Many programs just don't run anymore

**Malnutrition** · 03-23-2017, 01:11 AM

ZHP Diag Scan

Download ZHP Diag to your desktop.

Right Click Run as Admin.
2. Click the Scanner button.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/

PCHF Forums

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

**capwn** · 03-23-2017, 10:39 AM

Here is my report as attached.

p.s I shut down my pc and went to bed. This morning I get up and notice the pc is still on as it asked if I wanted to save a photoshop file. So I just left it on but it had clearly shut other programs/apps. Anyway, when I tried to open video converter it worked. It’s like a program or something is usually blocking it. Need to try a restart and try again but am off to work now so will try tonight.

**Malnutrition** · 03-23-2017, 11:48 AM

ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]

Code:

Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware  =>.Malwarebytes' Anti-Malware
O58 - SDL:2017/03/05 11:27:33 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\mbae64.sys   [317400]  =>.Malwarebytes Corporation®
O23 - Service: AdobeUpdateService (AdobeUpdateService) . (.Adobe Systems Incorporated - Adobe Update Service.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe  =>.Adobe Systems Incorporated®
O23 - Service: Hola Better Internet Engine (hola_svc) . (.Hola Networks Ltd. - Hola Better Internet Engine.) - C:\Program Files\Hola\app\hola_svc.exe  =>.Hola Networks Ltd®
O23 - Service: Hola Better Internet Updater (hola_updater) . (.Hola Networks Ltd. - Hola Better Internet Engine.) - C:\Program Files\Hola\app\hola_updater.exe  =>.Hola Networks Ltd.®
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe  =>.Skype Software Sarl®
O23 - Service:  (vToolbarUpdater40.3.7) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe (.not file.)
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (.not file.)  =>.AVG Software
SR - Auto   [22/02/2017] [ 5622368]  Hola Better Internet Engine (hola_svc) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_svc.exe  =>.Hola Networks Ltd®
SR - Auto   [27/03/2016] [ 8127616]  Hola Better Internet Updater (hola_updater) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_updater.exe  =>.Hola Networks Ltd.®
O4 - HKLM\..\Run: [hola] . (.Hola Networks Ltd. - Hola Better Internet.) -- C:\Program Files\Hola\app\hola.exe  =>.Hola Networks Ltd®
[MD5.AA0DCBBB07C05D4B70B7AC772D8C4034] - (.Hola Networks Ltd. - Hola Better Internet Engine.) -- C:\Program Files\Hola\app\hola_svc.exe [5622368] [PID.2604]  =>.Hola Networks Ltd®
C:\Program Files\Hola
G2 - GCE: Preference [User Data\Default] [gkojfkhlekighikafcpjkiklfbnlmeio] Google Chrome manifest  =>.Google Inc.  =>.Hola.org
P2 - FPN: [HKCU] [@hola.org/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Users\caponeart\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll  =>.Adobe Systems Incorporated
O4 - GS\ProgramsCommon [Public]: Hola.lnk . (.Hola Networks Ltd. - .) C:\Program Files (x86)\Hola\app\hola.exe    =>.Hola Networks Ltd.
O42 - Logiciel: Hola™ 1.34.855 - Better Internet - (.Hola Networks Ltd..) [HKLM][64Bits] -- Hola  =>.Hola Networks Ltd®
HKCU\SOFTWARE\Hola  =>.Hola
O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\Hola  =>.Hola Networks Ltd®
O43 - CFD: 10/04/2016 - [] D -- C:\Users\caponeart\AppData\Roaming\Hola  =>.Hola
O43 - CFD: 27/03/2016 - [] D -- C:\Users\caponeart\AppData\Local\Hola  =>.Hola
O23 - Service:  (vToolbarUpdater40.3.7) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe (.not file.)
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (.not file.)  =>.AVG Software
SR - Auto   [28/01/2016] [  693440]  AdobeUpdateService (AdobeUpdateService) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe  =>.Adobe Systems Incorporated®
SS - Auto   [16/01/2017] [  317400]  Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe  =>.Skype Software Sarl®
[MD5.20C08CA080F650B730B1E3FDEA9AD532] [APT] [AdobeAAMUpdater-1.0-DESKTOP-M1L5SLL-caponeart] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe   [317400] (.Activate.)  =>.Adobe Systems Incorporated®
[MD5.8007AF9F2434F390AA51F0A516B9756F] [APT] [Tweaking.com - Windows Repair Tray Icon] (.Tweaking.com.) -- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe   [317400] (.Activate.)  =>.Tweaking LLC®
O39 - APT: AdobeAAMUpdater-1.0-DESKTOP-M1L5SLL-caponeart - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-M1L5SLL-caponeart  [317400]   =>.Adobe Systems Incorporated®
O39 - APT: DriverToolkit Autorun - (.Megaify Software Co., Ltd..) -- C:\WINDOWS\System32\Tasks\DriverToolkit Autorun  [317400]   =>.Superfluous.Megaify
O39 - APT: Tweaking.com - Windows Repair Tray Icon - (.Tweaking.com.) -- C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon  [317400]   =>.Tweaking LLC®
O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\{DBCD5BEB-D70E-4D1E-BF88-1D3742B036DD}  [317400]
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe  =>.BitTorrent Inc®
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_74571ABD64CB6E33314AB7114BBFBDAA] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  =>.Google Inc®
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe  =>.Wondershare software CO., LIMITED®
O4 - HKUS\S-1-5-21-688256190-4230952076-4288899304-1001\..\Run: [GoogleChromeAutoLaunch_74571ABD64CB6E33314AB7114BBFBDAA] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  =>.Google Inc®
G0 - GCSP: Preferences [User Data\Default][HomePage] http://search.easylifeapp.com  =>PUP.Optional.GadgetBox
G0 - GCSP: Preferences [User Data\Default][HomePage] http://start.funmoods.com  =>PUP.Optional.Funmoods
G0 - GCSP: Preferences [User Data\Default][HomePage] http://start.mysearchdial.com  =>PUP.Optional.MySearchDial
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://start.mysearchdial.com/  =>PUP.Optional.MySearchDial
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://search.easylifeapp.com  =>PUP.Optional.GadgetBox
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://start.funmoods.com/  =>PUP.Optional.Funmoods
P2 - FPN: [HKCU] [@hola.org/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Users\caponeart\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll  =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll  =>.AVG Software
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/  =>.AVG Software
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies []  =>.Microsoft
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233}  (.Orphan.)
O4 - GS\Desktop [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Desktop [caponeart]: Marmoset Toolbag 3.lnk . (.Marmoset - Marmoset Toolbag.) C:\Program Files\Marmoset\Toolbag 3\toolbag.exe   {056D39CB1F7F5DCDEC951266830F84B5}
O4 - GS\Desktop [caponeart]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Quicklaunch [caponeart]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Desktop [caponeart2]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Quicklaunch [caponeart2]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Desktop [Guest]: Tweaking.com - Windows Repair.lnk . (.Tweaking.com - Tweaking.com - Windows Repair.) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe    =>.Tweaking LLC®
O4 - GS\Desktop [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\caponeart\AppData\Roaming\uTorrent\uTorrent.exe    =>.BitTorrent Inc®
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent  =>.BitTorrent Inc®
HKLM\SOFTWARE\Wow6432Node\AVG Tuneup  =>.AVG Software
HKCU\SOFTWARE\Avg Secure Update  =>.AVG Software
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Tencent  =>.Superfluous.Tencent
O43 - CFD: 31/01/2017 - [] D -- C:\Program Files\AVG Web TuneUp  =>.AVG Web TuneUp
O43 - CFD: 05/04/2016 - [] D -- C:\ProgramData\AVG Secure Search  =>.AVG Secure Search
O43 - CFD: 05/04/2016 - [] D -- C:\Program Files (x86)\Common Files\AVG Secure Search  =>.AVG Secure Search
O43 - CFD: 22/10/2016 - [] D -- C:\Users\caponeart\AppData\Roaming\Tencent  =>.Superfluous.Tencent
O43 - CFD: 22/03/2017 - [] D -- C:\Users\caponeart\AppData\Roaming\uTorrent
O43 - CFD: 29/01/2017 - [] D -- C:\Users\caponeart\AppData\Local\Avg  =>.AVG Software
O43 - CFD: 17/12/2016 - [] D -- C:\Users\caponeart\AppData\Local\Chromium  =>.Chromium
O43 - CFD: 15/02/2017 - [] D -- C:\Users\Default\AppData\Local\AVG  =>.AVG Software
O43 - CFD: 15/02/2017 - [] D -- C:\Users\Default User\AppData\Local\AVG  =>.AVG Software
O43 - CFD: 29/01/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Avg  =>.AVG Software
O43 - CFD: 21/09/2016 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\MFAData  =>.AVG Software
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://mysearch.avg.com/  =>.AVG Software
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/  =>.Bing.com
O87 - FAEL: "UDP Query User{C2F4DD27-59E8-4B53-8214-21B2467883A5}D:\downloadt\wearvr-chemistry-experiment-vr\chemistry experiment vr beta 1.0\chemexpvr2\binaries\win64\chemexpvr2.exe" [In-None-P17-TRUE] .(...) -- D:\downloadt\wearvr-chemistry-experiment-vr\chemistry experiment vr beta 1.0\chemexpvr2\binaries\win64\chemexpvr2.exe (.not file.)
O87 - FAEL: "TCP Query User{8F22BE2C-7DF5-43C6-A902-D9DF06D2B452}D:\downloadt\wearvr-chemistry-experiment-vr\chemistry experiment vr beta 1.0\chemexpvr2\binaries\win64\chemexpvr2.exe" [In-None-P6-TRUE] .(...) -- D:\downloadt\wearvr-chemistry-experiment-vr\chemistry experiment vr beta 1.0\chemexpvr2\binaries\win64\chemexpvr2.exe (.not file.)
O87 - FAEL: "UDP Query User{CDBF8A59-C4BD-4DED-AEF8-47588F821105}D:\downloadt\landscapemountains\engine\binaries\win64\ue4game.exe" [In-None-P17-TRUE] .(...) -- D:\downloadt\landscapemountains\engine\binaries\win64\ue4game.exe (.not file.)
O87 - FAEL: "TCP Query User{A02AE130-A7E9-4D11-ABF1-21950722CBFD}D:\downloadt\landscapemountains\engine\binaries\win64\ue4game.exe" [In-None-P6-TRUE] .(...) -- D:\downloadt\landscapemountains\engine\binaries\win64\ue4game.exe (.not file.)
O87 - FAEL: "UDP Query User{9C8F4DA3-B41D-4DFA-B366-019D2B63DCFA}D:\downloadt\wearvr-miniature-rollercoaster\engine\binaries\win64\ue4game-win64-shipping.exe" [In-None-P17-TRUE] .(...) -- D:\downloadt\wearvr-miniature-rollercoaster\engine\binaries\win64\ue4game-win64-shipping.exe (.not file.)
O87 - FAEL: "TCP Query User{8614D059-D0F7-47E8-8B00-85E91ADC7425}D:\downloadt\wearvr-miniature-rollercoaster\engine\binaries\win64\ue4game-win64-shipping.exe" [In-None-P6-TRUE] .(...) -- D:\downloadt\wearvr-miniature-rollercoaster\engine\binaries\win64\ue4game-win64-shipping.exe (.not file.)
O87 - FAEL: "{B5427653-9D4C-4687-9207-AE49A5285870}" [In-None-P6-TRUE] .(.CCP hf. - EVE: Valkyrie.) -- C:\Program Files\Oculus\Software\Software\ccp-games-newcastle-eve-valkyrie\Image\WindowsNoEditor\VkGame\Binaries\Win64\EVE Valkyrie.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}  =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}  =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}  =>.Superfluous.Orphan
C:\Program Files (x86)\vShare Helper  =>.Superfluous.iMedixWeb
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit  =>.Superfluous.DriverToolkit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper  =>.Superfluous.iMedixWeb
C:\Users\caponeart\AppData\Roaming\Tencent  =>.Superfluous.Tencent
C:\Users\caponeart\AppData\Local\DriverToolkit  =>.Superfluous.DriverToolkit
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_bigasoft-total-video-converter.en.softonic.com_0.localstorage  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_bigasoft-total-video-converter.en.softonic.com_0.localstorage-journal  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage  =>.Superfluous.CloudfrontNet
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal  =>.Superfluous.CloudfrontNet
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage  =>.Superfluous.CloudfrontNet
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal  =>.Superfluous.CloudfrontNet
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_free-speed-video.en.softonic.com_0.localstorage  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_free-speed-video.en.softonic.com_0.localstorage-journal  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_free-video-to-iphone-converter.en.softonic.com_0.localstorage  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_free-video-to-iphone-converter.en.softonic.com_0.localstorage-journal  =>.Superfluous.Softonic
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage  =>.Superfluous.AkamaiHD
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal  =>.Superfluous.AkamaiHD
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wix-instantsearchplus-ssl.akamaized.net_0.localstorage  =>.Superfluous.AkamaiHD
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wix-instantsearchplus-ssl.akamaized.net_0.localstorage-journal  =>.Superfluous.AkamaiHD
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage  =>PUP.Optional.Chatango
C:\Users\caponeart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal  =>PUP.Optional.Chatango
EmptyTemp

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.
[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]
JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

**Malnutrition** · 03-24-2017, 08:24 PM

@capwn how are things coming along.

**capwn** · 03-28-2017, 11:55 AM

I recently purchased a new video editor, as cleaning/repairing the PC wasn’t working. That was before your latest post where it’s just downloading and running 5 different cleaning tools seems risky, I’ve used such tools in the past and they can delete vital system files. So I’ve been debating if it’s worth trying now that I have software replacing the one that no longer works on my machine. Could just be a matter of time until the new editor stops working so perhaps I should go ahead with it. Instead of doing all in one go I may try it one software at a time, creating restore points before every one.

**Malnutrition** · 03-29-2017, 10:17 AM

The first one is a script I made for your machine. There is a restore point auto created with the tool, start by running it and post the log.

**capwn** · 03-29-2017, 10:50 AM

Thanks. I ran ZHPFix and have attached a report. For some reason it caused my google chrome to no longer exist and had to reinstall it (n)

**Malnutrition** · 03-29-2017, 09:37 PM

Originally posted by capwn

For some reason it caused my google chrome to no longer exist and had to reinstall it

Your google chrome was infected with adware, how about your other issue can you now install malwarebytes and how is the other program working?

If you would create a restore point and run the other tools if you are still having issues, there is some lingering malware adware on your machine that needs cleaning.

**capwn** · 03-30-2017, 02:21 AM

Used CCleaner, enabled those settings and restarted my machine. Didn’t notice the machine doing anything different (I guess I was expecting to see a progress bar via CCleaner or something). Tried running Malware and Video editor, not working yet. Will try RogueKiller next time.

**Malnutrition** · 03-30-2017, 10:20 PM

CCleaner is only a temp file cleaner, and startup manager…

**capwn** · 03-30-2017, 11:19 PM

Ran Rogue Killer, created 2 JSON logs (SCN and DEL) that I couldn’t attach. Here is the code but it’s pretty long winded!

[ICODE]{ "header": { "program": { "project": "RogueKiller", "version": "12.10.2.0", "x64": true, "date": "Mar 27 2017", "contact": "http://www.adlice.com/contact/", "feedback": "https://forum.adlice.com", "website": "http://www.adlice.com/download/roguekiller/", "blog": "http://www.adlice.com" }, "environment": { "operating_system": "Windows 10 (10.0.14393) 64 bits version", "boot": 0, "winpe": false, "user": "caponeart", "user_admin": true, "program_location": "D:\\DownloadT\\RogueKillerX64.exe", "x64": true, "licensing": "free" }, "report": { "type": 2, "aborted": false, "date": "03/30/2017 09:01:05", "duration": 1620, "switches": 0, "debug": false, "count": 19, "show_legit_hooks": false, "expert_mode": false } }, "information": { "processes": [ { "name": "[System Process]", "name_parent": "", "pid": 0, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "System", "name_parent": "", "pid": 4, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "smss.exe", "name_parent": "", "pid": 424, "path": "C:\\Windows\\System32\\smss.exe", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 652, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 644, "path_parent": "", "is_64": true }, { "name": "wininit.exe", "name_parent": "", "pid": 748, "path": "C:\\Windows\\System32\\wininit.exe", "command_line": "", "pid_parent": 644, "path_parent": "", "is_64": true }, { "name": "services.exe", "name_parent": "", "pid": 824, "path": "C:\\Windows\\System32\\services.exe", "command_line": "", "pid_parent": 748, "path_parent": "", "is_64": true }, { "name": "lsass.exe", "name_parent": "", "pid": 832, "path": "C:\\Windows\\System32\\lsass.exe", "command_line": "C:\\WINDOWS\\system32\\lsass.exe", "pid_parent": 748, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 996, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 392, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1036, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1044, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1128, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1136, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "WUDFHost.exe", "name_parent": "svchost.exe", "pid": 1304, "path": "C:\\Windows\\System32\\WUDFHost.exe", "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a772de4b-d515-45ab-9531-bee4619c4a69 -SystemEventPortName:HostProcess-ec4fd747-4be3-4d39-b320-2d6b1bd8d1cf -IoCancelEventPortName:HostProcess-1a38ad63-4db1-46ca-87c2-993850f5dafe -NonStateChangingEventPortName:HostProcess-28e18e14-b586-4a26-8181-afd6346924a6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34b407cc-0bc4-4717-b519-7b5cf2f34206 -DeviceGroupId:WudfDefaultDevicePool", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1428, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1436, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "jwpen.exe", "name_parent": "", "pid": 1716, "path": "C:\\Windows\\jwpen.exe", "command_line": "C:\\WINDOWS\\jwpen.exe", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 1992, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1092, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1568, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "spoolsv.exe", "name_parent": "", "pid": 2112, "path": "C:\\Windows\\System32\\spoolsv.exe", "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "dasHost.exe", "name_parent": "svchost.exe", "pid": 2288, "path": "C:\\Windows\\System32\\dasHost.exe", "command_line": "dashost.exe {3729db28-0f6b-44a7-9a7051385703f69e}", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Everything.exe", "name_parent": "", "pid": 2468, "path": "C:\\Program Files (x86)\\Everything\\Everything.exe", "command_line": "\"C:\\Program Files (x86)\\Everything\\Everything.exe\" -svc", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "mDNSResponder.exe", "name_parent": "", "pid": 2476, "path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe", "command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "AdobeUpdateService.exe", "name_parent": "", "pid": 2484, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe\" ", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "AppleMobileDeviceService.exe", "name_parent": "", "pid": 2612, "path": "C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe", "command_line": "\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "AGSService.exe", "name_parent": "", "pid": 2620, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "FMSISvc.exe", "name_parent": "", "pid": 2692, "path": "C:\\Program Files (x86)\\Futuremark\\SystemInfo\\FMSISvc.exe", "command_line": "\"C:\\Program Files (x86)\\Futuremark\\SystemInfo\\FMSISvc.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "raysat_3dsmax2014_64server.exe", "name_parent": "", "pid": 2744, "path": "C:\\Program Files\\Autodesk\\3ds Max 2014\\NVIDIA\\Satellite\\raysat_3dsmax2014_64serve r.exe", "command_line": "\"C:\\Program Files\\Autodesk\\3ds Max 2014\\NVIDIA\\Satellite\\raysat_3dsmax2014_64serve r.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "MBAMService.exe", "name_parent": "", "pid": 2752, "path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe", "command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "NVDisplay.Container.exe", "name_parent": "", "pid": 2780, "path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe", "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe\" -s NVDisplay.ContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NVDisplay.ContainerLoca lSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\LocalSy stem\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "nvcontainer.exe", "name_parent": "", "pid": 2812, "path": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -s NvContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NvContainerLocalSystem. log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\plugins\\LocalSystem\" -r -p 30000", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "OVRServiceLauncher.exe", "name_parent": "", "pid": 2836, "path": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe", "command_line": "\"C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "NvTelemetryContainer.exe", "name_parent": "", "pid": 2844, "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe ", "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe \" -s NvTelemetryContainer -f \"C:\\ProgramData\\NVIDIA\\NvTelemetryContainer.lo g\" -l 3 -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\plugin\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 2940, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "ProductAgentService.exe", "name_parent": "", "pid": 2960, "path": "C:\\Program Files\\Bitdefender Agent\\ProductAgentService.exe", "command_line": "\"C:\\Program Files\\Bitdefender Agent\\ProductAgentService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 3044, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "Plex Update Service.exe", "name_parent": "", "pid": 2268, "path": "C:\\Program Files (x86)\\Plex\\Plex Media Server\\Plex Update Service.exe", "command_line": "\"C:\\Program Files (x86)\\Plex\\Plex Media Server\\Plex Update Service.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "updatesrv.exe", "name_parent": "", "pid": 3096, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\updatesrv.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\updatesrv.exe\" /service", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "vsserv.exe", "name_parent": "", "pid": 3104, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe\" /service", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "vsservppl.exe", "name_parent": "", "pid": 3112, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\vsservppl.exe", "command_line": "", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "SearchIndexer.exe", "name_parent": "", "pid": 3200, "path": "C:\\Windows\\System32\\SearchIndexer.exe", "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "Memory Compression", "name_parent": "", "pid": 3320, "path": "", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3612, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "GoogleUpdate.exe", "name_parent": "", "pid": 2976, "path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c", "pid_parent": 8612, "path_parent": "", "is_64": false }, { "name": "csrss.exe", "name_parent": "", "pid": 3464, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 3460, "path_parent": "", "is_64": true }, { "name": "winlogon.exe", "name_parent": "", "pid": 9952, "path": "C:\\Windows\\System32\\winlogon.exe", "command_line": "C:\\WINDOWS\\System32\\WinLogon.exe -SpecialSession", "pid_parent": 3460, "path_parent": "", "is_64": true }, { "name": "dwm.exe", "name_parent": "WinLogon.exe", "pid": 1108, "path": "C:\\Windows\\System32\\dwm.exe", "command_line": "\"dwm.exe\"", "pid_parent": 9952, "path_parent": "C:\\Windows\\System32\\winlogon.exe", "is_64": true }, { "name": "nvxdsync.exe", "name_parent": "NVDisplay.Container.exe", "pid": 8816, "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe", "command_line": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe ", "pid_parent": 2780, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe", "is_64": true }, { "name": "nvcontainer.exe", "name_parent": "nvcontainer.exe", "pid": 9548, "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%d.lo g\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\User\" -r -l 3 -p 30000 -c", "pid_parent": 2812, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "is_64": false }, { "name": "sihost.exe", "name_parent": "svchost.exe", "pid": 2648, "path": "C:\\Windows\\System32\\sihost.exe", "command_line": "sihost.exe", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1536, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "OVRServer_x64.exe", "name_parent": "OVRServiceLauncher.exe", "pid": 4192, "path": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServer_x64.exe", "command_line": "100", "pid_parent": 2836, "path_parent": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe", "is_64": true }, { "name": "DriverToolkit.exe", "name_parent": "svchost.exe", "pid": 4748, "path": "C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe", "command_line": "\"C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe\" --autorun", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": false }, { "name": "conhost.exe", "name_parent": "OVRServer_x64.exe", "pid": 1312, "path": "C:\\Windows\\System32\\conhost.exe", "command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0x4", "pid_parent": 4192, "path_parent": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServer_x64.exe", "is_64": true }, { "name": "jwpen.exe", "name_parent": "jwpen.exe", "pid": 5384, "path": "C:\\Windows\\jwpen.exe", "command_line": "Jwpen.exe /runtablet", "pid_parent": 1716, "path_parent": "C:\\Windows\\jwpen.exe", "is_64": false }, { "name": "bdagent.exe", "name_parent": "vsserv.exe", "pid": 3344, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\bdagent.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\bdagent.exe\" -minimized", "pid_parent": 3104, "path_parent": "C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe", "is_64": true }, { "name": "RuntimeBroker.exe", "name_parent": "svchost.exe", "pid": 7812, "path": "C:\\Windows\\System32\\RuntimeBroker.exe", "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "taskhostw.exe", "name_parent": "svchost.exe", "pid": 7984, "path": "C:\\Windows\\System32\\taskhostw.exe", "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "explorer.exe", "name_parent": "", "pid": 8556, "path": "C:\\Windows\\explorer.exe", "command_line": "C:\\WINDOWS\\Explorer.EXE", "pid_parent": 5136, "path_parent": "", "is_64": true }, { "name": "ShellExperienceHost.exe", "name_parent": "svchost.exe", "pid": 7852, "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n 1h2txyewy\\ShellExperienceHost.exe", "command_line": "\"C:\\WINDOWS\\SystemApps\\ShellExperienceHost_cw 5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3 t.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Microsoft.StickyNotes.exe", "name_parent": "svchost.exe", "pid": 10216, "path": "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftStickyNotes _1.7.1.0_x64__8wekyb3d8bbwe\\Microsoft.StickyNotes .exe", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftStickyNotes _1.7.1.0_x64__8wekyb3d8bbwe\\Microsoft.StickyNotes .exe\" -ServerName:App.AppXqx982emnayc5vbja1mrpk9zh4r774nd 8.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SearchUI.exe", "name_parent": "svchost.exe", "pid": 8800, "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortan a_cw5n1h2txyewy\\SearchUI.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cort ana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "TabTip.exe", "name_parent": "svchost.exe", "pid": 5704, "path": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe", "command_line": "/QuitInfo:0000000000000ED8;0000000000000BD0; ", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "TabTip32.exe", "name_parent": "TabTip.exe", "pid": 6548, "path": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\TabTip32.exe", "command_line": "/loadhooks /Parent:0000000000001648", "pid_parent": 5704, "path_parent": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe", "is_64": false }, { "name": "nvtray.exe", "name_parent": "nvxdsync.exe", "pid": 2120, "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe", "command_line": "\"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe\" -user_has_logged_in 1\"", "pid_parent": 8816, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe", "is_64": true }, { "name": "ApplicationFrameHost.exe", "name_parent": "svchost.exe", "pid": 3140, "path": "C:\\Windows\\System32\\ApplicationFrameHost.e xe", "command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.e xe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Microsoft.Photos.exe", "name_parent": "svchost.exe", "pid": 5988, "path": "C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_17.21 4.10010.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe ", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_17.21 4.10010.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe \" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7 f.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SystemSettings.exe", "name_parent": "svchost.exe", "pid": 1160, "path": "C:\\Windows\\ImmersiveControlPanel\\SystemSetting s.exe", "command_line": "\"C:\\WINDOWS\\ImmersiveControlPanel\\SystemSetti ngs.exe\" -ServerName:microsoft.windows.immersivecontrolpanel ", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "WinStore.App.exe", "name_parent": "svchost.exe", "pid": 8420, "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11701.1 001.79.0_x64__8wekyb3d8bbwe\\WinStore.App.exe", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11701.1 001.79.0_x64__8wekyb3d8bbwe\\WinStore.App.exe\" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdz a.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "smartscreen.exe", "name_parent": "svchost.exe", "pid": 6356, "path": "C:\\Windows\\System32\\smartscreen.exe", "command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "Explorer.EXE", "pid": 7796, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" ", "pid_parent": 8556, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 7668, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler /prefetch:7 \"--database=C:\\Users\\caponeart\\AppData\\Local\\Goo gle\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\caponeart\\AppData\\Local\\Google\\ Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=57.0.2987.110 --initial-client-data=0x1ac,0x1b0,0x1b4,0x1a8,0x1b8,0x7ffb113c3990, 0x7ffb113c3980,0x7ffb113c3948", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9116, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=watcher --main-thread-id=2628 --on-initialized-event-handle=600 --parent-handle=604 /prefetch:6", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 1444, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --field-trial-handle=1312 --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,19,20,23,41,74 --disable-gl-extensions=\"GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent\" --gpu-vendor-id=0x10de --gpu-device-id=0x17c8 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --service-request-channel-token=68998B6CBD964E9CE0F43B3BEEE6C4AE --mojo-platform-channel-handle=1324 --ignored=\" --type=renderer \" /prefetch:2", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 7136, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=08C6323C8D667A7D074CB1514B1EFCC5 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=08C6323C8D667A7D074CB1514B1EFCC5 --renderer-client-id=9 --mojo-platform-channel-handle=2528 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9756, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=3ECA03C435086DE717F4E91A17664D35 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=3ECA03C435086DE717F4E91A17664D35 --renderer-client-id=10 --mojo-platform-channel-handle=2860 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 944, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=03909413F125E42EC04BBA4D9E1F4445 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=03909413F125E42EC04BBA4D9E1F4445 --renderer-client-id=4 --mojo-platform-channel-handle=4776 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 2064, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=4E686C4FCD627F998F52B03B48091BC4 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=4E686C4FCD627F998F52B03B48091BC4 --renderer-client-id=5 --mojo-platform-channel-handle=5216 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 6372, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=8F822BB71762D2EFFBB1DE70FA81BDE4 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=8F822BB71762D2EFFBB1DE70FA81BDE4 --renderer-client-id=6 --mojo-platform-channel-handle=3872 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9660, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=776B4DA90476DA9A64A4DECD2A2BA333 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=776B4DA90476DA9A64A4DECD2A2BA333 --renderer-client-id=14 --mojo-platform-channel-handle=2308 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "audiodg.exe", "name_parent": "svchost.exe", "pid": 1272, "path": "C:\\Windows\\System32\\audiodg.exe", "command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x49c", "pid_parent": 1136, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 2412, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=5E17297DBE6385081C5659CFA8324F56 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=5E17297DBE6385081C5659CFA8324F56 --renderer-client-id=55 --mojo-platform-channel-handle=10740 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 6948, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=DA3427CB1864365C47940B172AFE9ACC --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=DA3427CB1864365C47940B172AFE9ACC --renderer-client-id=56 --mojo-platform-channel-handle=8472 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 8324, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=973121BA892B9A8DA02B913BFA6C3B33 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=973121BA892B9A8DA02B913BFA6C3B33 --renderer-client-id=74 --mojo-platform-channel-handle=7376 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1772, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "RogueKillerX64.exe", "name_parent": "Explorer.EXE", "pid": 9228, "path": "D:\\DownloadT\\RogueKillerX64.exe", "command_line": "\"D:\\DownloadT\\RogueKillerX64.exe\" ", "pid_parent": 8556, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "SearchProtocolHost.exe", "name_parent": "SearchIndexer.exe", "pid": 8856, "path": "", "command_line": "", "pid_parent": 3200, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": false }, { "name": "SearchFilterHost.exe", "name_parent": "SearchIndexer.exe", "pid": 8508, "path": "", "command_line": "", "pid_parent": 3200, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": false }, { "name": "Taskmgr.exe", "name_parent": "", "pid": 7820, "path": "C:\\Windows\\System32\\Taskmgr.exe", "command_line": "\"C:\\WINDOWS\\System32\\Taskmgr.exe\" /3 ", "pid_parent": 7592, "path_parent": "", "is_64": true }, { "name": "WmiPrvSE.exe", "name_parent": "svchost.exe", "pid": 1080, "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe", "command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 3708, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=0A9CBD355981A724A0E06D86E7B7E280 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=0A9CBD355981A724A0E06D86E7B7E280 --renderer-client-id=182 --mojo-platform-channel-handle=11408 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9484, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=19BF31099AF8B4A9D234FC94CF28A89C --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=19BF31099AF8B4A9D234FC94CF28A89C --renderer-client-id=183 --mojo-platform-channel-handle=10820 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 1204, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=DF88A59AC989E6EB2B018AE2CE828844 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=DF88A59AC989E6EB2B018AE2CE828844 --renderer-client-id=184 --mojo-platform-channel-handle=8940 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true } ] }, "results": { "processes": [], "modules": [], "services": [], "registry": [ { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "DriverToolkit", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "DriverToolkit", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "UNINSTALL", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\ \CurrentVersion\\Uninstall", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "UNINSTALL", "view": 512, "value": "", "subkey": "{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\ \CurrentVersion\\Uninstall", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Deleted", "status_choice": 2, "status_removed": 3 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyEnable", "subkey": "", "value_old_data": "1", "value_data": "0", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Replaced (0)", "status_choice": 2, "status_removed": 6 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyEnable", "subkey": "", "value_old_data": "1", "value_data": "0", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Replaced (0)", "status_choice": 2, "status_removed": 6 } ], "tasks": [ { "scan_what": 0, "scan_how": [ 1, 2 ], "vendors": [ "PUP.Gen0" ], "parent_folder": "", "name": "DriverToolkit Autorun.job", "path": "%WINDIR%\\Tasks\\DriverToolkit Autorun.job", "application_path": "C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe", "application_directory": "", "application_args": "--autorun", "vtscore": -1, "status_str": "Deleted", "status_choice": 2, "status_removed": 1 } ], "filesystem": [ { "scan_what": 3, "scan_how": [ 1, 2 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\Public\\Desktop\\DriverToolkit.lnk ", "path_compressed": "%SystemDrive%\\Users\\Public\\Desktop\\DriverTool kit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\caponeart\\AppData\\Roaming\\ZHP\\Quar antine\\drivertoolkit.DIR\\DriverToolkit.lnk", "path_compressed": "%APPDATA%\\ZHP\\Quarantine\\drivertoolkit.DIR\\Dr iverToolkit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 3, "name": "Uninstall DriverToolkit.lnk", "path_expanded": "C:\\Users\\caponeart\\AppData\\Roaming\\ZHP\\Quar antine\\drivertoolkit.DIR\\Uninstall DriverToolkit.lnk", "path_compressed": "%APPDATA%\\ZHP\\Quarantine\\drivertoolkit.DIR\\Un install DriverToolkit.lnk", "extra": "", "md5": "B1D6153B48E44D135FE52764DFBF9EE5", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\unins000.exe", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 2, "name": "DriverToolkit", "path_expanded": "C:\\Users\\caponeart\\AppData\\Local\\DriverToolk it", "path_compressed": "%localappdata%\\DriverToolkit", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 2, "name": "DriverToolkit", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit", "path_compressed": "%programfiles(x86)%\\DriverToolkit", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [20]", "status_removed": 2 }, { "type": 1, "name": "7z.dll", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\7z.dll", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\7z.dll", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 2, "name": "Backup", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\Backup", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\Backup", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 2, "name": "Download", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\Download", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\Download", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "DPInst32.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\DPInst32.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\DPInst32.e xe", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "DPInst64.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\DPInst64.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\DPInst64.e xe", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "DriverToolkit.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\DRIVER~1.E XE", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [5]", "status_removed": 2 }, { "type": 1, "name": "extract.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\extract.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\extract.ex e", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "msvcp100.dll", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\msvcp100.dll", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\msvcp100.d ll", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [5]", "status_removed": 2 }, { "type": 1, "name": "msvcr100.dll", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\msvcr100.dll", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\msvcr100.d ll", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [5]", "status_removed": 2 }, { "type": 1, "name": "network.dll", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\network.dll", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\network.dl l", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [5]", "status_removed": 2 }, { "type": 1, "name": "RemoveDT.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\RemoveDT.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\RemoveDT.e xe", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "unins000.dat", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\unins000.dat", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\unins000.d at", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "unins000.exe", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\unins000.exe", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\unins000.e xe", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Deleted", "status_removed": 1 }, { "type": 1, "name": "zlibwapi.dll", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit\\zlibwapi.dll", "path_compressed": "%SystemDrive%\\PROGRA~2\\DRIVER~1\\zlibwapi.d ll", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [5]", "status_removed": 2 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 2, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\Public\\Desktop\\DriverToolkit.lnk ", "path_compressed": "%SystemDrive%\\Users\\Public\\Desktop\\DriverTool kit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Removed at reboot [2]", "status_removed": 2 } ] } ], "wmi": [], "hosts": { "is_too_big": false, "lines": [] }, "antirootkit": { "is_driver_loaded": true, "driver_error": 0, "results": [] }, "web_browsers": [ { "scan_what": 2, "scan_how": [ 2 ], "vendors": [ "PUP.Gen1" ], "browser": 3, "browser_str": "Chrome", "config": { "user": "Default [SecurePrefs]", "line": "session.startup_urls [google.ca/|http://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtD0F0FyD0 CyByEtDyC0Bzyzz0D0CyEtN0D0Tzu0SzztCzytN1L2XzutBtFt CzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1 L1Qzu2SyByBzztCzytAyCyCtG0FzyzzzytGzyzytCtBtG0ByE0 F0BtGyB0FyBtB0AtA0F0CyE0ByC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2StDtD0DzyyCtC0CyEtGzyzyzyyBtG0B0AtCyBtGyD0F0Fy EtGyB0E0D0AtDyDtDzy0CtByD0E2Q&cr=541562008&ir=|htt p://search.easylifeapp.com/|http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtD0F0 F0DtDzztD0EyDtDyBzz0D0CyEtN0D0Tzu0StBtByEtN1L2Xzut BtFtCtFtCtFtAtCtB&cr=729992677]", "key": "session.startup_urls", "value": "http://www.google.ca/|http://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtD0F0FyD0 CyByEtDyC0Bzyzz0D0CyEtN0D0Tzu0SzztCzytN1L2XzutBtFt CzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1 L1Qzu2SyByBzztCzytAyCyCtG0FzyzzzytGzyzytCtBtG0ByE0 F0BtGyB0FyBtB0AtA0F0CyE0ByC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2StDtD0DzyyCtC0CyEtGzyzyzyyBtG0B0AtCyBtGyD0F0Fy EtGyB0E0D0AtDyDtDzy0CtByD0E2Q&cr=541562008&ir=|htt p://search.easylifeapp.com/|http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtD0F0 F0DtDzztD0EyDtDyBzz0D0CyEtN0D0Tzu0StBtByEtN1L2Xzut BtFtCtFtCtFtAtCtB&cr=729992677" }, "status_str": "Deleted", "status_malicious": true, "status_choice": 2, "status_removed": 1 } ], "disk": { "results": [], "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++\n--- User ---\n[MBR] 16504f9b3fe2e4483df211f475a19637\n[BSP] e1e94a92e7ed2fb4a32f6cb70bb643c9 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: TOSHIBA DT01ACA100 +++++\n--- User ---\n[MBR] 4782199583405370b304024007aaae56\n[BSP] bfb2ab6e5d018b16802b8318ecfbe761 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n" } } }[/ICODE]

[ICODE]{ "header": { "program": { "project": "RogueKiller", "version": "12.10.2.0", "x64": true, "date": "Mar 27 2017", "contact": "http://www.adlice.com/contact/", "feedback": "https://forum.adlice.com", "website": "http://www.adlice.com/download/roguekiller/", "blog": "http://www.adlice.com" }, "environment": { "operating_system": "Windows 10 (10.0.14393) 64 bits version", "boot": 0, "winpe": false, "user": "caponeart", "user_admin": true, "program_location": "D:\\DownloadT\\RogueKillerX64.exe", "x64": true, "licensing": "free" }, "report": { "type": 1, "aborted": false, "date": "03/30/2017 09:01:05", "duration": 1620, "switches": 0, "debug": false, "count": 19, "show_legit_hooks": false, "expert_mode": false } }, "information": { "processes": [ { "name": "[System Process]", "name_parent": "", "pid": 0, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "System", "name_parent": "", "pid": 4, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "smss.exe", "name_parent": "", "pid": 424, "path": "C:\\Windows\\System32\\smss.exe", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 652, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 644, "path_parent": "", "is_64": true }, { "name": "wininit.exe", "name_parent": "", "pid": 748, "path": "C:\\Windows\\System32\\wininit.exe", "command_line": "", "pid_parent": 644, "path_parent": "", "is_64": true }, { "name": "services.exe", "name_parent": "", "pid": 824, "path": "C:\\Windows\\System32\\services.exe", "command_line": "", "pid_parent": 748, "path_parent": "", "is_64": true }, { "name": "lsass.exe", "name_parent": "", "pid": 832, "path": "C:\\Windows\\System32\\lsass.exe", "command_line": "C:\\WINDOWS\\system32\\lsass.exe", "pid_parent": 748, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 996, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 392, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1036, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1044, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1128, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1136, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "WUDFHost.exe", "name_parent": "svchost.exe", "pid": 1304, "path": "C:\\Windows\\System32\\WUDFHost.exe", "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a772de4b-d515-45ab-9531-bee4619c4a69 -SystemEventPortName:HostProcess-ec4fd747-4be3-4d39-b320-2d6b1bd8d1cf -IoCancelEventPortName:HostProcess-1a38ad63-4db1-46ca-87c2-993850f5dafe -NonStateChangingEventPortName:HostProcess-28e18e14-b586-4a26-8181-afd6346924a6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34b407cc-0bc4-4717-b519-7b5cf2f34206 -DeviceGroupId:WudfDefaultDevicePool", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1428, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1436, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "jwpen.exe", "name_parent": "", "pid": 1716, "path": "C:\\Windows\\jwpen.exe", "command_line": "C:\\WINDOWS\\jwpen.exe", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 1992, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1092, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1568, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "spoolsv.exe", "name_parent": "", "pid": 2112, "path": "C:\\Windows\\System32\\spoolsv.exe", "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "dasHost.exe", "name_parent": "svchost.exe", "pid": 2288, "path": "C:\\Windows\\System32\\dasHost.exe", "command_line": "dashost.exe {3729db28-0f6b-44a7-9a7051385703f69e}", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Everything.exe", "name_parent": "", "pid": 2468, "path": "C:\\Program Files (x86)\\Everything\\Everything.exe", "command_line": "\"C:\\Program Files (x86)\\Everything\\Everything.exe\" -svc", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "mDNSResponder.exe", "name_parent": "", "pid": 2476, "path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe", "command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "AdobeUpdateService.exe", "name_parent": "", "pid": 2484, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe\" ", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "AppleMobileDeviceService.exe", "name_parent": "", "pid": 2612, "path": "C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe", "command_line": "\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "AGSService.exe", "name_parent": "", "pid": 2620, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "FMSISvc.exe", "name_parent": "", "pid": 2692, "path": "C:\\Program Files (x86)\\Futuremark\\SystemInfo\\FMSISvc.exe", "command_line": "\"C:\\Program Files (x86)\\Futuremark\\SystemInfo\\FMSISvc.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "raysat_3dsmax2014_64server.exe", "name_parent": "", "pid": 2744, "path": "C:\\Program Files\\Autodesk\\3ds Max 2014\\NVIDIA\\Satellite\\raysat_3dsmax2014_64serve r.exe", "command_line": "\"C:\\Program Files\\Autodesk\\3ds Max 2014\\NVIDIA\\Satellite\\raysat_3dsmax2014_64serve r.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "MBAMService.exe", "name_parent": "", "pid": 2752, "path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe", "command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "NVDisplay.Container.exe", "name_parent": "", "pid": 2780, "path": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe", "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe\" -s NVDisplay.ContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NVDisplay.ContainerLoca lSystem.log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\plugins\\LocalSy stem\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "nvcontainer.exe", "name_parent": "", "pid": 2812, "path": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -s NvContainerLocalSystem -f \"C:\\ProgramData\\NVIDIA\\NvContainerLocalSystem. log\" -l 3 -d \"C:\\Program Files\\NVIDIA Corporation\\NvContainer\\plugins\\LocalSystem\" -r -p 30000", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "OVRServiceLauncher.exe", "name_parent": "", "pid": 2836, "path": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe", "command_line": "\"C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe\"", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "NvTelemetryContainer.exe", "name_parent": "", "pid": 2844, "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe ", "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\NvTelemetryContainer.exe \" -s NvTelemetryContainer -f \"C:\\ProgramData\\NVIDIA\\NvTelemetryContainer.lo g\" -l 3 -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvTelemetry\\plugin\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 2940, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "ProductAgentService.exe", "name_parent": "", "pid": 2960, "path": "C:\\Program Files\\Bitdefender Agent\\ProductAgentService.exe", "command_line": "\"C:\\Program Files\\Bitdefender Agent\\ProductAgentService.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "svchost.exe", "name_parent": "", "pid": 3044, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "Plex Update Service.exe", "name_parent": "", "pid": 2268, "path": "C:\\Program Files (x86)\\Plex\\Plex Media Server\\Plex Update Service.exe", "command_line": "\"C:\\Program Files (x86)\\Plex\\Plex Media Server\\Plex Update Service.exe\"", "pid_parent": 824, "path_parent": "", "is_64": false }, { "name": "updatesrv.exe", "name_parent": "", "pid": 3096, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\updatesrv.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\updatesrv.exe\" /service", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "vsserv.exe", "name_parent": "", "pid": 3104, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe\" /service", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "vsservppl.exe", "name_parent": "", "pid": 3112, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\vsservppl.exe", "command_line": "", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "SearchIndexer.exe", "name_parent": "", "pid": 3200, "path": "C:\\Windows\\System32\\SearchIndexer.exe", "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "Memory Compression", "name_parent": "", "pid": 3320, "path": "", "command_line": "", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 3612, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "GoogleUpdate.exe", "name_parent": "", "pid": 2976, "path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c", "pid_parent": 8612, "path_parent": "", "is_64": false }, { "name": "csrss.exe", "name_parent": "", "pid": 3464, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "", "pid_parent": 3460, "path_parent": "", "is_64": true }, { "name": "winlogon.exe", "name_parent": "", "pid": 9952, "path": "C:\\Windows\\System32\\winlogon.exe", "command_line": "C:\\WINDOWS\\System32\\WinLogon.exe -SpecialSession", "pid_parent": 3460, "path_parent": "", "is_64": true }, { "name": "dwm.exe", "name_parent": "WinLogon.exe", "pid": 1108, "path": "C:\\Windows\\System32\\dwm.exe", "command_line": "\"dwm.exe\"", "pid_parent": 9952, "path_parent": "C:\\Windows\\System32\\winlogon.exe", "is_64": true }, { "name": "nvxdsync.exe", "name_parent": "NVDisplay.Container.exe", "pid": 8816, "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe", "command_line": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe ", "pid_parent": 2780, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display.NvContainer\\NVDisplay.Contai ner.exe", "is_64": true }, { "name": "nvcontainer.exe", "name_parent": "nvcontainer.exe", "pid": 9548, "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe\" -f \"C:\\ProgramData\\NVIDIA\\NvContainerUser%d.lo g\" -d \"C:\\Program Files (x86)\\NVIDIA Corporation\\NvContainer\\plugins\\User\" -r -l 3 -p 30000 -c", "pid_parent": 2812, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvContainer\\nvcontainer.exe", "is_64": false }, { "name": "sihost.exe", "name_parent": "svchost.exe", "pid": 2648, "path": "C:\\Windows\\System32\\sihost.exe", "command_line": "sihost.exe", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1536, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "OVRServer_x64.exe", "name_parent": "OVRServiceLauncher.exe", "pid": 4192, "path": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServer_x64.exe", "command_line": "100", "pid_parent": 2836, "path_parent": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServiceLauncher.exe", "is_64": true }, { "name": "DriverToolkit.exe", "name_parent": "svchost.exe", "pid": 4748, "path": "C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe", "command_line": "\"C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe\" --autorun", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": false }, { "name": "conhost.exe", "name_parent": "OVRServer_x64.exe", "pid": 1312, "path": "C:\\Windows\\System32\\conhost.exe", "command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0x4", "pid_parent": 4192, "path_parent": "C:\\Program Files\\Oculus\\Support\\oculus-runtime\\OVRServer_x64.exe", "is_64": true }, { "name": "jwpen.exe", "name_parent": "jwpen.exe", "pid": 5384, "path": "C:\\Windows\\jwpen.exe", "command_line": "Jwpen.exe /runtablet", "pid_parent": 1716, "path_parent": "C:\\Windows\\jwpen.exe", "is_64": false }, { "name": "bdagent.exe", "name_parent": "vsserv.exe", "pid": 3344, "path": "C:\\Program Files\\Bitdefender Antivirus Free\\bdagent.exe", "command_line": "\"C:\\Program Files\\Bitdefender Antivirus Free\\bdagent.exe\" -minimized", "pid_parent": 3104, "path_parent": "C:\\Program Files\\Bitdefender Antivirus Free\\vsserv.exe", "is_64": true }, { "name": "RuntimeBroker.exe", "name_parent": "svchost.exe", "pid": 7812, "path": "C:\\Windows\\System32\\RuntimeBroker.exe", "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "taskhostw.exe", "name_parent": "svchost.exe", "pid": 7984, "path": "C:\\Windows\\System32\\taskhostw.exe", "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", "pid_parent": 1128, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "explorer.exe", "name_parent": "", "pid": 8556, "path": "C:\\Windows\\explorer.exe", "command_line": "C:\\WINDOWS\\Explorer.EXE", "pid_parent": 5136, "path_parent": "", "is_64": true }, { "name": "ShellExperienceHost.exe", "name_parent": "svchost.exe", "pid": 7852, "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n 1h2txyewy\\ShellExperienceHost.exe", "command_line": "\"C:\\WINDOWS\\SystemApps\\ShellExperienceHost_cw 5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3 t.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Microsoft.StickyNotes.exe", "name_parent": "svchost.exe", "pid": 10216, "path": "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftStickyNotes _1.7.1.0_x64__8wekyb3d8bbwe\\Microsoft.StickyNotes .exe", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftStickyNotes _1.7.1.0_x64__8wekyb3d8bbwe\\Microsoft.StickyNotes .exe\" -ServerName:App.AppXqx982emnayc5vbja1mrpk9zh4r774nd 8.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SearchUI.exe", "name_parent": "svchost.exe", "pid": 8800, "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortan a_cw5n1h2txyewy\\SearchUI.exe", "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cort ana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m 3btvepj.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "TabTip.exe", "name_parent": "svchost.exe", "pid": 5704, "path": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe", "command_line": "/QuitInfo:0000000000000ED8;0000000000000BD0; ", "pid_parent": 1036, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "TabTip32.exe", "name_parent": "TabTip.exe", "pid": 6548, "path": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\TabTip32.exe", "command_line": "/loadhooks /Parent:0000000000001648", "pid_parent": 5704, "path_parent": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe", "is_64": false }, { "name": "nvtray.exe", "name_parent": "nvxdsync.exe", "pid": 2120, "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe", "command_line": "\"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe\" -user_has_logged_in 1\"", "pid_parent": 8816, "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe", "is_64": true }, { "name": "ApplicationFrameHost.exe", "name_parent": "svchost.exe", "pid": 3140, "path": "C:\\Windows\\System32\\ApplicationFrameHost.e xe", "command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.e xe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "Microsoft.Photos.exe", "name_parent": "svchost.exe", "pid": 5988, "path": "C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_17.21 4.10010.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe ", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_17.21 4.10010.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe \" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7 f.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "SystemSettings.exe", "name_parent": "svchost.exe", "pid": 1160, "path": "C:\\Windows\\ImmersiveControlPanel\\SystemSetting s.exe", "command_line": "\"C:\\WINDOWS\\ImmersiveControlPanel\\SystemSetti ngs.exe\" -ServerName:microsoft.windows.immersivecontrolpanel ", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "WinStore.App.exe", "name_parent": "svchost.exe", "pid": 8420, "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11701.1 001.79.0_x64__8wekyb3d8bbwe\\WinStore.App.exe", "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_11701.1 001.79.0_x64__8wekyb3d8bbwe\\WinStore.App.exe\" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdz a.mca", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "smartscreen.exe", "name_parent": "svchost.exe", "pid": 6356, "path": "C:\\Windows\\System32\\smartscreen.exe", "command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "Explorer.EXE", "pid": 7796, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" ", "pid_parent": 8556, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 7668, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler /prefetch:7 \"--database=C:\\Users\\caponeart\\AppData\\Local\\Goo gle\\Chrome\\User Data\\Crashpad\" \"--metrics-dir=C:\\Users\\caponeart\\AppData\\Local\\Google\\ Chrome\\User Data\" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=57.0.2987.110 --initial-client-data=0x1ac,0x1b0,0x1b4,0x1a8,0x1b8,0x7ffb113c3990, 0x7ffb113c3980,0x7ffb113c3948", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9116, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=watcher --main-thread-id=2628 --on-initialized-event-handle=600 --parent-handle=604 /prefetch:6", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 1444, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --field-trial-handle=1312 --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,19,20,23,41,74 --disable-gl-extensions=\"GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent\" --gpu-vendor-id=0x10de --gpu-device-id=0x17c8 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7653 --gpu-driver-date=12-29-2016 --service-request-channel-token=68998B6CBD964E9CE0F43B3BEEE6C4AE --mojo-platform-channel-handle=1324 --ignored=\" --type=renderer \" /prefetch:2", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 7136, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=08C6323C8D667A7D074CB1514B1EFCC5 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=08C6323C8D667A7D074CB1514B1EFCC5 --renderer-client-id=9 --mojo-platform-channel-handle=2528 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9756, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=3ECA03C435086DE717F4E91A17664D35 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=3ECA03C435086DE717F4E91A17664D35 --renderer-client-id=10 --mojo-platform-channel-handle=2860 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 944, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=03909413F125E42EC04BBA4D9E1F4445 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=03909413F125E42EC04BBA4D9E1F4445 --renderer-client-id=4 --mojo-platform-channel-handle=4776 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 2064, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=4E686C4FCD627F998F52B03B48091BC4 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=4E686C4FCD627F998F52B03B48091BC4 --renderer-client-id=5 --mojo-platform-channel-handle=5216 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 6372, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=8F822BB71762D2EFFBB1DE70FA81BDE4 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=8F822BB71762D2EFFBB1DE70FA81BDE4 --renderer-client-id=6 --mojo-platform-channel-handle=3872 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9660, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=776B4DA90476DA9A64A4DECD2A2BA333 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=776B4DA90476DA9A64A4DECD2A2BA333 --renderer-client-id=14 --mojo-platform-channel-handle=2308 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "audiodg.exe", "name_parent": "svchost.exe", "pid": 1272, "path": "C:\\Windows\\System32\\audiodg.exe", "command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x49c", "pid_parent": 1136, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 2412, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=5E17297DBE6385081C5659CFA8324F56 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=5E17297DBE6385081C5659CFA8324F56 --renderer-client-id=55 --mojo-platform-channel-handle=10740 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 6948, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=DA3427CB1864365C47940B172AFE9ACC --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=DA3427CB1864365C47940B172AFE9ACC --renderer-client-id=56 --mojo-platform-channel-handle=8472 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 8324, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=973121BA892B9A8DA02B913BFA6C3B33 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=973121BA892B9A8DA02B913BFA6C3B33 --renderer-client-id=74 --mojo-platform-channel-handle=7376 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "", "pid": 1772, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "", "pid_parent": 824, "path_parent": "", "is_64": true }, { "name": "RogueKillerX64.exe", "name_parent": "Explorer.EXE", "pid": 9228, "path": "D:\\DownloadT\\RogueKillerX64.exe", "command_line": "\"D:\\DownloadT\\RogueKillerX64.exe\" ", "pid_parent": 8556, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "SearchProtocolHost.exe", "name_parent": "SearchIndexer.exe", "pid": 8856, "path": "", "command_line": "", "pid_parent": 3200, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": false }, { "name": "SearchFilterHost.exe", "name_parent": "SearchIndexer.exe", "pid": 8508, "path": "", "command_line": "", "pid_parent": 3200, "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe", "is_64": false }, { "name": "Taskmgr.exe", "name_parent": "", "pid": 7820, "path": "C:\\Windows\\System32\\Taskmgr.exe", "command_line": "\"C:\\WINDOWS\\System32\\Taskmgr.exe\" /3 ", "pid_parent": 7592, "path_parent": "", "is_64": true }, { "name": "WmiPrvSE.exe", "name_parent": "svchost.exe", "pid": 1080, "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe", "command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe", "pid_parent": 996, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 3708, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=0A9CBD355981A724A0E06D86E7B7E280 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=0A9CBD355981A724A0E06D86E7B7E280 --renderer-client-id=182 --mojo-platform-channel-handle=11408 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 9484, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=19BF31099AF8B4A9D234FC94CF28A89C --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=19BF31099AF8B4A9D234FC94CF28A89C --renderer-client-id=183 --mojo-platform-channel-handle=10820 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true }, { "name": "chrome.exe", "name_parent": "chrome.exe", "pid": 1204, "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --field-trial-handle=1312 --primordial-pipe-token=DF88A59AC989E6EB2B018AE2CE828844 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFr ame=false,disallowFetchForDocWrittenScriptsInMainF rameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,355 3;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,1 0,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,1 5,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,355 3;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,1 0,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,1 5,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,355 3;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,1 0,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,1 5,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,355 3;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,1 0,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,1 5,3553 --service-request-channel-token=DF88A59AC989E6EB2B018AE2CE828844 --renderer-client-id=184 --mojo-platform-channel-handle=8940 /prefetch:1", "pid_parent": 7796, "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "is_64": true } ] }, "results": { "processes": [], "modules": [], "services": [], "registry": [ { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "DriverToolkit", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "DriverToolkit", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "UNINSTALL", "view": 256, "value": "", "subkey": "Hola", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\ \CurrentVersion\\Uninstall", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP.Gen1" ], "rule_name": "UNINSTALL", "view": 512, "value": "", "subkey": "{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\ \CurrentVersion\\Uninstall", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\S-1-5-21-688256190-4230952076-4288899304-1001\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "Found", "status_choice": 0, "status_removed": 0 } ], "tasks": [ { "scan_what": 0, "scan_how": [ 1, 2 ], "vendors": [ "PUP.Gen0" ], "parent_folder": "", "name": "DriverToolkit Autorun.job", "path": "%WINDIR%\\Tasks\\DriverToolkit Autorun.job", "application_path": "C:\\Program Files (x86)\\DriverToolkit\\DriverToolkit.exe", "application_directory": "", "application_args": "--autorun", "vtscore": -1, "status_str": "Found", "status_choice": 0, "status_removed": 0 } ], "filesystem": [ { "scan_what": 3, "scan_how": [ 1, 2 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\Public\\Desktop\\DriverToolkit.lnk ", "path_compressed": "%SystemDrive%\\Users\\Public\\Desktop\\DriverTool kit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\caponeart\\AppData\\Roaming\\ZHP\\Quar antine\\drivertoolkit.DIR\\DriverToolkit.lnk", "path_compressed": "%APPDATA%\\ZHP\\Quarantine\\drivertoolkit.DIR\\Dr iverToolkit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 3, "name": "Uninstall DriverToolkit.lnk", "path_expanded": "C:\\Users\\caponeart\\AppData\\Roaming\\ZHP\\Quar antine\\drivertoolkit.DIR\\Uninstall DriverToolkit.lnk", "path_compressed": "%APPDATA%\\ZHP\\Quarantine\\drivertoolkit.DIR\\Un install DriverToolkit.lnk", "extra": "", "md5": "B1D6153B48E44D135FE52764DFBF9EE5", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\unins000.exe", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 2, "name": "DriverToolkit", "path_expanded": "C:\\Users\\caponeart\\AppData\\Local\\DriverToolk it", "path_compressed": "%localappdata%\\DriverToolkit", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 2, "name": "DriverToolkit", "path_expanded": "C:\\Program Files (x86)\\DriverToolkit", "path_compressed": "%programfiles(x86)%\\DriverToolkit", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP.Gen1" ], "status_choice": 0, "processed": [ { "type": 3, "name": "DriverToolkit.lnk", "path_expanded": "C:\\Users\\Public\\Desktop\\DriverToolkit.lnk ", "path_compressed": "%SystemDrive%\\Users\\Public\\Desktop\\DriverTool kit.lnk", "extra": "", "md5": "B35BCDC8758F44BB092590D92A8E744C", "md5_low_level": "", "forged": false, "lnk_target": "C:\\PROGRA~2\\DRIVER~1\\DRIVER~1.EXE", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "Found", "status_removed": 0 } ] } ], "wmi": [], "hosts": { "is_too_big": false, "lines": [] }, "antirootkit": { "is_driver_loaded": true, "driver_error": 0, "results": [] }, "web_browsers": [ { "scan_what": 2, "scan_how": [ 2 ], "vendors": [ "PUP.Gen1" ], "browser": 3, "browser_str": "Chrome", "config": { "user": "Default [SecurePrefs]", "line": "session.startup_urls [google.ca/|http://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtD0F0FyD0 CyByEtDyC0Bzyzz0D0CyEtN0D0Tzu0SzztCzytN1L2XzutBtFt CzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1 L1Qzu2SyByBzztCzytAyCyCtG0FzyzzzytGzyzytCtBtG0ByE0 F0BtGyB0FyBtB0AtA0F0CyE0ByC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2StDtD0DzyyCtC0CyEtGzyzyzyyBtG0B0AtCyBtGyD0F0Fy EtGyB0E0D0AtDyDtDzy0CtByD0E2Q&cr=541562008&ir=|htt p://search.easylifeapp.com/|http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtD0F0 F0DtDzztD0EyDtDyBzz0D0CyEtN0D0Tzu0StBtByEtN1L2Xzut BtFtCtFtCtFtAtCtB&cr=729992677]", "key": "session.startup_urls", "value": "http://www.google.ca/|http://start.mysearchdial.com/?f=1&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtD0F0FyD0 CyByEtDyC0Bzyzz0D0CyEtN0D0Tzu0SzztCzytN1L2XzutBtFt CzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1 L1Qzu2SyByBzztCzytAyCyCtG0FzyzzzytGzyzytCtBtG0ByE0 F0BtGyB0FyBtB0AtA0F0CyE0ByC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2StDtD0DzyyCtC0CyEtGzyzyzyyBtG0B0AtCyBtGyD0F0Fy EtGyB0E0D0AtDyDtDzy0CtByD0E2Q&cr=541562008&ir=|htt p://search.easylifeapp.com/|http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtD0F0 F0DtDzztD0EyDtDyBzz0D0CyEtN0D0Tzu0StBtByEtN1L2Xzut BtFtCtFtCtFtAtCtB&cr=729992677" }, "status_str": "Found", "status_malicious": true, "status_choice": 0, "status_removed": 0 } ], "disk": { "results": [], "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++\n--- User ---\n[MBR] 16504f9b3fe2e4483df211f475a19637\n[BSP] e1e94a92e7ed2fb4a32f6cb70bb643c9 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: TOSHIBA DT01ACA100 +++++\n--- User ---\n[MBR] 4782199583405370b304024007aaae56\n[BSP] bfb2ab6e5d018b16802b8318ecfbe761 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n" } } }[/ICODE]

**capwn** · 03-31-2017, 10:28 AM

Next, JRT scan.

**Malnutrition** · 03-31-2017, 11:01 AM

Alright, awaiting the adware cleaner log… After that lets have a scan with FRST…

Let’s have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
Please Copy & Paste them into your next reply. But attach Shortcut.txt

**Malnutrition** · 03-31-2017, 11:03 AM

Also, did you do a system restore after the first tool since it deleted your Chrome?

**capwn** · 04-01-2017, 11:41 AM

I made a restore point but didn’t do a restore. When I discovered that Chrome wasn’t working I just reinstalled it. Have to say, after RogueKiller it seems to have fixed the issue. I’ve ran my pc a few times now and Malwarebytes and the video convertor open up. I think it was something to do with Chrome, I noticed Chrome stuff appearing as malware in the last few logs.

Is it still worth running adware and FRST?

Do you have any idea what the issue could have been? Also how can I better defend my pc against similar problems? In the past I just had 2 malware programes (malware bytes and bitdefender) and did scans every week or so. Hoping that between them they would catch everything. I have also had this ‘PUP.Optional.MySearchDial’ entry appear as malware EVERY single time and even after all we’ve done it still showed up when I did a Malware scan this morning. I used to have AVG but that caused problems.

I wouldn’t mind paying (I’m a premium owner of Malwarebytes) but have never found any PC protection that 100% works. Can you point me in the right direction as to how to better guard my pc in the future?

Many programs just don't run anymore

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment