Jump to content
rekamyenoM

NEED HELP FINDING SOURCE OF BLOCKED SITES

Recommended Posts

So I am getting Website Blocked pop-ups every 30 seconds literally, while in Chrome. These are all outbound blocks. I'm using the Trial version 3.3.1 of MB Premium. I have tried everything to find the source. I have run MB, Vipre, Avast, HitMan Pro, TDSSKiller, adwarecleaner, etc. They all find nothing that shouldn't be there. If I shut down Chrome and us Firefox or any other browser, no pop-ups. 

 

Any Help? 

Edited by rekamyenoM

Share this post


Link to post
Share on other sites

Excuse my ignorance but how do I get that to you? 

Share this post


Link to post
Share on other sites

Go to the Reports tab and you can select the protection events from there, you can save as text or copy to clipboard and paste it here.

Share this post


Link to post
Share on other sites

Here is the last one, is this what you wanted? There are 100's.

Every time I refresh this page to see if you replied I get one...

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/16/18
Protection Event Time: 3:00 PM
Log File: 0264511a-1354-11e8-9f6f-408d5c4613f9.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3967
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Unspecified
Domain: digitaldsp.com
IP Address: 78.140.191.246
Port: [51525]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Edited by rekamyenoM

Share this post


Link to post
Share on other sites
1 minute ago, Zynthesist said:

We have a block on the domain digitaldsp[.]com for adware. 

But there are 100's of others, will we need to block them all seperately? I don't even know what digitaldsp[.]com is.

Edited by rekamyenoM

Share this post


Link to post
Share on other sites

Ran that already numerous times.... Finds nothing. I have run MB, Vipre, Avast, HitMan Pro, TDSSKiller, adwarecleaner, etc

Edited by rekamyenoM

Share this post


Link to post
Share on other sites

Here is another that is hammering me.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/16/18
Protection Event Time: 1:42 PM
Log File: 1e30007a-1349-11e8-8c13-408d5c4613f9.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3967
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Unspecified
Domain: v1hcmqbaqw.ru
IP Address: 185.80.53.62
Port: [50008]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Edited by rekamyenoM

Share this post


Link to post
Share on other sites

Are these outbound attempts hurting anything? Why are they only happening in Chrome? When I shut chrome down, they go away. I imagine they have been happening for a long time, just never used MB to expose them. I have 10 chrome windows open at any given time 24 x 7. I work from home.

Edited by rekamyenoM

Share this post


Link to post
Share on other sites

Hello rekamyenoM

Let's get a diagnostic scan of the PC to see what is going on.

Please download the appropriate version of Farbar Recovery Scan Tool  (FRST.exe) from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Share this post


Link to post
Share on other sites

I think I tried running this before and it crashed my system, I will try again now....

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by owner (administrator) on OWNER-PC (16-02-2018 15:36:42)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
( ) C:\Windows\System32\lmabcoms.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(T-Mobile USA) C:\Program Files (x86)\T-Mobile USA\TMobileTokenService\TMobileTokenService.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\x64\AVCProxy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(ThreatTrack Security, Inc.) C:\VIPRERESCUE\VipreRescueScanner.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [LMPSSDMON] => C:\Program Files\Lexmark\Monitor\ACJ\LMabMON.exe [753664 2010-03-26] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15576 2013-08-09] ()
HKLM\...\Run: [SBRegRebootCleaner] => C:\Users\owner\AppData\Local\VIPRE\Setup\CartSdk\sbrc.exe [254344 2017-11-02] (VIPRE Security)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3320312 2017-07-25] (VIPRE Security)
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-03-26] ( )
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.76.84.102 75.76.84.103
Tcpip\..\Interfaces\{1a6d3df1-4fd9-4011-9d09-a6f1f69c6755}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{1e1ab3bb-c9d4-440a-bb5d-9ab2646f57ec}: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{8c06e043-b6b2-4d77-9464-7c5fcae87518}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d9c099ec-93aa-4e1f-9f05-961b668cac8a}: [DhcpNameServer] 75.76.84.102 75.76.84.103

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> DefaultScope {B8C89679-3CAE-467F-A9DD-434BE53887BA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> {B8C89679-3CAE-467F-A9DD-434BE53887BA} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> is enabled.

FireFox:
========
FF DefaultProfile: pk87sy5a.default
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default [2018-02-16]
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default\user.js [2016-04-28]
FF Homepage: Mozilla\Firefox\Profiles\pk87sy5a.default -> hxxps://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\pk87sy5a.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-24] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-24] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2018-02-16]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-06]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-13]
CHR Extension: (ae) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2018-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-10-23] (Macrovision Europe Ltd.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 lmab_device; C:\WINDOWS\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\WINDOWS\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6943200 2017-07-25] (VIPRE Security)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [436216 2017-07-25] (VIPRE Security)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH)
R2 TMobileTokenService; C:\Program Files (x86)\T-Mobile USA\TMobileTokenService\TMobileTokenService.exe [446976 2014-03-07] (T-Mobile USA) [File not signed]
S3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [2710544 2017-05-12] (ThreatTrack Security Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-02-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-02-13] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [18944 2014-03-14] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-11-18] (BitDefender)
R3 avchv; C:\WINDOWS\system32\DRIVERS\avchv.sys [285240 2016-08-29] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-11-18] (BitDefender)
S3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\bcmwlhigh63a.sys [2463920 2014-04-10] (Broadcom Corporation)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2018-01-19] (ESET)
S1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [58952 2016-08-03] (ThreatTrack Security)
R3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [50776 2016-08-03] (ThreatTrack Security)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-01-19] ()
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-16] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-16] (Malwarebytes)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-23] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-12] (Realtek )
R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [133808 2017-07-25] (VIPRE Security)
R3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [73208 2017-02-17] (ThreatTrack Security)
R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [375368 2017-02-17] (ThreatTrack Security)
R3 sbwtis; C:\WINDOWS\system32\DRIVERS\sbwtis.sys [122672 2017-02-17] (ThreatTrack Security)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-02-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-02-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-02-13] (Microsoft Corporation)
R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [54288 2017-05-12] (ThreatTrack Security Inc.)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-16 15:36 - 2018-02-16 15:37 - 000020700 _____ C:\Users\owner\Desktop\FRST.txt
2018-02-16 15:35 - 2018-02-16 15:36 - 000000000 ____D C:\FRST
2018-02-16 15:35 - 2018-02-16 15:35 - 002405376 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2018-02-16 15:32 - 2018-02-16 15:32 - 000000000 ____D C:\VIPRERESCUE
2018-02-16 15:32 - 2018-02-16 15:32 - 000000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat
2018-02-16 15:31 - 2018-02-16 15:31 - 338898944 _____ C:\Users\owner\Desktop\VIPRERescue.exe
2018-02-16 13:46 - 2018-02-16 13:47 - 000263018 _____ C:\TDSSKiller.3.1.0.16_16.02.2018_13.46.10_log.txt
2018-02-16 13:44 - 2018-02-16 13:44 - 000000126 _____ C:\WINDOWS\system32\bootdelete.lst
2018-02-16 13:32 - 2018-02-16 13:32 - 000636588 _____ C:\WINDOWS\Minidump\021618-33312-01.dmp
2018-02-16 13:22 - 2018-02-16 13:32 - 798543274 _____ C:\WINDOWS\MEMORY.DMP
2018-02-16 13:22 - 2018-02-16 13:23 - 000664228 _____ C:\WINDOWS\Minidump\021618-29828-01.dmp
2018-02-16 09:15 - 2018-02-16 09:42 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-02-15 13:29 - 2018-02-16 13:35 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-15 13:29 - 2018-02-16 13:34 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-15 13:29 - 2018-02-16 13:34 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-15 13:29 - 2018-02-16 13:34 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-15 13:29 - 2018-02-15 13:29 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-15 12:59 - 2018-02-15 12:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-15 12:59 - 2018-02-15 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-15 12:59 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-15 10:37 - 2018-02-15 10:37 - 001129816 _____ (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe
2018-02-15 10:37 - 2018-02-15 10:37 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-15 10:37 - 2018-02-15 10:37 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-15 10:37 - 2018-02-15 10:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-15 10:37 - 2018-02-15 10:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-14 12:51 - 2018-02-14 12:51 - 000000000 ____D C:\Users\owner\AppData\Local\ESET
2018-02-14 10:54 - 2018-02-14 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-14 10:44 - 2018-02-14 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Auslogics
2018-02-14 10:37 - 2018-02-14 10:37 - 000000000 ____D C:\Users\owner\AppData\Roaming\Auslogics
2018-02-14 10:36 - 2018-02-14 10:36 - 007238384 _____ (Auslogics Software Pty Ltd ) C:\Users\owner\Downloads\auslogics-bitreplica-setup.exe
2018-02-14 10:17 - 2018-02-14 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2018-02-14 10:17 - 2018-02-14 11:50 - 000000000 ____D C:\Program Files (x86)\Auslogics
2018-02-14 10:17 - 2018-02-14 10:37 - 000000000 ____D C:\ProgramData\Auslogics
2018-02-14 10:17 - 2018-02-14 10:17 - 011996368 _____ (Auslogics ) C:\Users\owner\Downloads\registry-cleaner-setup.exe
2018-02-13 21:41 - 2018-02-16 13:35 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-02-13 17:25 - 2018-02-13 17:25 - 000000000 ____D C:\Program Files (x86)\GUMD75B.tmp
2018-02-13 16:48 - 2018-02-16 13:44 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-02-13 16:36 - 2018-02-13 16:49 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-13 16:29 - 2018-02-16 15:07 - 000000000 ____D C:\AdwCleaner
2018-02-13 13:51 - 2018-02-15 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-13 13:51 - 2018-02-13 13:51 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-13 13:43 - 2018-02-13 13:43 - 000000000 ____D C:\Users\owner\AppData\Roaming\et
2018-02-13 12:51 - 2018-02-13 18:21 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2018-02-13 12:51 - 2018-02-13 12:51 - 000000000 ____D C:\Users\owner\AppData\Roaming\TeamViewer
2018-02-08 10:48 - 2018-02-13 18:21 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-07 11:12 - 2018-02-07 11:58 - 000000000 ____D C:\Users\owner\Desktop\Eric Yip
2018-02-06 12:12 - 2018-02-07 20:33 - 000000000 ____D C:\ProgramData\McAfee
2018-02-06 11:49 - 2016-08-03 15:10 - 000050776 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2018-02-06 11:47 - 2018-02-06 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
2018-02-06 11:47 - 2017-02-24 13:44 - 000047632 _____ (ThreatTrack Security Inc.) C:\WINDOWS\system32\sbbd.exe
2018-02-06 11:47 - 2017-02-17 09:39 - 000073208 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\sbhips.sys
2018-02-06 11:41 - 2018-02-06 11:48 - 000000000 ____D C:\Users\owner\AppData\Roaming\VIPRE
2018-02-06 09:03 - 2018-02-06 09:03 - 000000000 ____D C:\ProgramData\Actions Production Tool
2018-02-06 09:01 - 2018-02-06 09:01 - 000000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actions Tools
2018-02-06 09:01 - 2018-02-06 09:01 - 000000000 ____D C:\Program Files (x86)\Actions
2018-02-06 08:50 - 2018-02-07 15:45 - 000000000 ____D C:\Users\owner\Downloads\Jigmo
2018-02-02 10:46 - 2018-02-02 10:47 - 000000000 ____D C:\Users\owner\Desktop\4G MiFi
2018-02-01 19:32 - 2018-02-01 19:32 - 000952759 _____ C:\Users\owner\Downloads\JiGMO-USB-Voice-Recorder-eBook-Amazon-US.pdf
2018-01-31 13:27 - 2018-01-31 13:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-31 13:27 - 2018-01-23 17:42 - 000137712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-01-31 13:27 - 2017-11-02 15:15 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-31 13:27 - 2017-11-02 15:15 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-31 13:27 - 2017-11-02 15:15 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-31 13:27 - 2017-11-02 15:14 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-31 13:24 - 2018-01-23 19:23 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000599352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-01-31 13:24 - 2018-01-23 19:23 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-01-31 13:21 - 2018-01-31 13:21 - 000000000 ____D C:\Users\owner\ansel
2018-01-19 15:32 - 2018-01-19 15:32 - 000106304 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-01-19 15:31 - 2018-01-19 15:31 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-01-19 15:31 - 2018-01-19 15:31 - 000081880 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2018-01-19 15:31 - 2018-01-19 15:31 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-16 15:25 - 2015-10-22 11:07 - 000000000 ____D C:\Users\owner\Documents\Cracks
2018-02-16 15:02 - 2016-11-24 14:01 - 000000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla
2018-02-16 13:37 - 2017-11-24 21:41 - 001669318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-16 13:33 - 2017-05-28 08:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-16 13:32 - 2017-12-01 10:54 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-16 13:32 - 2017-11-24 22:01 - 000002806 _____ C:\WINDOWS\System32\Tasks\AutoKMSDaily
2018-02-16 13:32 - 2017-11-24 22:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-16 13:32 - 2017-11-24 21:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-16 13:32 - 2017-05-11 07:29 - 000000228 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2018-02-16 13:32 - 2016-04-19 14:00 - 000078848 _____ C:\WINDOWS\KMSEmulator.exe
2018-02-16 13:23 - 2017-11-24 21:46 - 000000000 ____D C:\Users\owner
2018-02-16 13:23 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-16 11:42 - 2017-09-29 03:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-02-16 09:51 - 2017-05-11 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-02-16 09:37 - 2017-05-11 07:32 - 000000000 ____D C:\Program Files\KMSpico
2018-02-16 05:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-16 05:01 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-16 05:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-15 23:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-15 11:35 - 2016-01-14 08:22 - 000000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2018-02-15 09:24 - 2018-01-12 14:49 - 000000000 ____D C:\Users\owner\Desktop\Expense Tracker
2018-02-14 15:11 - 2015-10-17 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-14 14:50 - 2016-11-17 18:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-14 14:50 - 2015-10-17 19:44 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-14 12:50 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-02-14 10:46 - 2017-11-30 08:34 - 000000000 ____D C:\Users\owner\AppData\Roaming\Memeo
2018-02-14 01:09 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-13 21:57 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-02-13 21:57 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-02-13 21:56 - 2017-07-10 14:13 - 000000000 ____D C:\WINDOWS\WindowsMobile
2018-02-13 15:08 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-02-13 14:21 - 2015-10-17 22:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-13 14:18 - 2017-10-10 14:05 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 14:18 - 2015-10-17 22:32 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-13 13:47 - 2017-11-24 21:36 - 000486768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-13 13:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-02-13 13:39 - 2015-10-22 15:34 - 000000746 __RSH C:\ProgramData\ntuser.pol
2018-02-13 13:37 - 2018-01-01 18:45 - 000000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2018-02-13 13:17 - 2017-02-14 09:45 - 000000000 ____D C:\Users\owner\AppData\Roaming\vlc
2018-02-12 15:55 - 2018-01-12 14:11 - 000145248 _____ C:\Users\owner\Desktop\summary_report.xlsx
2018-02-12 15:34 - 2018-01-12 14:16 - 000154223 _____ C:\Users\owner\Desktop\Subscriber Summary.xlsx
2018-02-12 09:41 - 2017-12-13 05:40 - 000404340 _____ C:\Users\owner\Desktop\summary_report 2.xlsx
2018-02-12 09:39 - 2017-10-12 10:14 - 000489504 _____ C:\Users\owner\Desktop\detail_report.xlsx
2018-02-06 11:49 - 2017-11-16 10:13 - 000000000 ____D C:\Program Files (x86)\VIPRE
2018-02-06 11:47 - 2016-03-29 14:59 - 000002848 _____ C:\WINDOWS\SysWOW64\VipreEdgeProtectionOff.ini
2018-02-06 11:47 - 2016-03-29 14:59 - 000002848 _____ C:\WINDOWS\system32\VipreEdgeProtectionOff.ini
2018-02-06 11:43 - 2017-05-28 08:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-06 11:42 - 2015-10-17 18:57 - 000000212 _____ C:\WINDOWS\system32\SBRC.dat
2018-02-05 21:49 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-05 21:49 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-05 18:14 - 2017-02-20 18:14 - 000010413 _____ C:\Users\owner\Desktop\Monthly Bills.xlsx
2018-02-03 09:48 - 2016-11-22 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-03 09:48 - 2015-10-22 12:49 - 000001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-02-02 09:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-31 13:28 - 2017-05-28 08:37 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-31 13:28 - 2017-01-19 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-31 13:28 - 2015-07-31 18:37 - 000000000 ____D C:\temp
2018-01-31 13:20 - 2017-05-28 08:37 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-29 19:05 - 2017-08-28 12:14 - 000000000 ____D C:\Users\owner\Desktop\T-Mobile Promotions
2018-01-29 08:49 - 2016-12-21 12:37 - 000000000 ____D C:\Users\owner\Desktop\SIMS For Re-Use
2018-01-24 09:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-24 09:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-23 19:23 - 2017-11-15 14:26 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-01-23 19:23 - 2017-11-15 14:26 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-01-23 19:23 - 2017-11-15 14:26 - 000057928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-01-23 19:23 - 2017-11-15 14:26 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-01-23 18:11 - 2017-05-28 08:37 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-01-23 17:57 - 2017-05-28 08:37 - 005950024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 000633328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-01-23 17:57 - 2017-05-28 08:37 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-01-22 00:46 - 2017-05-28 08:37 - 007947791 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2016-11-01 09:11 - 2017-07-03 11:02 - 000000437 _____ () C:\Users\owner\AppData\Roaming\dxr32.ini
2018-01-10 12:56 - 2018-01-10 12:56 - 000003584 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-22 18:21 - 2017-11-22 18:21 - 000007601 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2016-08-24 09:41 - 2016-08-24 09:41 - 000000173 _____ () C:\Users\owner\AppData\Local\uts.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-13 09:58

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by owner (16-02-2018 15:37:38)
Running from C:\Users\owner\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-25 03:03:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3489507026-1987670139-2231328016-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3489507026-1987670139-2231328016-503 - Limited - Disabled)
Guest (S-1-5-21-3489507026-1987670139-2231328016-501 - Limited - Disabled)
owner (S-1-5-21-3489507026-1987670139-2231328016-1000 - Administrator - Enabled) => C:\Users\owner
WDAGUtilityAccount (S-1-5-21-3489507026-1987670139-2231328016-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ThreatTrack Security VIPRE (Enabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat  8 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\{22AF9D99-A980-4071-A0BD-1D0BB956B9EA}) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\{158D6908-7A47-4126-BFB4-D0C2F9ACC9BE}) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\{3371DF75-3590-4993-A5D9-17F078B7DA16}) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{82F9EC2D-0230-EA2E-71DC-DF9CEB458187}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Audio Product Tool (HKLM-x32\...\{032D9888-CC94-4AD6-9451-481CB7D67061}) (Version: 1.04 - Actions)
Auslogics BitReplica (HKLM-x32\...\{B6AEA771-9737-41A2-AA07-772CB1A1CC27}_is1) (Version: 2.1.1.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 7.0.4.0 - Auslogics Labs Pty Ltd)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version:  - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Tune 6 B14.1020.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B14.1020.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-420 Series Printer Uninstall (HKLM\...\EPSON XP-420 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Lexmark Network Twain Scan Driver (HKLM-x32\...\{57799805-67CC-4401-5C6F-540D2E3DDE40}) (Version: 1.17.108.0 - Lexmark International, Inc.)
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 35.0.0.0 - NETGEAR)
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{FCCF4B77-432F-EA83-4289-40C1DFA14C85}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
TMobileTokenService (HKLM-x32\...\{8A9D6C96-C030-42CF-AD64-8E22ADBF809E}) (Version: 1.1.5179 - T-Mobile USA)
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
VIPRE Advanced Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.1.4.33 - VIPRE Security)
VIPRE Advanced Security (HKLM-x32\...\{E1377055-4C72-404B-80DB-947417085383}) (Version: 10.1.4.33 - ThreatTrack Security, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Wave Editor 3.3.5.1 (HKLM-x32\...\Wave Editor_is1) (Version: 3.3.5.1 - AbyssMedia.com)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd)
ContextMenuHandlers1-x32: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2017-07-25] (VIPRE Security)
ContextMenuHandlers1-x32: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers2: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers4: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2017-07-25] (VIPRE Security)
ContextMenuHandlers4: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.)
ContextMenuHandlers6-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BBB55F-3C22-44B8-8DD0-FFEFECB2240B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {030EB4D7-8C89-41F8-A970-714D0DE779E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {085E8FF7-C81E-41C8-85AC-AF7DE70C0E9F} - System32\Tasks\Auslogics\BitReplica\Profile 47C1AAB7 => C:\Program Files (x86)\Auslogics\BitReplica\BitReplica.exe [2017-08-25] (Auslogics)
Task: {158A31DB-B801-4CB7-8B8B-F351580199D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1632767D-C016-460A-B894-387F055A7D74} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {165305EE-8A9E-4132-8F1B-CFDE81A1DA40} - System32\Tasks\S-1-5-21-3489507026-1987670139-2231328016-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {19640384-989F-4A72-B005-AA164BA77E7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2074E3A3-67A3-4C81-A090-E5B906B557DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24709228-E740-487E-95CF-0B10B995A1B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2524B902-58BC-4C6B-957E-5126A59278DC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {29887656-37B3-47AA-A61E-238C0C0F0771} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A1C1AF0-46D3-4F39-8294-62A9E0ED6325} - System32\Tasks\AutoKMSDaily => C:\WINDOWS\AutoKMS.exe [2017-05-11] ()
Task: {2A5F30E4-7B1B-4518-BA9D-83D3DF6E4595} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {40C75F2F-E2F5-4F65-BD2A-45C5A212E251} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {426A1965-15DC-4B63-B3F1-CFE9F805269C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {44D1A7A3-BA1E-4B80-AF76-2BA242C75999} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C4CF236-9EBD-4CA8-9181-B53B5F972824} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50F2CA73-6927-4F02-AEDD-ACD639AE59D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {54711D97-4F24-4CE1-844A-D3088600A4AC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2017-05-11] ()
Task: {5A9F4B05-8589-4A7B-BB8B-4BEC57C700ED} - System32\Tasks\WiseCleaner\WSMSkipUAC => C:\Program Files (x86)\Wise\Wise System Monitor\WiseSystemMonitor.exe
Task: {5EBEA8F7-BAEE-4785-8B0E-A065092C7690} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F5E7838-E657-4C0A-B42C-50A91E041BF5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {907F38FC-91E3-4781-BC15-079DA84FD51E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {93CE1F8C-7645-46CE-992E-FFDA5FA89293} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9750D210-2941-466C-B567-013A29677AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-15] (Google Inc.)
Task: {988A1F3F-F637-48F7-B485-525D66BA1D05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {994AAFF5-3E6F-46C6-8987-A6517C3DC264} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9A0BF857-98F4-472F-912A-9458468B8B03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7484C66-6833-4AF7-BB2D-F3076A454A7F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B439229D-3813-46C4-AD25-55733D6D1E20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-15] (Google Inc.)
Task: {B9758FE6-6F14-485B-B53A-EBCC47160FF0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE5CD942-03A1-43F6-BE24-A7C4254F74CE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BF2AA48D-D006-483D-8B78-06BC2D4B09D8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D02FBCBB-3484-4893-A1B5-20EF6999D8F4} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2015-03-11] (Piriform Ltd)
Task: {D8F1429A-D6DD-42CA-A60A-E2B0C9D333E8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0151D47-C837-4DCA-8330-D1EE67614E21} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E7D08540-D204-488B-B1C4-6F3A06A77F1A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFDDEE16-63F6-4B88-938C-0F30AE548F64} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F572CF59-7EEE-45F9-906F-3CC1283E0EC7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\owner\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\owner\Documents\TECHTRADES\H\Documents and Settings\Doug\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-10 16:27 - 2018-01-23 19:23 - 000544240 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-01-19 12:01 - 2018-01-10 09:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-03-05 00:31 - 2015-03-05 00:31 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 09:08 - 2014-02-11 09:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 09:08 - 2014-02-11 09:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2017-04-15 12:20 - 2009-05-29 08:41 - 001492480 _____ () C:\Program Files\Lexmark\X264dn\lmabdrs64.dll
2017-04-15 12:20 - 2009-05-29 08:41 - 000022528 _____ () C:\Program Files\Lexmark\X264dn\lmabcaps64.dll
2017-08-17 20:39 - 2014-03-14 15:31 - 000018944 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-12-12 18:14 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 18:14 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-15 12:59 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-15 12:59 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-15 10:37 - 2018-02-12 23:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll
2018-02-15 10:37 - 2018-02-12 23:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll
2016-12-02 20:39 - 2016-12-02 20:39 - 000260088 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2017-11-16 10:20 - 2015-06-26 02:13 - 000184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2017-11-16 10:20 - 2015-06-26 02:13 - 000175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2015-06-26 02:13 - 2015-06-26 02:13 - 000184184 _____ () C:\VIPRERESCUE\Definitions\libBase64.dll
2015-06-26 02:13 - 2015-06-26 02:13 - 000175992 _____ () C:\VIPRERESCUE\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\owner\Desktop\VIPRERescue.exe:BDU [0]
AlternateDataStreams: C:\Users\owner\Downloads\auslogics-bitreplica-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\owner\Downloads\ChromeSetup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VipreEdgeProtection => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\blank -> blank

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-11-13 08:17 - 000001738 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1     www.sunbeltsoftware.com
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/register/
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/autoget/
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/update/
0.0.0.0         www.sunbeltsoftware.com
0.0.0.0         www.sunbeltsoftware.com/keys/405/register/
0.0.0.0         www.sunbeltsoftware.com/keys/405/autoget/
0.0.0.0         www.sunbeltsoftware.com/keys/405/update/
127.0.0.1     www.sunbeltsoftware.com
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/register/
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/autoget/
127.0.0.1       http://www.sunbeltsoftware.com/keys/405/update/
0.0.0.0         www.sunbeltsoftware.com
0.0.0.0         www.sunbeltsoftware.com/keys/405/register/
0.0.0.0         www.sunbeltsoftware.com/keys/405/autoget/
0.0.0.0         www.sunbeltsoftware.com/keys/405/update/

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.76.84.102 - 75.76.84.103
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "LanuchApp"
HKLM\...\StartupApproved\Run: => "LMPSSDMON"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run: => "SBRegRebootCleaner"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\StartupFolder: => "Sidebar506.lnk"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "LMab1err"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "MaxiBuy"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2F599444-6EE0-4EB6-A0FB-575E2E4B8964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{69211ACD-0E6E-4134-9E36-D1BA140DD08C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{8230FA16-28E4-49B0-B9BC-AFC824E76F98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4F63530C-2A1B-4D2C-BA5F-D16AB9114826}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9976F3A7-99D3-4908-AFA3-953BB0E56477}] => (Allow) LPort=26675
FirewallRules: [{6DAB9353-EB50-40F9-8B80-2B275BA6DE6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2E587C33-0E87-4566-ABD2-98C71A21163E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DE6FCC59-F89D-403E-A24C-AABD0D0B7EFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{92408D58-A038-4ECD-B25A-41BB318EEBE7}] => (Allow) LPort=58172
FirewallRules: [UDP Query User{D427C5C5-C13B-48A0-A35A-B7F8A6018CB6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{A298C3C8-07CD-411B-BEEF-68E8F3A4889E}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{322F3ECB-6EAF-4CD6-9B92-548F11815251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0515809D-0357-4B8D-9EA8-1D28B1FD8294}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31CCA91A-BB6E-44F1-A292-6FCFF72B128E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96FF9455-FA95-47A9-99D3-D9473D76D346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCF757D6-FE0E-48D7-A39F-EAE8509E411F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F8A648D6-479D-4563-9B2D-44C13B39B7AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{15733222-87E6-4580-A791-3107CA75B691}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{848B82FB-38E5-45C3-9B2F-E337A42DCDE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58291734-E0E0-456F-A55B-A57E45978E19}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{028564C9-F07E-4419-BA57-3DC4C2118C66}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{ABAA42EC-5C9A-4928-8E0D-2733AA599BC6}] => (Allow) C:\WINDOWS\system32\LMabcoms.exe
FirewallRules: [TCP Query User{3E55DB69-830F-40D1-A5A0-6705414F99AF}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{658D1B8F-D972-43B8-8159-7C46CCCE926B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{9719AE9F-0B63-4229-9B36-8D71FF84CD2A}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{0DCEAB33-8D29-4476-A36F-7C5608F79892}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{B00DEFCE-7F48-4016-8550-F1ED19CDDF98}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{9747A64E-496D-44BC-94B4-F104AA996AC9}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{EA42D749-2544-4EB1-8FBE-2A797B9AD9B6}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{C55B5E33-ED5D-485D-94B0-F9B4C5419AB8}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe
FirewallRules: [{16823520-B1A9-4388-B5D4-50ACCA8A8D5A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4A032CCE-2167-4C4C-88E5-E7BDD1C15060}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B319333-7A1B-46DD-A013-75D827584F60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{21D81F9C-1466-4DD5-B259-C66109F86054}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{49F76EAB-D623-4EE5-B459-BFD687E610CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D1C4C233-A882-477B-B423-93DBFC8AF792}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F76AB3C3-F4E5-47CE-9DF9-7D6DA928FECA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{455873E8-A767-40B3-9873-81E210BF4324}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E432283E-7949-46A7-A856-0A75BC31F575}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F412B335-EB69-4846-B5F4-2E39DB94F95D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{86D9D519-602A-40A6-ABBE-61D738613687}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2018 01:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xe0434352
Fault offset: 0x0000000000013fb8
Faulting process id: 0x111c
Faulting application start time: 0x01d3a68aa00251df
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 46c6be6d-6aa8-4bf5-a458-6815583e108e
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/15/2018 01:37:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Service_KMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
   at Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (02/14/2018 03:10:52 PM) (Source: MsiInstaller) (EventID: 11719) (User: owner-PC)
Description: Product: ESET Security -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/14/2018 01:15:40 PM) (Source: MsiInstaller) (EventID: 11922) (User: owner-PC)
Description: Product: ESET Security -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted.  Verify that you have sufficient privileges to remove system services.

Error: (02/14/2018 01:11:31 PM) (Source: MsiInstaller) (EventID: 11922) (User: owner-PC)
Description: Product: ESET Security -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted.  Verify that you have sufficient privileges to remove system services.

Error: (02/14/2018 12:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 64.0.3282.167, time stamp: 0x5a8260ef
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000078f30440
Faulting process id: 0x470
Faulting application start time: 0x01d3a5bc6f413caf
Faulting application path: c:\program files (x86)\google\chrome\application\chrome.exe
Faulting module path: unknown
Report Id: 1f4cc261-7722-408d-aab0-1159b1658598
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/13/2018 09:53:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HitmanPro_x64.exe version 3.8.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1aac

Start Time: 01d3a53d53f21071

Termination Time: 4294967295

Application Path: C:\Users\owner\Documents\Cracks\Virus Package\HitmanPro_x64.exe

Report Id: dc2bda05-a734-44d7-9c23-00bad3dcf6d3

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/13/2018 06:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xe0434352
Fault offset: 0x0000000000013fb8
Faulting process id: 0x1100
Faulting application start time: 0x01d3a51e9e93a9ca
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d98fe8e6-3ab4-4d9f-a00c-7a8902385fe1
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (02/16/2018 02:52:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.

Error: (02/16/2018 01:48:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.

Error: (02/16/2018 01:44:56 PM) (Source: DCOM) (EventID: 10016) (User: owner-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user owner-PC\owner SID (S-1-5-21-3489507026-1987670139-2231328016-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/16/2018 01:34:03 PM) (Source: DCOM) (EventID: 10016) (User: owner-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user owner-PC\owner SID (S-1-5-21-3489507026-1987670139-2231328016-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/16/2018 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/16/2018 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/16/2018 01:32:53 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xfffff802a246f010, 0x00000000000000ff, 0x0000000000000000, 0xfffff8029f7b95ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3c36de2c-b04e-4cf8-9445-c0fec4e2fe4a.

Error: (02/16/2018 01:32:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:22:54 PM on ‎2/‎16/‎2018 was unexpected.


Windows Defender:
===================================
Date: 2018-02-14 10:31:02.554
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0
Name: HackTool:Win32/Wpakill.B
ID: 2147634461
Severity: Medium
Category: Tool
Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe;file:_C:\Windows\Temp\tmp00005619\tmp00000122
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-14 10:30:58.284
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0
Name: HackTool:Win32/Wpakill.B
ID: 2147634461
Severity: Medium
Category: Tool
Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Windows\Temp\tmp00005619\tmp00000122
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-14 10:30:56.724
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0
Name: HackTool:Win32/Wpakill.B
ID: 2147634461
Severity: Medium
Category: Tool
Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-13 16:35:39.493
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0
Name: HackTool:Win32/Wpakill.B
ID: 2147634461
Severity: Medium
Category: Tool
Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-13 15:09:03.329
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0
Name: HackTool:Win32/Wpakill.B
ID: 2147634461
Severity: Medium
Category: Tool
Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2017-11-26 15:13:06.293
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Powessere.D&threatid=2147690011&enterprise=0
Name: Behavior:Win32/Powessere.D
ID: 2147690011
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:6928:50247080127395;process:_pid:6928
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070005
Error description: Access is denied. 
Signature Version: AV: 1.257.1001.0, AS: 1.257.1001.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0

Date: 2017-11-25 06:13:50.367
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Powessere.D&threatid=2147690011&enterprise=0
Name: Behavior:Win32/Powessere.D
ID: 2147690011
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:6928:50247080127395;process:_pid:6928,ProcessStart:131560570400489736
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe
Action: Quarantine
Action Status:  To finish removing malware and other potentially unwanted software, restart the device. 
Error Code: 0x80070005
Error description: Access is denied. 
Signature Version: AV: 1.257.856.0, AS: 1.257.856.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0

CodeIntegrity:
===================================

Date: 2018-02-16 15:35:39.102
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 15:34:36.919
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 13:34:57.085
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 11:50:30.559
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 09:58:32.952
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\VIPRE\Definitions\aap_sig\1518776084\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 09:17:05.199
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 09:17:02.560
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-16 09:16:45.608
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: AMD Athlon(tm) X4 860K Quad Core Processor 
Percentage of memory in use: 27%
Total physical RAM: 16327.27 MB
Available physical RAM: 11815.94 MB
Total Virtual: 32711.27 MB
Available Virtual: 28040.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:783.71 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:324.91 GB) NTFS

\\?\Volume{29a66cae-7387-11e5-9941-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1baee933-0000-0000-0000-90c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1BAEE933)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 8D1D9AB3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

The good news is that there are no obvious signs of any infection on the PC, so the issue is isolated to the browser(s)

There are signs of pirated software on the PC though and having stolen software on the PC brings about it's own set of security risks. You will be much more vulnerable to exploitation.

I recommend uninstalling the pirated programs (Threattrack Security, Office)

Please confirm that the blocks only occur while using FireFox and Chrome and not IE or Edge?

If it is isolated to Chrome and FireFox, then those browsers need to be completely uninstalled and re-installed and the profile folders deleted.

 

Chrome also needs to be unsynced or the problem will return.

https://support.google.com/chrome/answer/95319?co=GENIE.Platform%3DDesktop&hl=en

https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer 

 

Make sure you follow the instructions for removing the user data and settings.

 

Please let me know how it goes

 


 

Share this post


Link to post
Share on other sites

Isolated to Chrome ONLY, no other browser. So Unsync Chrome and Uninstall in that order? 

Share this post


Link to post
Share on other sites

yes,

Back up your bookmarks first before you uninstall.

Be sure to delete the profile folder as well:

(type %appdata% into the search box to open the folder)

C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default << right click and delete this folder

Note: “AppData” is a hidden folder, so you will need to show hidden files and folders.

Share this post


Link to post
Share on other sites

Got it.... I will do all this in just a few as I need to close out a few VPN's etc..... I will open Firefox and use that while deleting chrome...

 

I will report back as soon as I can. Hopefully this will get rid of it. I figured it was isolated to Chrome.

Edited by rekamyenoM

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.