...\Task Killer) (Version: - ) TEKKEN 7 (HKLM-x32\...\TEKKEN 7_is1) (Version: - ) teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: 1.2.11.41 - Tobias Erichsen) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi) Vegas Pro 12.0 (64-bit) (HKLM-x32\...\Vegas Pro 12.0 (64-bit)) (Version: 12.0 (64-bit) - Exµs ™) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham) Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass (12/03/2012 1.2.0000.00000) (HKLM\...\32F8755FAEB4107085D8EB430DFE56CD6E5ADDB7) (Version: 12/03/2012 1.2.0000.00000 - Amazon.com) Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg)) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Yamaha Steinberg USB Driver (HKLM\...\{BEA06A39-583D-486E-A3EB-2A434ED45940}) (Version: 1.9.10 - Yamaha Corporation) Hidden Yamaha Steinberg USB Driver (HKLM-x32\...\yUninstall_{2938B185-2D57-47B0-9FC8-C90A67BA9277}) (Version: 1.9.10 - Yamaha Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2499287152-2841305583-4123039165-1002_Classes\CLSID\2A89C3F9-59CC-4F4B-9252-C5E7A6F4B248\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] () ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2013-10-06] (Florian Heidenreich) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-07-10] (NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-05] () ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-12] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {12A7EE85-4764-4F4B-A8EC-163381E72F1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd) Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {188C6A92-31C8-40C7-817C-19A0AF262025} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {369EF934-BC6B-4BB7-B098-93FF2370196E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe" Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop Task: {5984D908-6534-4927-85EE-1B0072A6D7E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.) Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION Task: {9D9EFBBC-836E-4F91-A600-C2869FB70322} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c /uninstall Task: {B4B8431F-A304-45BE-8E53-847E7A5ED0F0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated) Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST Task: {BAD6B62E-C38E-4375-B8EF-740230A2E6D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd) Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe" Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION Task: {E7B7AFE5-AEF9-4E6F-88CD-A4B7DB363AFC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {E859EFB6-A8AE-465A-9F30-10238A8DA1E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-04] (Google Inc.) Task: {EDB39FA2-06FF-4B11-BADB-8222A72ED960} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-19] (Microsoft Corporation) Task: {FDD11B9A-CD73-4264-832E-45489CF8E8C5} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-12] (AVG Technologies CZ, s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-28 01:08 - 2016-07-10 15:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-07-14 20:44 - 2010-07-14 20:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2017-12-05 01:17 - 2017-12-05 01:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2012-08-06 11:24 - 2012-08-06 11:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 15:03 - 2012-03-05 15:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 13:53 - 2012-02-16 13:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-06 11:24 - 2012-08-06 11:24 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2017-11-20 17:17 - 2014-12-12 17:24 - 000044760 _____ () C:\WINDOWS\runSW.exe 2017-09-26 18:04 - 2017-12-06 15:47 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2017-11-15 13:28 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-15 13:28 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2016-06-25 11:28 - 2016-06-14 12:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-11-28 21:13 - 2016-11-28 21:13 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll 2017-07-05 14:44 - 2017-07-05 14:44 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-11-12 10:37 - 2017-11-12 10:37 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122] AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126] AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2016-10-27 16:27 - 000001196 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.techsmith.com 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 oscount.techsmith.com 127.0.0.1 updater.techsmith.com 127.0.0.1 camtasiatudi.techsmith.com 127.0.0.3 tsccloud.cloudapp.net 127.0.0.2 assets.cloud.techsmith.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mask\Desktop\pacman_maze_harassment_search_22082_1920x1080.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{85D609B1-9B9A-4E32-83D5-933545E75204}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{30D30666-D7C7-419F-B490-690EE8A3136C}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F63CD267-436B-4458-A091-987AB229AD50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{725C65EA-C79D-4BDD-94CF-9B6257FE6A44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4EC40540-9DE5-42B4-B5A3-A6D07F6732B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{70B726BE-AB78-4D3C-9BDD-D498418C6157}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BA409F4F-B315-4AA4-99A5-2931333A17DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{5EBDEF40-1DF9-48FF-B58F-DA97FA21C8EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4E59D1EB-AEE1-4403-89BB-31EA1CE2622D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D55C04CC-416D-4B83-B12B-8B568E0FAE6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1B1D5FB6-0DD1-4D8D-BA40-002AA8E855F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C9FAC8BC-57FA-4276-9051-ACE4CE9C8B87}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DD5F3C78-00B5-4DC0-A8A7-617E60752790}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{92704457-23A0-41B2-ACE0-770E92156CBB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{7CC227D0-CFBB-4FB2-B921-6FD67AECAB47}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [UDP Query User{A5AEB0D4-84D6-42E9-9544-A8A6AD2508D1}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Block) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [TCP Query User{363B4324-8EE0-4D0E-9352-1E695FD0FA8E}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [UDP Query User{868E5372-9337-4DB5-823A-995CBEC3BB08}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [TCP Query User{72C30C3E-ECFB-4644-A601-0D15797CC03A}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [UDP Query User{A43F93B8-923C-4FDB-8A6D-2AD455AC97F7}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\emuhawk.exe FirewallRules: [TCP Query User{27941305-0BDE-4267-9424-728F83977ACA}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [UDP Query User{E9EA21FF-91E2-4E38-8A19-A17EE7874871}C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\mask\desktop\youtube files,turtle beach etc\rtc075c\bizhawk\autokillswitch.exe FirewallRules: [TCP Query User{739BCC6F-181E-4170-8252-4E9C0E5588EA}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe FirewallRules: [UDP Query User{D52887C8-A902-40B3-B287-8F190F6B6FAC}C:\games\outlast\binaries\win64\olgame.exe] => (Block) C:\games\outlast\binaries\win64\olgame.exe FirewallRules: [TCP Query User{29E2F539-CBCD-4348-A2AA-5059E69CD01F}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [UDP Query User{18A74D76-83AD-409A-9548-B4458B6AA7CC}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Block) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [{1094284D-104E-424E-BFB9-02D0C3537D2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{71204660-BCA1-453C-B403-C10083A80819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{4741B901-D5C8-471D-B94E-C5D54C20C7B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{6E04AA46-8713-4E99-AF96-E19316F37866}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C39C8FDB-C23E-4912-A169-F3BE1A67A10C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{659025CC-4B70-4E5E-A0D7-1AE197966DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe FirewallRules: [{493208C6-757C-4044-8D18-329CB54078EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast 2 Demo\Binaries\Win64\OL2Demo.exe FirewallRules: [{4EDD233B-0FEF-4E8D-BE47-18E79CEDC26D}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6CD0CCAB-2CDB-4DDC-9923-17A0EF7B1608}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{592B65F9-E897-48BC-8B53-5F4E61D729CA}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7BD09E46-9A73-4168-ABF6-884658B180C9}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B7343664-36A7-4020-96D7-A2766CC73FEB}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{59ACB803-966D-42C6-9C8A-C18C4E5E4834}] => (Allow) C:\Users\Mask\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5FF79ABB-8AA2-425F-8DC8-0F149E7CA33A}] => (Allow) LPort=8317 FirewallRules: [{9D7C13EC-1258-4189-9B13-3650B31028AF}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe FirewallRules: [{0BFCAF9C-C19E-4F51-ADE3-B0B75B78B09C}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe FirewallRules: [{B26549F3-0285-4BE5-A813-73C76B8FC52D}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe FirewallRules: [{22793626-828F-457F-90AE-CAAF03073F36}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{6E9C4DCD-A237-4846-9287-F0A0F23CF054}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-12-2017 00:47:18 UxStyle ==================== Faulty Device Manager Devices ============= Name: vJoy Device Description: vJoy Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Shaul Eizikovich Service: vjoy Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/08/2017 01:14:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x000000000003683b Faulting process id: 0x7ac Faulting application start time: 0x01d36fc6fb908597 Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 27e61e47-dbf8-11e7-803a-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/07/2017 07:25:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/07/2017 07:25:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/07/2017 07:25:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/07/2017 07:25:22 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (12/07/2017 06:20:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe Exception code: 0x40000015 Fault offset: 0x0000000000057609 Faulting process id: 0xfc0 Faulting application start time: 0x01d36fcafd93352c Faulting application path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\WINDOWS\system32\msvcrt.dll Report Id: 6831e4f9-dbbe-11e7-803a-d017c29739b7 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (12/07/2017 05:49:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x000000000003683b Faulting process id: 0x7d0 Faulting application start time: 0x01d36fbffc470cd9 Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: f61e5289-dbb9-11e7-8039-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 06:55:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x000000000003683b Faulting process id: 0x624 Faulting application start time: 0x01d36f069dc3ea5a Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 04175cc6-dafa-11e7-8037-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 06:50:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x000000000003683b Faulting process id: 0x558 Faulting application start time: 0x01d36f04bda8f0d6 Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 67f562ad-daf9-11e7-8036-d017c29739b7 Faulting package full name: Faulting package-relative application ID: Error: (12/06/2017 06:36:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (12/08/2017 09:04:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/08/2017 09:03:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/08/2017 09:02:19 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY) Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402. Error: (12/08/2017 09:02:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/08/2017 01:14:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/07/2017 06:04:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/07/2017 05:55:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/07/2017 05:54:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/07/2017 05:54:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (12/07/2017 05:54:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 CodeIntegrity: =================================== Date: 2017-12-08 09:09:21.297 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:20.979 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:20.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:20.354 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:20.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:19.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:19.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:19.097 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:18.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-12-08 09:09:18.455 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 8% Total physical RAM: 32666.98 MB Available physical RAM: 29762.72 MB Total Virtual: 65434.98 MB Available Virtual: 62380.61 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1857.69 GB) (Free:285.98 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A977CDC0) Partition 1: (Active) - (Size=450 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1857.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Masked Posted December 8, 2017 Author ID:1190090 Share Posted December 8, 2017 My pc is running fine and the citypage extension is gone from my browsers wooo! You saved me from replacing this pc, I can't thank you enough for your kindness Link to post Share on other sites More sharing options...
Aura Posted December 9, 2017 ID:1190228 Share Posted December 9, 2017 Alright, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply How's your system behaving? Are there any other issues to address? fixlist.txt Link to post Share on other sites More sharing options...
Masked Posted December 9, 2017 Author ID:1190272 Share Posted December 9, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017 Ran by Mask (08-12-2017 22:18:50) Run:3 Running from C:\Users\Mask\Desktop Loaded Profiles: Mask (Available Profiles: Mask) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION Task: {3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16} - System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Games\The Train\Uninstall.exe" Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {5869806D-20DF-4241-AFDC-43EC9C287D18} - System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Mask\Desktop\Kindle Fire ADB Drivers.exe" -d C:\Users\Mask\Desktop Task: {6673E07D-DAB4-4208-9C45-06DAEDB5BDA9} - no filepath Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION Task: {90B053F8-4D91-4BFC-9B53-899FEB89E970} - System32\Tasks\Logon Synchronization => C:\Users\Mask\AppData\Local\Temp\ndfapi.exe <==== ATTENTION Task: {A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0} - System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{05560347-3a9b-4644-a8ed-8b64cc947189}\UxStyle_Bundle.exe" -c /uninstall Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION Task: {B8552DF7-7B77-4042-844B-1640801F911B} - System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\UN091222.EXE -c /UNINST Task: {C44AD2EA-8417-4285-AB8E-D3F1B41A562D} - System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe" Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:C581A570 [122] AlternateDataStreams: C:\ProgramData\TEMP:CCA964A4 [126] AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [336] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01679346.sys => ""="Driver" C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt C:\WINDOWS\system32\Drivers\FJCP.txt C:\WINDOWS\system32\Drivers\CCEN.txt EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2499287152-2841305583-4123039165-1002\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA9FBD3-5FE5-47D8-9229-BE9BB5718A16}" => removed successfully C:\WINDOWS\System32\Tasks\{09500EB7-81A3-48AB-B815-37934C7B3D79} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09500EB7-81A3-48AB-B815-37934C7B3D79}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5869806D-20DF-4241-AFDC-43EC9C287D18}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5869806D-20DF-4241-AFDC-43EC9C287D18}" => removed successfully C:\WINDOWS\System32\Tasks\{CFF31973-1F41-45ED-9421-435C1B2341F0} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFF31973-1F41-45ED-9421-435C1B2341F0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6673E07D-DAB4-4208-9C45-06DAEDB5BDA9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6673E07D-DAB4-4208-9C45-06DAEDB5BDA9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90B053F8-4D91-4BFC-9B53-899FEB89E970}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90B053F8-4D91-4BFC-9B53-899FEB89E970}" => removed successfully C:\WINDOWS\System32\Tasks\Logon Synchronization => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Logon Synchronization" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9048D7E-2BEA-429A-8FAC-E65BB10CD1E0}" => removed successfully C:\WINDOWS\System32\Tasks\{685BF87F-0E7C-472F-B1B5-3418335A58D9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{685BF87F-0E7C-472F-B1B5-3418335A58D9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8552DF7-7B77-4042-844B-1640801F911B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8552DF7-7B77-4042-844B-1640801F911B}" => removed successfully C:\WINDOWS\System32\Tasks\{B50E3088-CB19-459C-92AB-BD9180B3E8B1} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B50E3088-CB19-459C-92AB-BD9180B3E8B1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C44AD2EA-8417-4285-AB8E-D3F1B41A562D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C44AD2EA-8417-4285-AB8E-D3F1B41A562D}" => removed successfully C:\WINDOWS\System32\Tasks\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB6B9B74-C9F9-4887-B69E-E4A74D7A026B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => removed successfully C:\ProgramData\TEMP => ":C581A570" ADS removed successfully C:\ProgramData\TEMP => ":CCA964A4" ADS removed successfully C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\01679346.sys" => removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\01679346.sys" => removed successfully C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Guest Profile => moved successfully C:\Users\Mask\AppData\Local\Google\Chrome\User Data\Profile 1 => moved successfully C:\WINDOWS\system32\Drivers\PHY_REG_PG.txt => moved successfully C:\WINDOWS\system32\Drivers\FJCP.txt => moved successfully C:\WINDOWS\system32\Drivers\CCEN.txt => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36569092 B Java, Flash, Steam htmlcache => 74004955 B Windows/system/drivers => 8553189 B Edge => 0 B Chrome => 389529107 B Firefox => 8596685 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 432 B LocalService => 156514 B NetworkService => 20498618 B Mask => 1067749771 B RecycleBin => 4065300826 B EmptyTemp: => 5.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:21:38 ==== Link to post Share on other sites More sharing options...
Masked Posted December 9, 2017 Author ID:1190273 Share Posted December 9, 2017 The system is working great! Everything is stable and running, words cannot express how thankful I am. (Sorry for saying thank you too much.) And nope there's no more issues, this is the best help I've gotten online THANK YOU!!! :3 Link to post Share on other sites More sharing options...
Aura Posted December 9, 2017 ID:1190342 Share Posted December 9, 2017 Glad to see that we managed to clean your system Masked, and no problem, you're welcome Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up. DelFix Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Check the following options :Activate UAC Remove disinfection tools Create registry backup Purge system restore Reset system settings Once all the options mentionned above are checked, click on Run After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply Tips, tricks, advice and recommendations Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you. Windows Updates Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically. How To Change Windows Update Settings How To Check For & Install Windows Updates Keeping your programs up-to-date Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them. UCheck Documentation How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI) Anti-Virus Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products). Sophos Home Bitdefender Free Antivirus Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection Avira Free Antivirus avast! Free Antivirus Anti-Malware, Anti-Exploit and Anti-Ransomware Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level. Malwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them. Firewall Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below. GlassWire - Has both a free and paid version (with different packages) Windows Firewall Control - Gives you more control over your Windows Firewall TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it Web Browsers and Web Browsing Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install. uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers) HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera) Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers) NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers) uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera) LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser) As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few: The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security Seven Useful Habits For A Safer Internet on Kapsersky Blog Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode Safe browsing habits on Internet Safety Project Wiki As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them. Other recommendations Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program. Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices : Answers to common security questions - Best Practices by quietman7 How Malware Spreads - How did I get infected by quietman7 Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler) How to Prevent Malware by miekiemoes Tips & Advice on StaySafeOnline.org The End! And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member. Do you have any questions before I close this thread? Link to post Share on other sites More sharing options...
Recommended Posts