Jump to content

Windows Process Manager (32 bit)


Recommended Posts

I'll keep it short and sweet. I have obvious malware, specifically 'Windows Process Manager', six instances running in Task Manager. Pretty sure the guilty files are 'nikrhdx.exe' of which I see multiple instances in Details tab of Task Manager. I've ran Malwarebytes Anti-Malware, as well as the Anti-Rootkit beta. The anti-malware came backclean, but MBAR comes back dirty each time, even after reboot. I am currently running RogueKiller, and when it finishes I'm going to run FRST then run FRST again in RE. I've gathered that those things and their logs will be needed for you guys to help me.

 

Please help, I use this computer for not only running videogames, but also creating games in Unity and I can't even run 7DTD more or less properly create with Unity with the drain to my already old system.

Link to post
Share on other sites

Hi KarnalEspio :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Link to post
Share on other sites

Thanks for the swift reply! This is the txtlog.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Likku (29-01-2018 20:01:32) Run:1
Running from C:\Users\Likku\Downloads
Loaded Profiles: Likku (Available Profiles: Likku)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 20:01:33 ====

Link to post
Share on other sites

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive

Boot in the Recovery Environment

  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

Link to post
Share on other sites

First FRST textlog is thus - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Likku (administrator) on DESKTOP-KQIMIQR (30-01-2018 13:00:11)
Running from e:\
Loaded Profiles: Likku (Available Profiles: Likku)
Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\pcadzgksvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-17] (Realtek Semiconductor)
HKLM\...\Run: [rickett] => "C:\Program Files (x86)\Gneiss\unevenly.exe"
HKLM\...\Run: [rickettukase] => "C:\Program Files (x86)\biswas\hensel.exe"
HKLM\...\Run: [rickettrickett] => "C:\Program Files (x86)\Clements\unevenly.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5764384 2017-11-20] (IObit)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [Discord] => C:\Users\Likku\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Run: [compiling] => "C:\Program Files (x86)\relenting\compiling.exe"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\MountPoints2: {50f1a8ab-b946-11e7-a7e5-806e6f6e6963} - "D:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-11-05]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-01-05]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Likku\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.144.0.150 24.144.0.146
Tcpip\..\Interfaces\{0c1e88c7-51da-4b5f-8272-8f30693e198f}: [DhcpNameServer] 24.144.0.150 24.144.0.146

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-21] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-21] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)

Chrome: 
=======
CHR Profile: C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default [2018-01-30]
CHR Extension: (Google Drive) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-24]
CHR Extension: (YouTube) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-24]
CHR Extension: (AdBlock) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-29]
CHR Extension: (Deluminate) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2018-01-17]
CHR Extension: (Morpheon Dark) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-01-17]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-24]
CHR Extension: (Gmail) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Likku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\btgxpzs <==== ATTENTION (Rootkit!)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-30] ()
S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-10-24] (EasyAntiCheat Ltd)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [1769760 2017-11-14] (IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-10] (Microsoft Corporation)
S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [175720 2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
S2 5b3a80d489f260e4bdf4c61cbf3b27ca; "C:\Program Files\5b3a80d489f260e4bdf4c61cbf3b27ca\c7b5aa7796ab2588a1bb4877cb2ae749.exe" [X]
S2 dc6c8067b828cd162c28f6133ea4373d; rundll32.exe C:\WINDOWS\dc6c8067b828cd162c28f6133ea4373d.dll QZKhNgV [X]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 4311E76C; C:\WINDOWS\System32\drivers\4311E76C.sys [255928 2018-01-27] (Malwarebytes)
R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [13848 2017-11-17] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-23] (Advanced Micro Devices, Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\drivers\lgandnetdiag64.sys [39424 2015-06-19] (LG Electronics Inc.)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [3097560 2017-12-02] ()
S3 cdrombus; C:\WINDOWS\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
R0 cm_km; C:\WINDOWS\System32\drivers\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-27] (Disc Soft Ltd)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-11-17] (REALiX(tm))
S1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-04-06] (IObit.com)
S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit)
S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34080 2017-06-23] (IObit.com)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-10] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [243712 2014-08-08] (QUALCOMM Incorporated)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-17] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
S1 csofzcvj; \??\C:\WINDOWS\system32\drivers\csofzcvj.sys [X]
S1 msidntfs; system32\drivers\msidntfs.sys [X]
S3 udiskMgr; system32\drivers\psvycf.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 12:33 - 2018-01-30 12:58 - 000189802 _____ C:\WINDOWS\ntbtlog.txt
2018-01-30 12:11 - 2018-01-30 12:11 - 000142160 ____N C:\WINDOWS\system32\Drivers\cworuxae.sys
2018-01-30 12:00 - 2018-01-30 12:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-29 21:31 - 2018-01-29 21:31 - 000000222 _____ C:\Users\Likku\Desktop\PlanetSide 2.url
2018-01-29 20:01 - 2018-01-29 20:01 - 000000765 _____ C:\Users\Likku\Downloads\Fixlog.txt
2018-01-29 19:56 - 2018-01-30 13:00 - 000000000 ____D C:\FRST
2018-01-29 19:56 - 2018-01-29 19:56 - 002393088 _____ (Farbar) C:\Users\Likku\Downloads\FRST64.exe
2018-01-29 18:02 - 2018-01-29 18:02 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-29 17:51 - 2018-01-29 21:30 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-29 17:49 - 2018-01-29 17:49 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-29 17:49 - 2018-01-29 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-29 17:48 - 2018-01-29 17:49 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-29 17:35 - 2018-01-29 17:36 - 036430896 _____ (Adlice Software ) C:\Users\Likku\Downloads\setup (1).exe
2018-01-27 21:33 - 2018-01-27 21:33 - 000550382 _____ C:\Users\Likku\Desktop\asd.mp4
2018-01-17 00:50 - 2018-01-17 02:14 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\BitTorrent
2018-01-16 23:42 - 2018-01-16 23:42 - 001990128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438871.dll
2018-01-16 23:42 - 2018-01-16 23:42 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438871.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 029381936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001331016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001101104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000980880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000933360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000740144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000599536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-01-16 23:41 - 2018-01-16 23:41 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2018-01-16 23:40 - 2018-01-16 23:40 - 040237456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-01-16 23:40 - 2018-01-16 23:40 - 035157488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-01-16 23:40 - 2018-01-16 23:40 - 013867656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-01-16 23:40 - 2018-01-16 23:40 - 011781912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-01-16 23:40 - 2018-01-16 23:40 - 004202992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-01-16 23:40 - 2018-01-16 23:40 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-01-14 18:59 - 2018-01-14 18:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-14 17:26 - 2018-01-27 11:28 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4311E76C.sys
2018-01-14 17:24 - 2018-01-14 17:24 - 082149144 _____ (Malwarebytes ) C:\Users\Likku\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe
2018-01-14 17:23 - 2018-01-27 13:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-14 17:23 - 2018-01-27 12:57 - 000000000 ____D C:\Users\Likku\Desktop\mbar
2018-01-14 17:23 - 2018-01-27 11:19 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-14 17:22 - 2018-01-14 17:22 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Likku\Downloads\mbar-1.10.3.1001.exe
2018-01-14 17:16 - 2018-01-14 17:17 - 000852798 _____ C:\Users\Likku\Downloads\SecurityCheck.exe
2018-01-14 17:13 - 2018-01-14 17:26 - 000007606 _____ C:\Users\Likku\AppData\Local\Resmon.ResmonCfg
2018-01-09 21:15 - 2017-10-24 22:33 - 000382504 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2018-01-09 21:11 - 2018-01-09 21:11 - 012204074 _____ C:\Users\Likku\Downloads\Valmod-Expansion-master.zip
2018-01-09 14:39 - 2018-01-09 14:39 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-01-09 14:39 - 2018-01-09 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-09 14:39 - 2018-01-09 14:39 - 000000000 ____D C:\Program Files\iPod
2018-01-09 14:37 - 2018-01-09 14:39 - 000000000 ____D C:\Program Files\iTunes
2018-01-09 14:32 - 2018-01-09 14:32 - 000000000 ____D C:\Program Files\Bonjour
2018-01-09 14:32 - 2018-01-09 14:32 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-05 23:39 - 2018-01-06 01:07 - 000000000 ____D C:\Users\Likku\Documents\Zuldu
2018-01-05 21:04 - 2018-01-05 21:21 - 000000000 ____D C:\Users\Likku\Documents\Learn 2D
2018-01-05 19:32 - 2018-01-05 23:40 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\DefaultCompany
2018-01-05 16:45 - 2018-01-05 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-05 16:01 - 2018-01-05 19:32 - 000000000 ____D C:\Users\Likku\AppData\LocalLow\Unity
2018-01-05 16:00 - 2018-01-05 23:39 - 000000000 ____D C:\ProgramData\Unity
2018-01-05 16:00 - 2018-01-05 16:00 - 000000000 ____D C:\Users\Likku\AppData\Local\Unity
2018-01-05 15:59 - 2018-01-05 19:32 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Unity
2018-01-05 15:49 - 2018-01-05 15:49 - 000001239 _____ C:\Users\Likku\Desktop\Facebook Gameroom.lnk
2018-01-05 15:49 - 2018-01-05 15:49 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2018-01-05 15:49 - 2018-01-05 15:49 - 000000000 ____D C:\Users\Likku\AppData\Local\Facebook
2018-01-05 15:48 - 2018-01-05 15:48 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2018-01-05 15:47 - 2018-01-05 15:47 - 000000000 ____D C:\Users\Likku\Documents\Visual Studio 2017
2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2018-01-05 15:43 - 2018-01-05 15:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-01-05 15:43 - 2018-01-05 15:43 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-01-05 15:42 - 2018-01-05 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2018-01-05 15:39 - 2018-01-05 15:39 - 000001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2018-01-05 15:38 - 2018-01-05 15:38 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2018-01-05 15:37 - 2018-01-05 15:48 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Visual Studio Setup
2018-01-05 15:37 - 2018-01-05 15:37 - 000000000 ____D C:\Users\Likku\AppData\Roaming\vstelemetry
2018-01-05 15:37 - 2018-01-05 15:37 - 000000000 ____D C:\Users\Likku\AppData\Local\ServiceHub
2018-01-05 15:36 - 2018-01-05 15:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-01-05 15:33 - 2018-01-05 15:33 - 000000000 ____D C:\Users\Public\Documents\Unity Projects
2018-01-05 15:22 - 2018-01-05 15:23 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2018-01-05 15:20 - 2018-01-05 15:20 - 000000928 _____ C:\Users\Public\Desktop\Unity 2017.3.0f3 (64-bit).lnk
2018-01-05 15:20 - 2018-01-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.3.0f3 (64-bit)
2018-01-05 15:14 - 2018-01-05 15:21 - 000000000 ____D C:\Program Files\Unity
2018-01-05 15:08 - 2018-01-05 15:08 - 000795664 _____ C:\Users\Likku\Downloads\UnityDownloadAssistant-2017.3.0f3.exe
2018-01-03 13:57 - 2018-01-03 18:07 - 000000000 ____D C:\Users\Likku\AppData\Roaming\vlc
2018-01-03 13:41 - 2018-01-03 13:41 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-03 13:41 - 2018-01-03 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-03 13:40 - 2018-01-03 13:40 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-03 13:39 - 2018-01-03 13:40 - 030863288 _____ C:\Users\Likku\Downloads\vlc-2.2.8-win32.exe
2018-01-01 23:43 - 2018-01-01 23:43 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-01 16:02 - 2018-01-01 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-01 16:00 - 2018-01-01 23:42 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-01 15:59 - 2018-01-01 23:43 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-01 15:54 - 2018-01-01 15:55 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Likku\Downloads\spybotsd-2.6.46.exe
2017-12-31 21:24 - 2018-01-01 01:34 - 000000000 ____D C:\Users\Likku\AppData\Roaming\Talisman
2017-12-31 21:22 - 2017-12-31 21:22 - 000000222 _____ C:\Users\Likku\Desktop\Talisman Digital Edition.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 14:31 - 2017-09-29 02:45 - 016252928 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-30 12:55 - 2017-12-10 07:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-30 12:36 - 2017-12-10 07:49 - 000000000 ____D C:\Users\Likku
2018-01-30 12:33 - 2017-12-24 15:52 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\pcadzgksvc.exe
2018-01-30 12:24 - 2017-12-10 08:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-30 12:24 - 2017-10-25 22:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-30 12:20 - 2017-12-24 15:54 - 000000000 ____D C:\Users\Likku\AppData\Local\nvrelwg
2018-01-30 12:18 - 2017-12-10 08:21 - 000003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Likku)
2018-01-30 12:11 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-30 12:00 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-30 11:52 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-30 10:09 - 2017-10-31 09:44 - 000000000 ____D C:\ProgramData\ProductData
2018-01-30 08:27 - 2017-11-21 12:47 - 000000000 ____D C:\Users\Likku\AppData\Local\CrashDumps
2018-01-29 23:50 - 2017-10-24 21:36 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-29 15:39 - 2017-10-30 14:31 - 000000000 ____D C:\Users\Likku\Documents\My Games
2018-01-29 15:39 - 2017-10-25 11:08 - 000000000 ____D C:\GOG Games
2018-01-29 15:27 - 2017-12-28 19:11 - 000000000 ____D C:\Users\Likku\Desktop\cuphead
2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-29 14:59 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-29 14:29 - 2017-12-24 15:54 - 000000000 ____D C:\Users\Likku\AppData\Local\igfxmtc
2018-01-29 14:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-22 16:33 - 2017-10-25 14:56 - 000001154 _____ C:\Users\Likku\Desktop\Cheat Engine.lnk
2018-01-17 02:14 - 2017-10-24 21:40 - 000000000 ____D C:\Users\Likku\AppData\Roaming\BitTorrent
2018-01-16 23:41 - 2017-11-17 06:12 - 036350960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2018-01-16 23:40 - 2017-11-17 06:12 - 004485376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-01-16 23:40 - 2017-11-17 06:12 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-01-12 11:56 - 2017-10-25 18:49 - 000551160 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2018-01-12 11:34 - 2017-10-25 18:49 - 000000000 ____D C:\Users\Likku\AppData\Roaming\7DaysToDie
2018-01-12 09:42 - 2017-10-31 09:42 - 000000000 ____D C:\ProgramData\IObit
2018-01-11 10:28 - 2017-11-21 23:42 - 000000000 ____D C:\Users\Likku\Documents\OPDND Backup
2018-01-09 18:05 - 2017-12-10 08:21 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2135662973-237965672-1908853102-1001
2018-01-09 18:05 - 2017-10-24 21:40 - 000002363 _____ C:\Users\Likku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-09 18:05 - 2017-10-24 21:40 - 000000000 ___RD C:\Users\Likku\OneDrive
2018-01-08 21:49 - 2017-10-24 21:39 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 21:49 - 2017-10-24 21:39 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-05 15:45 - 2017-10-25 12:09 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-05 15:42 - 2017-12-10 08:58 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-05 15:41 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-01 23:47 - 2017-12-23 04:11 - 000000000 ____D C:\Program Files (x86)\GOG.com
2018-01-01 16:55 - 2017-12-13 01:17 - 000000000 ____D C:\Users\Likku\AppData\Local\Life is Feudal MMO
2018-01-01 02:06 - 2017-12-28 15:06 - 000000406 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Likku.job
2018-01-01 02:06 - 2017-12-10 07:38 - 000222000 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2017-11-02 12:01 - 2017-11-07 17:22 - 000005632 _____ () C:\Users\Likku\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-14 17:13 - 2018-01-14 17:26 - 000007606 _____ () C:\Users\Likku\AppData\Local\Resmon.ResmonCfg
2017-12-12 22:47 - 2017-12-30 20:16 - 000002740 _____ () C:\Users\Likku\AppData\Local\Tempbannercash.tmp
2017-12-12 22:47 - 2017-12-30 20:16 - 000027386 _____ () C:\Users\Likku\AppData\Local\Tempnewscash.tmp
2017-12-24 15:52 - 2017-12-24 15:52 - 000003072 _____ () C:\Users\Likku\AppData\Local\uninstallML.exe

Some files in TEMP:
====================
2018-01-29 17:51 - 2017-12-10 09:12 - 001954048 _____ (Microsoft Corporation) C:\Users\Likku\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cworuxae.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-01-21 03:53

==================== End of FRST.txt ============================

Then the Addition txtlog is thus -

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Likku (30-01-2018 13:02:11)
Running from e:\
Windows 10 Pro Version 1709 16299.125 (X64) (2017-12-10 14:25:13)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2135662973-237965672-1908853102-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2135662973-237965672-1908853102-503 - Limited - Disabled)
Guest (S-1-5-21-2135662973-237965672-1908853102-501 - Limited - Disabled)
Likku (S-1-5-21-2135662973-237965672-1908853102-1001 - Administrator - Enabled) => C:\Users\Likku
WDAGUtilityAccount (S-1-5-21-2135662973-237965672-1908853102-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Citra (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\{eedecada-da67-4159-8ad5-db836985752e}) (Version: 1.0.0 - Citra Team)
Discord (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fable Anniversary (HKLM-x32\...\Fable Anniversary_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Facebook Gameroom 1.10.6515.35995 (HKLM-x32\...\{0B5F75BB-9192-4E2C-A0A6-D07DC31A2E84}) (Version: 1.10.6515.35995 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life Is Feudal  (HKLM-x32\...\Life Is Feudal) (Version:  - BitBox)
Microsoft OneDrive (HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
PCGen60601 (HKLM-x32\...\PCGen60601) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.2.0 - Adlice Software)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Last Remnant — Repacked by R.G. Revenants (HKLM-x32\...\The Last Remnant_R.G. Revenants) (Version: 1.0.515.0 - Square Enix)
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Visual Studio Community 2017 (HKLM\...\7d5ffe3c) (Version: 15.5.27130.2010 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
WPS Office (10.2.0.5965) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5965 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2135662973-237965672-1908853102-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-10-24] (Microsoft Corporation)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Likku\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1_S-1-5-21-2135662973-237965672-1908853102-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034FD79F-5A23-49DE-8592-7C7E072C7EEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {225BE743-1698-45B0-B804-712317C579A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-24] (Google Inc.)
Task: {2B8C6A39-EF4B-4A07-A8A4-0FC67F1DEB13} - System32\Tasks\WpsUpdateTask_Likku => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\wtoolex\wpsupdate.exe [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {30425538-737E-4AB3-823A-E9C34105347F} - System32\Tasks\WpsNotifyTask_Likku => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: {309E9878-4690-4550-B555-FA8B3980BD0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {325B42DC-C900-4AF5-A053-D9093869428A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {3A387C2F-E49F-4290-BE30-A38EC21D122E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {41F361FE-5770-4A68-BCA0-E90473788702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-24] (Google Inc.)
Task: {5B5A4C4D-7231-4197-B309-0EF710915C8D} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {6AFA7E0B-4368-4479-BD57-1A8164734AD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {7312615F-E7F0-441A-BC79-10340763B24F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {735BA339-81FC-4FA6-974B-B42B34057CF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7BF1D315-58C0-4D1A-9A6D-29856E32DDD8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {7D53DF6D-338E-4B0D-BD4A-ECF49ABE0E58} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\Scheduler.exe [2017-08-30] (IObit)
Task: {8F42AB90-22AE-4EBB-A048-0DBF4554995A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {9866DE91-B0CB-4A90-9E99-60070DE90326} - System32\Tasks\WpsExternal_Likku_20171228151506 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2017-12-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {BEE2DE1B-564E-4BF9-8EFE-525AF562D140} - System32\Tasks\Driver Booster SkipUAC (Likku) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [2017-10-11] (IObit)
Task: {C49A0AB4-6AB0-490A-B8AC-F8C214D0AC18} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {C7031B57-6DD3-444C-94B7-691354621587} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {C9797915-1527-458B-8055-2D4CDEBAE357} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {CA1304AD-075D-468F-A192-74729D362528} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {CEF8B393-9348-4F8B-A9EE-4F499F92430F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {D5A5462D-E184-429E-8820-5B2C8BE0EF5A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {FF97E293-F84A-4A09-ADDE-D465D4739C1B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\WpsNotifyTask_Likku.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-24 21:34 - 2017-10-24 21:27 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2135662973-237965672-1908853102-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Likku\Desktop\god.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "rickettukase"
HKLM\...\StartupApproved\Run: => "rickettrickett"
HKLM\...\StartupApproved\Run: => "rickett"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "coercecorr"
HKLM\...\StartupApproved\Run32: => "coercecoerce"
HKLM\...\StartupApproved\Run32: => "coerce"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "initioinitio.lnk"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "initio.lnk"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukaserickett"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "compiling"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corrcoerce"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "roufac"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "bhatti"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukaseukase"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "ukase"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corrcorr"
HKU\S-1-5-21-2135662973-237965672-1908853102-1001\...\StartupApproved\Run: => "corr"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{11BB6BC1-0ED7-4838-B673-7E83E4CF8E77}C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe] => (Allow) C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{805F1FC4-EB1E-4021-81BE-30E007B1B2F9}C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe] => (Allow) C:\users\likku\desktop\rom\cemu\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{755D422B-9093-4749-8280-2095BEF6F331}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{F05D1EAB-1715-4E4B-99D0-F381B1B7F1BB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{0A9B22C6-77B8-4365-8B02-DE5CE77A8F53}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F68D3449-3D7C-4158-8F4B-9DA6650CC948}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{E414DD35-6384-42BF-99A1-3656D5BC582E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{9363825E-16DE-4E2B-A209-289A09501F20}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{2A8438C2-B8AD-4099-9434-0214BE903C3A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D8DD7268-C123-46ED-B064-5D1E5F629E13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA0C0121-5E4A-44D9-981B-F501E55BB721}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC6E9078-4511-498D-BD6B-A80EC460F4CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02E2A4F7-13EE-4A0A-915A-53755DC055FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F2B8D5E7-1600-4C90-AF50-94629E7BE540}C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe] => (Block) C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe
FirewallRules: [TCP Query User{33786F78-9A19-4D83-9D9C-85873998F8BB}C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe] => (Block) C:\users\likku\desktop\torrented\doom ^^nosteam^^\doomx64.exe
FirewallRules: [UDP Query User{289A7436-8C99-43A9-9DB7-B4B6E8715A5A}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [TCP Query User{3C3490A9-D83D-41B9-A1ED-A88F029A62D0}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [{22B4EC7A-F412-46A4-BBB6-275C79AE791D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{3F8E1AF7-A2E4-4A41-A0C2-E784CF6C6F3D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{73905AA4-1BF0-45EB-81D0-DCA7296EB50F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{77D27C90-46DA-4364-B07E-8F348A35966C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{1A68CAA9-30D5-4E94-9427-5F8A4C7EB8D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{E15A28E7-1181-4246-B7CC-517EBCF5C3B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{EEB58190-59A2-47B4-857F-FB116EE866E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A665D29B-6D25-4146-BD4E-78611F88AD9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{934682BA-15D9-4360-9178-0F1CD55B6EF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C4912F78-C217-4861-80E5-D19481ECE5D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{420B8BA7-3A3B-476D-BBA3-54BAF60E0E51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{8148B6F2-6EE3-4E89-AA8D-5A02E45CFBD1}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{ADC82747-C4E9-4C4C-A795-03A530D7FD2F}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [{97CFC4AC-26F3-43CF-A439-750D1C16C9A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B46CD783-8EBC-4555-AAFF-75049BF469BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{94FF1394-DD3B-47B6-904A-89F6BEC910F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{6B78373F-D0DF-4A55-A17E-84D453CAE7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{0C2D4CE1-8CA9-4533-92D1-861F75CAF835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{2B7D1159-3418-49F2-AC72-6FD4D2E3E446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{B347DF41-AD32-464B-9A32-193C8AA2992D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{650E0D39-9EA3-45E7-8A79-4FFB31FABF85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3E55198-A36E-4AC5-94CF-A33361042C93}] => (Allow) C:\Users\Likku\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FBC4F392-F86E-4AF1-9C38-181CB427B4C8}] => (Allow) C:\Users\Likku\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{47DF86D6-10D3-4AA4-BD63-D92BED28E598}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68C70A87-D502-448E-A742-AB28346FB469}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A40315D4-6DC1-491B-96F6-98E666AE2053}C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe] => (Allow) C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe
FirewallRules: [UDP Query User{FE030D9D-26C9-4D0A-8BCE-921327A86B5F}C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe] => (Allow) C:\users\likku\appdata\local\life is feudal mmo\launcher_data_loader.exe
FirewallRules: [{722F5442-A2CE-43A7-983B-232E11B20CE5}] => (Allow) C:\Users\Likku\AppData\Local\Life is Feudal MMO\launcher.exe
FirewallRules: [{74D50017-9531-481E-8F2F-06BD3F6661C2}] => (Allow) C:\Users\Likku\AppData\Local\Life is Feudal MMO\launcher.exe
FirewallRules: [{1ADB6549-894E-4FC8-857A-23548B862644}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5B05A175-ACD2-485E-B76A-30F3870EDA5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{A3B5181E-B4ED-4C35-A7F6-AEDC87607E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{1FE97582-CA86-46FC-A4BB-283CEB732AF7}] => (Allow) C:\Program Files (x86)\Gneiss\unevenly.exe
FirewallRules: [{6B441946-3E91-41E2-A5D1-50C144EBD459}] => (Allow) C:\Program Files (x86)\Clements\unevenly.exe
FirewallRules: [{B4E5C7A4-E268-46A5-B860-2DD53D622C90}] => (Allow) C:\Program Files (x86)\biswas\hensel.exe
FirewallRules: [{01ED0C23-B84B-4818-8D43-079908A496DB}] => (Allow) C:\Program Files (x86)\Clements\hensel.exe
FirewallRules: [{9A04EDF3-6813-4E10-9436-B32D8B3E6976}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{0A6D8C0A-FC91-4ACC-A4EA-5C26D3302481}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.5965\office6\wpscloudsvr.exe
FirewallRules: [{BBAFB184-F50A-489A-90B8-3B30BBB528D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
FirewallRules: [{4F4766D6-748F-4F5E-8994-F82FC5D7104E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe

==================== Restore Points =========================

30-01-2018 02:28:26 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2018 11:17:06 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (01/30/2018 11:17:04 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (01/30/2018 10:59:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (01/30/2018 09:55:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (01/30/2018 09:47:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/30/2018 08:51:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/30/2018 08:36:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/30/2018 08:26:53 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Users\Likku\AppData\Local\nvrelwg\libcef.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program bad_module_info because of this error.

Program: bad_module_info
File: C:\Users\Likku\AppData\Local\nvrelwg\libcef.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/30/2018 08:26:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x77801615
Faulting process id: 0x3b90
Faulting application start time: 0x01d399d65dc06a98
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 6fd1b45e-3c57-4455-ba13-320778c61ee0
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/30/2018 07:46:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-KQIMIQR)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.


System errors:
=============
Error: (01/30/2018 01:02:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NlaSvc service depends on the Dhcp service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHttpAutoProxySvc service depends on the Dhcp service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The mrxsmb20 service depends on the mrxsmb service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The mrxsmb service depends on the rdbss service which failed to start because of the following error: 
A device attached to the system is not functioning.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The LanmanWorkstation service depends on the nsi service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Dnscache service depends on the nsi service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Wcmsvc service depends on the nsi service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/30/2018 12:33:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The nsi service depends on the nsiproxy service which failed to start because of the following error: 
A device attached to the system is not functioning.


CodeIntegrity:
===================================
  Date: 2018-01-30 12:08:12.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:08:12.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:07:29.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:07:29.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:07:18.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:07:18.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:06:53.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:06:53.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:00:19.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-30 12:00:19.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 9%
Total physical RAM: 8189.55 MB
Available physical RAM: 7373.11 MB
Total Virtual: 11773.55 MB
Available Virtual: 11093.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.06 GB) (Free:650.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (SupCom1) (CDROM) (Total:5.07 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:29.1 GB) (Free:21.69 GB) FAT32
Drive f: () (Removable) (Total:7.45 GB) (Free:1.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 741224D5)
Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

You ran FRST in Safe Mode, you need to be in the Windows RE. The instructions I provided above contain links to tutorials that explains how to access the Windows RE for various Windows versions.

Boot Mode: Safe Mode (minimal)

 

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.