Jump to content

rekamyenoM

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Las Vegas Nevada
  • Interests
    Sports Handicapping

Recent Profile Visitors

2,361 profile views
  1. Once again appreciate all the help and good advice.... Agreed with trying to find the mouse, just burn the barn down, lol. I am usually super careful, I must have had my pants down somewhere, lol. I'm going to try uBlock, been using Adblock Plus for so many years.. Thanks again!
  2. REALLY appreciate your help!!!!!!!!!!!!!!!!!!!!!!!! This stuff was killing me and I'M an IT guy. I guess I should have thought of Uninstalling, but I wanted to try to find the root of the issue, not just uninstall it, lol. As long as it stays gone and I prevent it from coming back. I'm putting you on my Christmas list, Lol.....
  3. I'm Back... Re-Installed Chrome. So far (knock on wood) no pop-ups. Any idea why this is? What the hell im-bedded itself in Chrome? Should I stay away from chrome in your opinion?
  4. No User data folder, gone. Found Chrome folder in AppData, wiped it all out. All Gone now. I will re-install chrome and report back.
  5. Okay deleted Chrome and no profile folder in C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default I must have deleted it.... Now I can reinstall Chrome?
  6. Got it.... I will do all this in just a few as I need to close out a few VPN's etc..... I will open Firefox and use that while deleting chrome... I will report back as soon as I can. Hopefully this will get rid of it. I figured it was isolated to Chrome.
  7. Isolated to Chrome ONLY, no other browser. So Unsync Chrome and Uninstall in that order?
  8. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018 Ran by owner (16-02-2018 15:37:38) Running from C:\Users\owner\Desktop Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-25 03:03:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3489507026-1987670139-2231328016-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3489507026-1987670139-2231328016-503 - Limited - Disabled) Guest (S-1-5-21-3489507026-1987670139-2231328016-501 - Limited - Disabled) owner (S-1-5-21-3489507026-1987670139-2231328016-1000 - Administrator - Enabled) => C:\Users\owner WDAGUtilityAccount (S-1-5-21-3489507026-1987670139-2231328016-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ThreatTrack Security VIPRE (Enabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden Adobe Acrobat 8 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard) (Version: 8.0.0 - Adobe Systems) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\{22AF9D99-A980-4071-A0BD-1D0BB956B9EA}) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Flash Player 28 NPAPI (HKLM-x32\...\{158D6908-7A47-4126-BFB4-D0C2F9ACC9BE}) (Version: 28.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 28 PPAPI (HKLM-x32\...\{3371DF75-3590-4993-A5D9-17F078B7DA16}) (Version: 28.0.0.137 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{82F9EC2D-0230-EA2E-71DC-DF9CEB458187}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Audio Product Tool (HKLM-x32\...\{032D9888-CC94-4AD6-9451-481CB7D67061}) (Version: 1.04 - Actions) Auslogics BitReplica (HKLM-x32\...\{B6AEA771-9737-41A2-AA07-772CB1A1CC27}_is1) (Version: 2.1.1.0 - Auslogics Software Pty Ltd) Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 7.0.4.0 - Auslogics Labs Pty Ltd) AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: - Online Media Technologies Ltd.) AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - ) Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) Easy Tune 6 B14.1020.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden Easy Tune 6 B14.1020.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION) EPSON XP-420 Series Printer Uninstall (HKLM\...\EPSON XP-420 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP) ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Lexmark Network Twain Scan Driver (HKLM-x32\...\{57799805-67CC-4401-5C6F-540D2E3DDE40}) (Version: 1.17.108.0 - Lexmark International, Inc.) Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version: - Lexmark International, Inc.) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla) Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 35.0.0.0 - NETGEAR) Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation) NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation) NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{FCCF4B77-432F-EA83-4289-40C1DFA14C85}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.) Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer) Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium) TMobileTokenService (HKLM-x32\...\{8A9D6C96-C030-42CF-AD64-8E22ADBF809E}) (Version: 1.1.5179 - T-Mobile USA) Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden VIPRE Advanced Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.1.4.33 - VIPRE Security) VIPRE Advanced Security (HKLM-x32\...\{E1377055-4C72-404B-80DB-947417085383}) (Version: 10.1.4.33 - ThreatTrack Security, Inc.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Wave Editor 3.3.5.1 (HKLM-x32\...\Wave Editor_is1) (Version: 3.3.5.1 - AbyssMedia.com) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) CustomCLSID: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.) ContextMenuHandlers1-x32: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.) ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd) ContextMenuHandlers1-x32: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2017-07-25] (VIPRE Security) ContextMenuHandlers1-x32: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security) ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.) ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.) ContextMenuHandlers2: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.) ContextMenuHandlers4: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2017-07-25] (VIPRE Security) ContextMenuHandlers4: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2017-07-25] (VIPRE Security) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation) ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [2006-10-22] (Adobe Systems Inc.) ContextMenuHandlers6-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2008-09-08] (WinZip Computing, S.L.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01BBB55F-3C22-44B8-8DD0-FFEFECB2240B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {030EB4D7-8C89-41F8-A970-714D0DE779E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {085E8FF7-C81E-41C8-85AC-AF7DE70C0E9F} - System32\Tasks\Auslogics\BitReplica\Profile 47C1AAB7 => C:\Program Files (x86)\Auslogics\BitReplica\BitReplica.exe [2017-08-25] (Auslogics) Task: {158A31DB-B801-4CB7-8B8B-F351580199D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1632767D-C016-460A-B894-387F055A7D74} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {165305EE-8A9E-4132-8F1B-CFDE81A1DA40} - System32\Tasks\S-1-5-21-3489507026-1987670139-2231328016-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation) Task: {19640384-989F-4A72-B005-AA164BA77E7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {2074E3A3-67A3-4C81-A090-E5B906B557DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {24709228-E740-487E-95CF-0B10B995A1B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2524B902-58BC-4C6B-957E-5126A59278DC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {29887656-37B3-47AA-A61E-238C0C0F0771} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2A1C1AF0-46D3-4F39-8294-62A9E0ED6325} - System32\Tasks\AutoKMSDaily => C:\WINDOWS\AutoKMS.exe [2017-05-11] () Task: {2A5F30E4-7B1B-4518-BA9D-83D3DF6E4595} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {40C75F2F-E2F5-4F65-BD2A-45C5A212E251} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {426A1965-15DC-4B63-B3F1-CFE9F805269C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {44D1A7A3-BA1E-4B80-AF76-2BA242C75999} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4C4CF236-9EBD-4CA8-9181-B53B5F972824} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {50F2CA73-6927-4F02-AEDD-ACD639AE59D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {54711D97-4F24-4CE1-844A-D3088600A4AC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe [2017-05-11] () Task: {5A9F4B05-8589-4A7B-BB8B-4BEC57C700ED} - System32\Tasks\WiseCleaner\WSMSkipUAC => C:\Program Files (x86)\Wise\Wise System Monitor\WiseSystemMonitor.exe Task: {5EBEA8F7-BAEE-4785-8B0E-A065092C7690} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6F5E7838-E657-4C0A-B42C-50A91E041BF5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {907F38FC-91E3-4781-BC15-079DA84FD51E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {93CE1F8C-7645-46CE-992E-FFDA5FA89293} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {9750D210-2941-466C-B567-013A29677AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-15] (Google Inc.) Task: {988A1F3F-F637-48F7-B485-525D66BA1D05} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {994AAFF5-3E6F-46C6-8987-A6517C3DC264} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9A0BF857-98F4-472F-912A-9458468B8B03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A7484C66-6833-4AF7-BB2D-F3076A454A7F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B439229D-3813-46C4-AD25-55733D6D1E20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-15] (Google Inc.) Task: {B9758FE6-6F14-485B-B53A-EBCC47160FF0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BE5CD942-03A1-43F6-BE24-A7C4254F74CE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {BF2AA48D-D006-483D-8B78-06BC2D4B09D8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D02FBCBB-3484-4893-A1B5-20EF6999D8F4} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2015-03-11] (Piriform Ltd) Task: {D8F1429A-D6DD-42CA-A60A-E2B0C9D333E8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E0151D47-C837-4DCA-8330-D1EE67614E21} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E7D08540-D204-488B-B1C4-6F3A06A77F1A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EFDDEE16-63F6-4B88-938C-0F30AE548F64} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {F572CF59-7EEE-45F9-906F-3CC1283E0EC7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe Task: C:\WINDOWS\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\owner\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\owner\Documents\TECHTRADES\H\Documents and Settings\Doug\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-01-10 16:27 - 2018-01-23 19:23 - 000544240 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll 2017-01-19 12:01 - 2018-01-10 09:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-03-05 00:31 - 2015-03-05 00:31 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 09:08 - 2014-02-11 09:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 09:08 - 2014-02-11 09:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2017-04-15 12:20 - 2009-05-29 08:41 - 001492480 _____ () C:\Program Files\Lexmark\X264dn\lmabdrs64.dll 2017-04-15 12:20 - 2009-05-29 08:41 - 000022528 _____ () C:\Program Files\Lexmark\X264dn\lmabcaps64.dll 2017-08-17 20:39 - 2014-03-14 15:31 - 000018944 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe 2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2017-12-12 18:14 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-12 18:14 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-02-15 12:59 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-02-15 12:59 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-02-15 10:37 - 2018-02-12 23:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll 2018-02-15 10:37 - 2018-02-12 23:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll 2016-12-02 20:39 - 2016-12-02 20:39 - 000260088 _____ () C:\Program Files (x86)\VIPRE\unrar.dll 2017-11-16 10:20 - 2015-06-26 02:13 - 000184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll 2017-11-16 10:20 - 2015-06-26 02:13 - 000175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll 2015-06-26 02:13 - 2015-06-26 02:13 - 000184184 _____ () C:\VIPRERESCUE\Definitions\libBase64.dll 2015-06-26 02:13 - 2015-06-26 02:13 - 000175992 _____ () C:\VIPRERESCUE\Definitions\libMachoUniv.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\owner\Desktop\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\owner\Desktop\VIPRERescue.exe:BDU [0] AlternateDataStreams: C:\Users\owner\Downloads\auslogics-bitreplica-setup.exe:BDU [0] AlternateDataStreams: C:\Users\owner\Downloads\ChromeSetup.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VipreEdgeProtection => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\blank -> blank ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-11-13 08:17 - 000001738 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.sunbeltsoftware.com 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/register/ 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/autoget/ 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/update/ 0.0.0.0 www.sunbeltsoftware.com 0.0.0.0 www.sunbeltsoftware.com/keys/405/register/ 0.0.0.0 www.sunbeltsoftware.com/keys/405/autoget/ 0.0.0.0 www.sunbeltsoftware.com/keys/405/update/ 127.0.0.1 www.sunbeltsoftware.com 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/register/ 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/autoget/ 127.0.0.1 http://www.sunbeltsoftware.com/keys/405/update/ 0.0.0.0 www.sunbeltsoftware.com 0.0.0.0 www.sunbeltsoftware.com/keys/405/register/ 0.0.0.0 www.sunbeltsoftware.com/keys/405/autoget/ 0.0.0.0 www.sunbeltsoftware.com/keys/405/update/ ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 75.76.84.102 - 75.76.84.103 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "LanuchApp" HKLM\...\StartupApproved\Run: => "LMPSSDMON" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center" HKLM\...\StartupApproved\Run: => "SBRegRebootCleaner" HKLM\...\StartupApproved\Run: => "egui" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\StartupFolder: => "Sidebar506.lnk" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "LMab1err" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "OneDriveSetup" HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\StartupApproved\Run: => "MaxiBuy" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2F599444-6EE0-4EB6-A0FB-575E2E4B8964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{69211ACD-0E6E-4134-9E36-D1BA140DD08C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [UDP Query User{8230FA16-28E4-49B0-B9BC-AFC824E76F98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{4F63530C-2A1B-4D2C-BA5F-D16AB9114826}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{9976F3A7-99D3-4908-AFA3-953BB0E56477}] => (Allow) LPort=26675 FirewallRules: [{6DAB9353-EB50-40F9-8B80-2B275BA6DE6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{2E587C33-0E87-4566-ABD2-98C71A21163E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{DE6FCC59-F89D-403E-A24C-AABD0D0B7EFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{92408D58-A038-4ECD-B25A-41BB318EEBE7}] => (Allow) LPort=58172 FirewallRules: [UDP Query User{D427C5C5-C13B-48A0-A35A-B7F8A6018CB6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{A298C3C8-07CD-411B-BEEF-68E8F3A4889E}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{322F3ECB-6EAF-4CD6-9B92-548F11815251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0515809D-0357-4B8D-9EA8-1D28B1FD8294}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{31CCA91A-BB6E-44F1-A292-6FCFF72B128E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{96FF9455-FA95-47A9-99D3-D9473D76D346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FCF757D6-FE0E-48D7-A39F-EAE8509E411F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{F8A648D6-479D-4563-9B2D-44C13B39B7AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{15733222-87E6-4580-A791-3107CA75B691}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{848B82FB-38E5-45C3-9B2F-E337A42DCDE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{58291734-E0E0-456F-A55B-A57E45978E19}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{028564C9-F07E-4419-BA57-3DC4C2118C66}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{ABAA42EC-5C9A-4928-8E0D-2733AA599BC6}] => (Allow) C:\WINDOWS\system32\LMabcoms.exe FirewallRules: [TCP Query User{3E55DB69-830F-40D1-A5A0-6705414F99AF}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{658D1B8F-D972-43B8-8159-7C46CCCE926B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{9719AE9F-0B63-4229-9B36-8D71FF84CD2A}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{0DCEAB33-8D29-4476-A36F-7C5608F79892}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{B00DEFCE-7F48-4016-8550-F1ED19CDDF98}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{9747A64E-496D-44BC-94B4-F104AA996AC9}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{EA42D749-2544-4EB1-8FBE-2A797B9AD9B6}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{C55B5E33-ED5D-485D-94B0-F9B4C5419AB8}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe FirewallRules: [{16823520-B1A9-4388-B5D4-50ACCA8A8D5A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{4A032CCE-2167-4C4C-88E5-E7BDD1C15060}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{5B319333-7A1B-46DD-A013-75D827584F60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{21D81F9C-1466-4DD5-B259-C66109F86054}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{49F76EAB-D623-4EE5-B459-BFD687E610CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D1C4C233-A882-477B-B423-93DBFC8AF792}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F76AB3C3-F4E5-47CE-9DF9-7D6DA928FECA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{455873E8-A767-40B3-9873-81E210BF4324}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E432283E-7949-46A7-A856-0A75BC31F575}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F412B335-EB69-4846-B5F4-2E39DB94F95D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{86D9D519-602A-40A6-ABBE-61D738613687}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Microsoft Kernel Debug Network Adapter Description: Microsoft Kernel Debug Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: kdnic Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/15/2018 01:37:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c Exception code: 0xe0434352 Fault offset: 0x0000000000013fb8 Faulting process id: 0x111c Faulting application start time: 0x01d3a68aa00251df Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 46c6be6d-6aa8-4bf5-a458-6815583e108e Faulting package full name: Faulting package-relative application ID: Error: (02/15/2018 01:37:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Service_KMS.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException at System.IO.__Error.WinIOError(Int32, System.String) at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean) at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean) at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean) at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding) at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding) at Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (02/14/2018 03:10:52 PM) (Source: MsiInstaller) (EventID: 11719) (User: owner-PC) Description: Product: ESET Security -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (02/14/2018 01:15:40 PM) (Source: MsiInstaller) (EventID: 11922) (User: owner-PC) Description: Product: ESET Security -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted. Verify that you have sufficient privileges to remove system services. Error: (02/14/2018 01:11:31 PM) (Source: MsiInstaller) (EventID: 11922) (User: owner-PC) Description: Product: ESET Security -- Error 1922. Service 'ESET Service' (ekrn) could not be deleted. Verify that you have sufficient privileges to remove system services. Error: (02/14/2018 12:51:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 64.0.3282.167, time stamp: 0x5a8260ef Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000078f30440 Faulting process id: 0x470 Faulting application start time: 0x01d3a5bc6f413caf Faulting application path: c:\program files (x86)\google\chrome\application\chrome.exe Faulting module path: unknown Report Id: 1f4cc261-7722-408d-aab0-1159b1658598 Faulting package full name: Faulting package-relative application ID: Error: (02/13/2018 09:53:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HitmanPro_x64.exe version 3.8.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1aac Start Time: 01d3a53d53f21071 Termination Time: 4294967295 Application Path: C:\Users\owner\Documents\Cracks\Virus Package\HitmanPro_x64.exe Report Id: dc2bda05-a734-44d7-9c23-00bad3dcf6d3 Faulting package full name: Faulting package-relative application ID: Error: (02/13/2018 06:11:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c Exception code: 0xe0434352 Fault offset: 0x0000000000013fb8 Faulting process id: 0x1100 Faulting application start time: 0x01d3a51e9e93a9ca Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: d98fe8e6-3ab4-4d9f-a00c-7a8902385fe1 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (02/16/2018 02:52:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: Access is denied. Error: (02/16/2018 01:48:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: Access is denied. Error: (02/16/2018 01:44:56 PM) (Source: DCOM) (EventID: 10016) (User: owner-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user owner-PC\owner SID (S-1-5-21-3489507026-1987670139-2231328016-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/16/2018 01:34:03 PM) (Source: DCOM) (EventID: 10016) (User: owner-PC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user owner-PC\owner SID (S-1-5-21-3489507026-1987670139-2231328016-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/16/2018 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/16/2018 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/16/2018 01:32:53 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff802a246f010, 0x00000000000000ff, 0x0000000000000000, 0xfffff8029f7b95ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3c36de2c-b04e-4cf8-9445-c0fec4e2fe4a. Error: (02/16/2018 01:32:28 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:22:54 PM on ‎2/‎16/‎2018 was unexpected. Windows Defender: =================================== Date: 2018-02-14 10:31:02.554 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0 Name: HackTool:Win32/Wpakill.B ID: 2147634461 Severity: Medium Category: Tool Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe;file:_C:\Windows\Temp\tmp00005619\tmp00000122 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0 Date: 2018-02-14 10:30:58.284 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0 Name: HackTool:Win32/Wpakill.B ID: 2147634461 Severity: Medium Category: Tool Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Windows\Temp\tmp00005619\tmp00000122 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0 Date: 2018-02-14 10:30:56.724 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0 Name: HackTool:Win32/Wpakill.B ID: 2147634461 Severity: Medium Category: Tool Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0 Date: 2018-02-13 16:35:39.493 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0 Name: HackTool:Win32/Wpakill.B ID: 2147634461 Severity: Medium Category: Tool Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0 Date: 2018-02-13 15:09:03.329 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill.B&threatid=2147634461&enterprise=0 Name: HackTool:Win32/Wpakill.B ID: 2147634461 Severity: Medium Category: Tool Path: file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky 2.2.6.exe;file:_C:\Users\owner\Documents\Cracks\Kaspersky2.2.6\Kaspersky_2.2.6.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Signature Version: AV: 1.261.1143.0, AS: 1.261.1143.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0 Date: 2017-11-26 15:13:06.293 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Powessere.D&threatid=2147690011&enterprise=0 Name: Behavior:Win32/Powessere.D ID: 2147690011 Severity: Severe Category: Suspicious Behavior Path: behavior:_pid:6928:50247080127395;process:_pid:6928 Detection Origin: Unknown Detection Type: Concrete Detection Source: Unknown Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.257.1001.0, AS: 1.257.1001.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0 Date: 2017-11-25 06:13:50.367 Description: Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Powessere.D&threatid=2147690011&enterprise=0 Name: Behavior:Win32/Powessere.D ID: 2147690011 Severity: Severe Category: Suspicious Behavior Path: behavior:_pid:6928:50247080127395;process:_pid:6928,ProcessStart:131560570400489736 Detection Origin: Unknown Detection Type: Concrete Detection Source: Unknown Process Name: C:\Program Files (x86)\VIPRE\SBAMSvc.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the device. Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.257.856.0, AS: 1.257.856.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14306.0, NIS: 2.1.14202.0 CodeIntegrity: =================================== Date: 2018-02-16 15:35:39.102 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 15:34:36.919 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 13:34:57.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 11:50:30.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 09:58:32.952 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\VIPRE\Definitions\aap_sig\1518776084\avcuf64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 09:17:05.199 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 09:17:02.560 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements. Date: 2018-02-16 09:16:45.608 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD Athlon(tm) X4 860K Quad Core Processor Percentage of memory in use: 27% Total physical RAM: 16327.27 MB Available physical RAM: 11815.94 MB Total Virtual: 32711.27 MB Available Virtual: 28040.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.97 GB) (Free:783.71 GB) NTFS Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:324.91 GB) NTFS \\?\Volume{29a66cae-7387-11e5-9941-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{1baee933-0000-0000-0000-90c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1BAEE933) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 8D1D9AB3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018 Ran by owner (administrator) on OWNER-PC (16-02-2018 15:36:42) Running from C:\Users\owner\Desktop Loaded Profiles: owner (Available Profiles: owner) Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe ( ) C:\Windows\System32\lmabcoms.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (VIPRE Security) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (T-Mobile USA) C:\Program Files (x86)\T-Mobile USA\TMobileTokenService\TMobileTokenService.exe () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMSvc.exe (VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMTray.exe (VIPRE Security) C:\Program Files (x86)\VIPRE\x64\AVCProxy.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (ThreatTrack Security, Inc.) C:\VIPRERESCUE\VipreRescueScanner.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor) HKLM\...\Run: [LMPSSDMON] => C:\Program Files\Lexmark\Monitor\ACJ\LMabMON.exe [753664 2010-03-26] () HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15576 2013-08-09] () HKLM\...\Run: [SBRegRebootCleaner] => C:\Users\owner\AppData\Local\VIPRE\Setup\CartSdk\sbrc.exe [254344 2017-11-02] (VIPRE Security) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3320312 2017-07-25] (VIPRE Security) HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3489507026-1987670139-2231328016-1000\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-03-26] ( ) BootExecute: autocheck autochk * bootdelete GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.76.84.102 75.76.84.103 Tcpip\..\Interfaces\{1a6d3df1-4fd9-4011-9d09-a6f1f69c6755}: [DhcpNameServer] 75.114.81.1 75.114.81.2 Tcpip\..\Interfaces\{1e1ab3bb-c9d4-440a-bb5d-9ab2646f57ec}: [DhcpNameServer] 75.114.81.1 75.114.81.2 Tcpip\..\Interfaces\{8c06e043-b6b2-4d77-9464-7c5fcae87518}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d9c099ec-93aa-4e1f-9f05-961b668cac8a}: [DhcpNameServer] 75.76.84.102 75.76.84.103 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> DefaultScope {B8C89679-3CAE-467F-A9DD-434BE53887BA} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> {B8C89679-3CAE-467F-A9DD-434BE53887BA} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] () BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] () BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] () Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] () Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] () Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] () Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] () Edge: ====== Edge Session Restore: HKU\S-1-5-21-3489507026-1987670139-2231328016-1000 -> is enabled. FireFox: ======== FF DefaultProfile: pk87sy5a.default FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default [2018-02-16] FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default\user.js [2016-04-28] FF Homepage: Mozilla\Firefox\Profiles\pk87sy5a.default -> hxxps://www.google.com FF NetworkProxy: Mozilla\Firefox\Profiles\pk87sy5a.default -> type", 0 FF Extension: (Adblock Plus) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pk87sy5a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-24] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-24] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2018-02-16] CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17] CHR Extension: (Adblock Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-06] CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17] CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06] CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-13] CHR Extension: (ae) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2018-02-13] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-05] (Advanced Micro Devices, Inc.) [File not signed] R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-10-23] (Macrovision Europe Ltd.) [File not signed] S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 lmab_device; C:\WINDOWS\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed] R2 lmab_device; C:\WINDOWS\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed] R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6943200 2017-07-25] (VIPRE Security) R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [436216 2017-07-25] (VIPRE Security) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH) R2 TMobileTokenService; C:\Program Files (x86)\T-Mobile USA\TMobileTokenService\TMobileTokenService.exe [446976 2014-03-07] (T-Mobile USA) [File not signed] S3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [2710544 2017-05-12] (ThreatTrack Security Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-02-13] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-02-13] (Microsoft Corporation) R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [18944 2014-03-14] () [File not signed] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-11-18] (BitDefender) R3 avchv; C:\WINDOWS\system32\DRIVERS\avchv.sys [285240 2016-08-29] (BitDefender) R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-11-18] (BitDefender) S3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\bcmwlhigh63a.sys [2463920 2014-04-10] (Broadcom Corporation) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2018-01-19] (ESET) S1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET) R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2018-01-19] (ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] () R3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [58952 2016-08-03] (ThreatTrack Security) R3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [50776 2016-08-03] (ThreatTrack Security) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-01-19] () R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-16] () R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-15] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-16] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-16] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-16] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-16] (Malwarebytes) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-23] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-12] (Realtek ) R2 sbapifs; C:\WINDOWS\System32\DRIVERS\sbapifs.sys [133808 2017-07-25] (VIPRE Security) R3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [73208 2017-02-17] (ThreatTrack Security) R1 sbwfw; C:\WINDOWS\system32\DRIVERS\sbwfw.sys [375368 2017-02-17] (ThreatTrack Security) R3 sbwtis; C:\WINDOWS\system32\DRIVERS\sbwtis.sys [122672 2017-02-17] (ThreatTrack Security) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-02-13] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-02-13] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-02-13] (Microsoft Corporation) R2 WebExaminer; C:\WINDOWS\system32\Drivers\WebExaminer64.sys [54288 2017-05-12] (ThreatTrack Security Inc.) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-16 15:36 - 2018-02-16 15:37 - 000020700 _____ C:\Users\owner\Desktop\FRST.txt 2018-02-16 15:35 - 2018-02-16 15:36 - 000000000 ____D C:\FRST 2018-02-16 15:35 - 2018-02-16 15:35 - 002405376 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2018-02-16 15:32 - 2018-02-16 15:32 - 000000000 ____D C:\VIPRERESCUE 2018-02-16 15:32 - 2018-02-16 15:32 - 000000000 _____ C:\WINDOWS\SysWOW64\SBRC.dat 2018-02-16 15:31 - 2018-02-16 15:31 - 338898944 _____ C:\Users\owner\Desktop\VIPRERescue.exe 2018-02-16 13:46 - 2018-02-16 13:47 - 000263018 _____ C:\TDSSKiller.3.1.0.16_16.02.2018_13.46.10_log.txt 2018-02-16 13:44 - 2018-02-16 13:44 - 000000126 _____ C:\WINDOWS\system32\bootdelete.lst 2018-02-16 13:32 - 2018-02-16 13:32 - 000636588 _____ C:\WINDOWS\Minidump\021618-33312-01.dmp 2018-02-16 13:22 - 2018-02-16 13:32 - 798543274 _____ C:\WINDOWS\MEMORY.DMP 2018-02-16 13:22 - 2018-02-16 13:23 - 000664228 _____ C:\WINDOWS\Minidump\021618-29828-01.dmp 2018-02-16 09:15 - 2018-02-16 09:42 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware 2018-02-15 13:29 - 2018-02-16 13:35 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-02-15 13:29 - 2018-02-16 13:34 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-02-15 13:29 - 2018-02-16 13:34 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-02-15 13:29 - 2018-02-16 13:34 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-02-15 13:29 - 2018-02-15 13:29 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-02-15 12:59 - 2018-02-15 12:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-15 12:59 - 2018-02-15 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-15 12:59 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-02-15 10:37 - 2018-02-15 10:37 - 001129816 _____ (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe 2018-02-15 10:37 - 2018-02-15 10:37 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-02-15 10:37 - 2018-02-15 10:37 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-02-15 10:37 - 2018-02-15 10:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-15 10:37 - 2018-02-15 10:37 - 000000000 ____D C:\Program Files (x86)\Google 2018-02-14 12:51 - 2018-02-14 12:51 - 000000000 ____D C:\Users\owner\AppData\Local\ESET 2018-02-14 10:54 - 2018-02-14 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-02-14 10:44 - 2018-02-14 10:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Auslogics 2018-02-14 10:37 - 2018-02-14 10:37 - 000000000 ____D C:\Users\owner\AppData\Roaming\Auslogics 2018-02-14 10:36 - 2018-02-14 10:36 - 007238384 _____ (Auslogics Software Pty Ltd ) C:\Users\owner\Downloads\auslogics-bitreplica-setup.exe 2018-02-14 10:17 - 2018-02-14 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2018-02-14 10:17 - 2018-02-14 11:50 - 000000000 ____D C:\Program Files (x86)\Auslogics 2018-02-14 10:17 - 2018-02-14 10:37 - 000000000 ____D C:\ProgramData\Auslogics 2018-02-14 10:17 - 2018-02-14 10:17 - 011996368 _____ (Auslogics ) C:\Users\owner\Downloads\registry-cleaner-setup.exe 2018-02-13 21:41 - 2018-02-16 13:35 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2018-02-13 17:25 - 2018-02-13 17:25 - 000000000 ____D C:\Program Files (x86)\GUMD75B.tmp 2018-02-13 16:48 - 2018-02-16 13:44 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2018-02-13 16:36 - 2018-02-13 16:49 - 000000000 ____D C:\ProgramData\HitmanPro 2018-02-13 16:29 - 2018-02-16 15:07 - 000000000 ____D C:\AdwCleaner 2018-02-13 13:51 - 2018-02-15 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-13 13:51 - 2018-02-13 13:51 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-13 13:43 - 2018-02-13 13:43 - 000000000 ____D C:\Users\owner\AppData\Roaming\et 2018-02-13 12:51 - 2018-02-13 18:21 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2018-02-13 12:51 - 2018-02-13 12:51 - 000000000 ____D C:\Users\owner\AppData\Roaming\TeamViewer 2018-02-08 10:48 - 2018-02-13 18:21 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-02-07 11:12 - 2018-02-07 11:58 - 000000000 ____D C:\Users\owner\Desktop\Eric Yip 2018-02-06 12:12 - 2018-02-07 20:33 - 000000000 ____D C:\ProgramData\McAfee 2018-02-06 11:49 - 2016-08-03 15:10 - 000050776 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys 2018-02-06 11:47 - 2018-02-06 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE 2018-02-06 11:47 - 2017-02-24 13:44 - 000047632 _____ (ThreatTrack Security Inc.) C:\WINDOWS\system32\sbbd.exe 2018-02-06 11:47 - 2017-02-17 09:39 - 000073208 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\sbhips.sys 2018-02-06 11:41 - 2018-02-06 11:48 - 000000000 ____D C:\Users\owner\AppData\Roaming\VIPRE 2018-02-06 09:03 - 2018-02-06 09:03 - 000000000 ____D C:\ProgramData\Actions Production Tool 2018-02-06 09:01 - 2018-02-06 09:01 - 000000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actions Tools 2018-02-06 09:01 - 2018-02-06 09:01 - 000000000 ____D C:\Program Files (x86)\Actions 2018-02-06 08:50 - 2018-02-07 15:45 - 000000000 ____D C:\Users\owner\Downloads\Jigmo 2018-02-02 10:46 - 2018-02-02 10:47 - 000000000 ____D C:\Users\owner\Desktop\4G MiFi 2018-02-01 19:32 - 2018-02-01 19:32 - 000952759 _____ C:\Users\owner\Downloads\JiGMO-USB-Voice-Recorder-eBook-Amazon-US.pdf 2018-01-31 13:27 - 2018-01-31 13:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-01-31 13:27 - 2018-01-23 17:42 - 000137712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2018-01-31 13:27 - 2017-11-02 15:15 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll 2018-01-31 13:27 - 2017-11-02 15:15 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2018-01-31 13:27 - 2017-11-02 15:15 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2018-01-31 13:27 - 2017-11-02 15:14 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe 2018-01-31 13:24 - 2018-01-23 19:23 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000599352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2018-01-31 13:24 - 2018-01-23 19:23 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2018-01-31 13:21 - 2018-01-31 13:21 - 000000000 ____D C:\Users\owner\ansel 2018-01-19 15:32 - 2018-01-19 15:32 - 000106304 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys 2018-01-19 15:31 - 2018-01-19 15:31 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys 2018-01-19 15:31 - 2018-01-19 15:31 - 000081880 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys 2018-01-19 15:31 - 2018-01-19 15:31 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-16 15:25 - 2015-10-22 11:07 - 000000000 ____D C:\Users\owner\Documents\Cracks 2018-02-16 15:02 - 2016-11-24 14:01 - 000000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla 2018-02-16 13:37 - 2017-11-24 21:41 - 001669318 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-16 13:33 - 2017-05-28 08:37 - 000000000 ____D C:\ProgramData\NVIDIA 2018-02-16 13:32 - 2017-12-01 10:54 - 000000000 ____D C:\WINDOWS\Minidump 2018-02-16 13:32 - 2017-11-24 22:01 - 000002806 _____ C:\WINDOWS\System32\Tasks\AutoKMSDaily 2018-02-16 13:32 - 2017-11-24 22:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-16 13:32 - 2017-11-24 21:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-02-16 13:32 - 2017-05-11 07:29 - 000000228 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job 2018-02-16 13:32 - 2016-04-19 14:00 - 000078848 _____ C:\WINDOWS\KMSEmulator.exe 2018-02-16 13:23 - 2017-11-24 21:46 - 000000000 ____D C:\Users\owner 2018-02-16 13:23 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2018-02-16 11:42 - 2017-09-29 03:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2018-02-16 09:51 - 2017-05-11 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2018-02-16 09:37 - 2017-05-11 07:32 - 000000000 ____D C:\Program Files\KMSpico 2018-02-16 05:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-02-16 05:01 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-16 05:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-15 23:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache 2018-02-15 11:35 - 2016-01-14 08:22 - 000000000 ____D C:\Users\owner\AppData\Local\CrashDumps 2018-02-15 09:24 - 2018-01-12 14:49 - 000000000 ____D C:\Users\owner\Desktop\Expense Tracker 2018-02-14 15:11 - 2015-10-17 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-02-14 14:50 - 2016-11-17 18:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-02-14 14:50 - 2015-10-17 19:44 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-02-14 12:50 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-02-14 10:46 - 2017-11-30 08:34 - 000000000 ____D C:\Users\owner\AppData\Roaming\Memeo 2018-02-14 01:09 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-02-13 21:57 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files\Windows Sidebar 2018-02-13 21:57 - 2017-09-29 08:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2018-02-13 21:56 - 2017-07-10 14:13 - 000000000 ____D C:\WINDOWS\WindowsMobile 2018-02-13 15:08 - 2010-11-20 22:27 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2018-02-13 14:21 - 2015-10-17 22:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-02-13 14:18 - 2017-10-10 14:05 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-02-13 14:18 - 2015-10-17 22:32 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-02-13 13:47 - 2017-11-24 21:36 - 000486768 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-02-13 13:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2018-02-13 13:39 - 2015-10-22 15:34 - 000000746 __RSH C:\ProgramData\ntuser.pol 2018-02-13 13:37 - 2018-01-01 18:45 - 000000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent 2018-02-13 13:17 - 2017-02-14 09:45 - 000000000 ____D C:\Users\owner\AppData\Roaming\vlc 2018-02-12 15:55 - 2018-01-12 14:11 - 000145248 _____ C:\Users\owner\Desktop\summary_report.xlsx 2018-02-12 15:34 - 2018-01-12 14:16 - 000154223 _____ C:\Users\owner\Desktop\Subscriber Summary.xlsx 2018-02-12 09:41 - 2017-12-13 05:40 - 000404340 _____ C:\Users\owner\Desktop\summary_report 2.xlsx 2018-02-12 09:39 - 2017-10-12 10:14 - 000489504 _____ C:\Users\owner\Desktop\detail_report.xlsx 2018-02-06 11:49 - 2017-11-16 10:13 - 000000000 ____D C:\Program Files (x86)\VIPRE 2018-02-06 11:47 - 2016-03-29 14:59 - 000002848 _____ C:\WINDOWS\SysWOW64\VipreEdgeProtectionOff.ini 2018-02-06 11:47 - 2016-03-29 14:59 - 000002848 _____ C:\WINDOWS\system32\VipreEdgeProtectionOff.ini 2018-02-06 11:43 - 2017-05-28 08:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-02-06 11:42 - 2015-10-17 18:57 - 000000212 _____ C:\WINDOWS\system32\SBRC.dat 2018-02-05 21:49 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-02-05 21:49 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-02-05 18:14 - 2017-02-20 18:14 - 000010413 _____ C:\Users\owner\Desktop\Monthly Bills.xlsx 2018-02-03 09:48 - 2016-11-22 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2018-02-03 09:48 - 2015-10-22 12:49 - 000001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2018-02-02 09:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-01-31 13:28 - 2017-05-28 08:37 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-01-31 13:28 - 2017-01-19 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2018-01-31 13:28 - 2015-07-31 18:37 - 000000000 ____D C:\temp 2018-01-31 13:20 - 2017-05-28 08:37 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-01-29 19:05 - 2017-08-28 12:14 - 000000000 ____D C:\Users\owner\Desktop\T-Mobile Promotions 2018-01-29 08:49 - 2016-12-21 12:37 - 000000000 ____D C:\Users\owner\Desktop\SIMS For Re-Use 2018-01-24 09:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-01-24 09:02 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-01-23 19:23 - 2017-11-15 14:26 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2018-01-23 19:23 - 2017-11-15 14:26 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2018-01-23 19:23 - 2017-11-15 14:26 - 000057928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2018-01-23 19:23 - 2017-11-15 14:26 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb 2018-01-23 18:11 - 2017-05-28 08:37 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2018-01-23 17:57 - 2017-05-28 08:37 - 005950024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 000633328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2018-01-23 17:57 - 2017-05-28 08:37 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2018-01-22 00:46 - 2017-05-28 08:37 - 007947791 _____ C:\WINDOWS\system32\nvcoproc.bin ==================== Files in the root of some directories ======= 2016-11-01 09:11 - 2017-07-03 11:02 - 000000437 _____ () C:\Users\owner\AppData\Roaming\dxr32.ini 2018-01-10 12:56 - 2018-01-10 12:56 - 000003584 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-11-22 18:21 - 2017-11-22 18:21 - 000007601 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg 2016-08-24 09:41 - 2016-08-24 09:41 - 000000173 _____ () C:\Users\owner\AppData\Local\uts.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-02-13 09:58 ==================== End of FRST.txt ============================
  10. I think I tried running this before and it crashed my system, I will try again now....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.