• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved I've definitely got Malware!

Status
Not open for further replies.

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#1
Hi, I am having a few problems with this laptop. Firstly, I can't use the web browser without it throwing popups at me and opening random tabs. Things also seem to be quite slow in general, especially the startup time. Anyway please find the required logs below and please let me know if you need any more info.

Any help would be greatly appreciated, Thank you.

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by tom_000 (administrator) on TOMPC (12-11-2018 07:03:38)
Running from C:\Users\tom_000\Downloads
Loaded Profiles: tom_000 (Available Profiles: tom_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\turbovpn.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350232 2016-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [turbovpn] => C:\Program Files (x86)\360\TurboVPN\turbovpn.exe [2039720 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] (Qualcomm®Atheros®)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {11d852ed-d472-11e8-bed0-240a64748f00} - "H:\windows\AutoRun.exe"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {5c2c7a09-d824-11e7-824e-806e6f6e6963} - "G:\Launcher\LAUNCHER.EXE"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {f271adf9-3388-11e8-beab-240a64748f00} - "K:\windows\AutoRun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D816D837-DE4A-40D8-9CA2-F47587DBBC66}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{F94E9B2C-F669-4329-A390-092A546AB1BF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=wcb_iwnn_16_43&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0BtCyB0ByD0D0BzztByCyBtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCtAyEtAyDyD0BtGtCyD0AzytGtAyDyE0CtGtB0EtA0CtGyB0DyE0EyByCtA0E0E0Czzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0CyDzz0C0B0EtG0EyDyC0AtGyE0FzyzytGzytByDyCtG0DtC0Ezy0CzzyB0ByCtCyC0A2QtN0A0LzuyE&cr=553886225&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=wcb_iwnn_16_43&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0BtCyB0ByD0D0BzztByCyBtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCtAyEtAyDyD0BtGtCyD0AzytGtAyDyE0CtGtB0EtA0CtGyB0DyE0EyByCtA0E0E0Czzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0CyDzz0C0B0EtG0EyDyC0AtGyE0FzyzytGzytByDyCtG0DtC0Ezy0CzzyB0ByCtCyC0A2QtN0A0LzuyE&cr=553886225&ir=
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D102918-N0540A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=wcb_iwnn_16_43&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0BtCyB0ByD0D0BzztByCyBtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCtAyEtAyDyD0BtGtCyD0AzytGtAyDyE0CtGtB0EtA0CtGyB0DyE0EyByCtA0E0E0Czzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0CyDzz0C0B0EtG0EyDyC0AtGyE0FzyzytGzytByDyCtG0DtC0Ezy0CzzyB0ByCtCyC0A2QtN0A0LzuyE&cr=553886225&ir=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=wcb_iwnn_16_43&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0BtCyB0ByD0D0BzztByCyBtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCtAyEtAyDyD0BtGtCyD0AzytGtAyDyE0CtGtB0EtA0CtGyB0DyE0EyByCtA0E0E0Czzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0CyDzz0C0B0EtG0EyDyC0AtGyE0FzyzytGzytByDyCtG0DtC0Ezy0CzzyB0ByCtCyC0A2QtN0A0LzuyE&cr=553886225&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=wcb_iwnn_16_43&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0BtCyB0ByD0D0BzztByCyBtN0D0Tzu0StCyByCtDtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCtAyEtAyDyD0BtGtCyD0AzytGtAyDyE0CtGtB0EtA0CtGyB0DyE0EyByCtA0E0E0Czzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0CyDzz0C0B0EtG0EyDyC0AtGyE0FzyzytGzytByDyCtG0DtC0Ezy0CzzyB0ByCtCyC0A2QtN0A0LzuyE&cr=553886225&ir=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4099405795-894134324-1714426187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D102918-N0550A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4099405795-894134324-1714426187-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D102918-N0550A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4099405795-894134324-1714426187-1002 -> {ielnksrch} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-06-13] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: d8wqy9fc.default
FF ProfilePath: C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default [2018-11-12]
FF Homepage: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102918-N0450A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF NewTab: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102918-N0450A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF Extension: (ADB Helper) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\[email protected] [2018-08-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF SearchPlugin: C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\searchplugins\bing-lavasoft-ff59.xml [2018-10-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-19] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\848309421.js [2017-12-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\848309421.cfg [2017-12-30] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4411616 2018-08-30] (TotalAV)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TurboVpnSvc; C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe [384424 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4307192 2016-02-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-06-30] (ASUS Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-02-13] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2018-05-30] (LogMeIn Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31632 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59272 2018-03-14] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
R3 pwftap; C:\WINDOWS\system32\DRIVERS\pwftap.sys [36736 2016-10-14] (The OpenVPN Project)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [10848 2000-08-30] () [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2018-04-27] (BigNox Corporation)
S1 aswArPot; \??\C:\WINDOWS\system32\drivers\aswArPot.sys [X]
S1 aswbidsdriver; \??\C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [X]
S0 aswbidsh; system32\drivers\aswbidsha.sys [X]
S0 aswblog; system32\drivers\aswbloga.sys [X]
S0 aswbuniv; system32\drivers\aswbuniva.sys [X]
S1 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
S3 aswHwid; \??\C:\WINDOWS\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; system32\drivers\aswRvrt.sys [X]
S1 aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys [X]
S1 aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys [X]
S2 aswStm; \??\C:\WINDOWS\system32\drivers\aswStm.sys [X]
S0 aswVmm; system32\drivers\aswVmm.sys [X]
S1 otjynlav; \??\C:\WINDOWS\system32\drivers\otjynlav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-21 07:11 - 2023-10-21 07:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-10-17 19:15 - 2023-10-17 10:39 - 000000000 ____D C:\eSupport
2023-10-17 19:14 - 2013-08-15 10:54 - 000000044 _____ C:\WINDOWS\AsToolCDVer.txt
2023-10-17 11:00 - 2016-10-24 15:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-10-17 10:45 - 2023-10-17 10:45 - 000040798 _____ C:\WINDOWS\AsChkDev.txt
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 ____D C:\ProgramData\USBChargerPlus
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 _____ C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTEK_G750JW_G750JX_G750JXA_V70_WIN8.MRK
2023-10-17 10:39 - 2023-10-17 10:39 - 000003266 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2023-10-17 10:39 - 2023-10-17 10:39 - 000003054 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2023-10-17 10:39 - 2023-10-17 10:39 - 000003026 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2023-10-17 10:39 - 2023-10-17 10:39 - 000003002 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2023-10-17 10:39 - 2023-10-17 10:39 - 000002986 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2023-10-17 10:39 - 2023-10-17 10:39 - 000002954 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files\ASUS
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files (x86)\ASUS Gaming Mouse
2023-10-17 10:39 - 2018-01-02 20:22 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2023-10-17 10:39 - 2018-01-02 20:22 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2023-10-17 10:39 - 2016-11-04 03:21 - 000000000 ____D C:\ProgramData\P4G
2023-10-17 10:39 - 2013-01-10 13:20 - 000022016 _____ C:\WINDOWS\SysWOW64\ASUS.scr
2023-10-17 10:39 - 2012-07-09 17:17 - 000000433 _____ C:\WINDOWS\gx850nbuninst.iss
2023-10-17 10:36 - 2016-10-24 15:14 - 000000000 ____D C:\ProgramData\Atheros
2023-10-17 10:34 - 2013-03-27 07:37 - 000000911 _____ C:\WINDOWS\SysWOW64\ProductName.ini
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\WINDOWS\SysWOW64\UMonit64.exe
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\SysWOW64\IconCfg0.ini
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\system32\IconCfg0.ini
2023-10-17 10:34 - 2012-11-29 03:26 - 005623808 _____ (Genesys) C:\WINDOWS\system32\GeneIcon.dll
2023-10-17 10:34 - 2012-03-26 15:50 - 000172097 _____ C:\WINDOWS\SysWOW64\NoMSGuninstall.exe
2023-10-17 10:34 - 2011-05-30 02:13 - 000001519 _____ C:\WINDOWS\SysWOW64\_IconCfg0.ini
2023-10-17 10:32 - 2017-07-26 07:58 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2023-10-17 10:32 - 2013-06-13 11:26 - 000347336 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_a2dp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000179432 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_hcrp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000136784 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_rcp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000115912 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_avdt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000089800 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_flt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000077464 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_lwflt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000034384 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_bus.sys
2023-10-17 10:31 - 2017-12-03 12:55 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2023-10-17 10:29 - 2023-10-17 10:29 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-10-17 10:29 - 2018-01-16 16:29 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-10-17 10:29 - 2017-07-21 16:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2023-10-17 10:29 - 2013-08-20 12:17 - 002585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2023-10-17 10:29 - 2013-08-14 08:36 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 001084160 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2023-10-17 10:29 - 2013-08-05 10:11 - 002743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2023-10-17 10:29 - 2013-07-28 02:48 - 027518208 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2023-10-17 10:29 - 2013-07-24 02:07 - 002032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2023-10-17 10:29 - 2013-07-23 07:40 - 002103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 014048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 001916672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 000922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2023-10-17 10:29 - 2013-06-05 13:42 - 000208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000501192 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000487368 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000415688 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2023-10-17 10:29 - 2012-03-08 03:47 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2023-10-17 10:29 - 2011-08-23 09:00 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2023-10-17 10:29 - 2010-09-27 01:34 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\ProgramData\Intel
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files\Intel
2023-10-17 10:28 - 2017-12-03 12:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2023-10-17 10:28 - 2013-06-23 19:05 - 000064624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\HECIx64.sys
2023-10-17 10:28 - 2013-06-23 19:05 - 000016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2023-10-17 10:21 - 2023-10-17 10:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-10-17 10:21 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files (x86)\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ___HD C:\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\WINDOWS\Options
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2023-10-17 10:21 - 2013-06-27 18:43 - 000084997 _____ C:\WINDOWS\system32\athw8x.cat
2023-10-17 10:21 - 2013-06-27 18:43 - 000080211 _____ C:\WINDOWS\system32\athwbx.cat
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2023-10-17 10:21 - 2013-06-06 02:23 - 003794432 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2023-10-17 10:21 - 2013-01-28 04:36 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2023-10-17 10:20 - 2023-10-17 10:21 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
2018-11-12 07:03 - 2018-11-12 07:04 - 000021240 _____ C:\Users\tom_000\Downloads\FRST.txt
2018-11-12 07:03 - 2018-11-12 07:03 - 000000000 ____D C:\FRST
2018-11-12 06:58 - 2018-11-12 07:02 - 002415616 _____ (Farbar) C:\Users\tom_000\Downloads\FRST64.exe
2018-11-12 05:05 - 2018-11-12 05:05 - 000000000 ____D C:\Users\tom_000\ansel
2018-11-12 05:03 - 2018-11-12 05:03 - 000001030 _____ C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2018-11-12 04:45 - 2018-11-12 04:45 - 000000000 ____D C:\Users\tom_000\Downloads\Chips-Challenge_DOS_EN
2018-11-12 04:44 - 2018-11-12 04:44 - 000180329 _____ C:\Users\tom_000\Downloads\Chips-Challenge_DOS_EN.zip
2018-11-12 04:41 - 2018-11-12 04:41 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-11-12 04:05 - 2018-11-12 04:05 - 000000000 ____D C:\Users\tom_000\Documents\TotalAV
2018-11-12 04:05 - 2018-11-12 04:05 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-11-12 04:04 - 2018-11-12 04:04 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\TotalAV
2018-11-12 04:03 - 2018-11-12 05:01 - 000000000 ____D C:\Program Files (x86)\TotalAV
2018-11-12 04:03 - 2018-11-12 04:03 - 000001005 _____ C:\Users\tom_000\Desktop\TotalAV.lnk
2018-11-12 03:54 - 2018-11-12 03:54 - 018480208 _____ C:\Users\tom_000\Downloads\TotalAV_Setup.exe
2018-11-12 03:54 - 2018-11-12 03:54 - 000000000 ____D C:\ProgramData\360TSBackup
2018-11-12 03:41 - 2018-11-12 03:41 - 000002853 _____ C:\Users\tom_000\Desktop\Word.lnk
2018-11-12 03:41 - 2018-11-12 03:41 - 000002805 _____ C:\Users\tom_000\Desktop\Excel.lnk
2018-11-12 03:40 - 2018-11-12 03:40 - 000002823 _____ C:\Users\tom_000\Desktop\PowerPoint.lnk
2018-11-12 03:33 - 2018-11-12 03:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-11-12 03:31 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-12 03:31 - 2018-11-12 03:31 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-12 03:29 - 2018-11-12 03:29 - 000000000 __RHD C:\MSOCache
2018-11-12 03:28 - 2018-11-12 03:28 - 000000000 ____D C:\Users\tom_000\Downloads\Office-13
2018-11-12 03:16 - 2018-11-12 03:16 - 556103853 _____ C:\Users\tom_000\Downloads\Office-13.zip
2018-11-12 02:51 - 2018-11-12 02:57 - 674844328 _____ (Microsoft Corporation) C:\Users\tom_000\Downloads\proplussp2013-kb2817430-fullfile-x86-en-us.exe
2018-11-12 02:47 - 2018-11-12 02:47 - 000000000 ____D C:\Users\tom_000\Downloads\KMSPico 10.2.1
2018-11-12 02:45 - 2018-11-12 02:45 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Temp
2018-11-12 02:30 - 2018-11-12 05:01 - 000000000 ____D C:\Users\tom_000\Downloads\installer_x86-x64_89006
2018-11-12 01:41 - 2018-11-12 01:41 - 000363948 _____ C:\Users\tom_000\Downloads\morrowind_icon_by_hazreth.zip
2018-11-08 05:02 - 2018-11-12 01:50 - 000000657 _____ C:\Users\Public\Desktop\Morrowind.lnk
2018-11-08 02:05 - 2018-11-08 02:05 - 000001240 _____ C:\Users\tom_000\Desktop\Sim City 3000.lnk
2018-11-08 01:53 - 2018-11-08 01:57 - 000000000 ____D C:\Users\tom_000\Downloads\The.Elder.Scrolls.III.Morrowind.GOTY.Edition-GOG
2018-11-08 01:51 - 2018-11-08 01:58 - 000000000 ____D C:\Users\tom_000\Downloads\Simcity 4 Deluxe edition GOG_
2018-11-08 01:50 - 2018-11-08 01:56 - 000000000 ____D C:\Users\tom_000\Downloads\SimCity.3000.Unlimited-GOG
2018-11-08 01:11 - 2018-11-08 01:11 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-11-08 01:10 - 2018-11-08 01:10 - 000000000 ____D C:\Users\tom_000\AppData\Local\Package Cache
2018-11-06 03:56 - 2018-11-12 04:59 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\WinSys
2018-11-06 02:06 - 2018-11-06 02:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-06 02:05 - 2018-11-06 02:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-11-06 02:05 - 2018-11-06 02:04 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-06 02:03 - 2018-11-06 02:03 - 002741576 _____ (BitTorrent Inc.) C:\Users\tom_000\Downloads\uTorrent.exe
2018-11-06 00:20 - 2018-11-06 00:20 - 000003170 _____ C:\WINDOWS\System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2}
2018-11-05 22:16 - 2018-11-05 22:16 - 000000598 _____ C:\WINDOWS\eReg.dat
2018-10-29 14:33 - 2018-10-29 14:33 - 000000000 ____D C:\Users\tom_000\AppData\Local\Circus_of_Doom
2018-10-20 14:08 - 2018-10-20 14:08 - 000062616 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2018-10-20 14:06 - 2018-10-20 14:06 - 000902808 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2018-10-20 14:06 - 2018-10-20 14:06 - 000902296 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2018-10-15 23:04 - 2018-10-15 23:05 - 000000000 ____D C:\Users\tom_000\Downloads\ROTT Collection
2018-10-15 00:36 - 2018-10-15 00:36 - 000000000 ____D C:\Users\tom_000\Downloads\nightmare_5

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-17 19:16 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\ASUS
2023-10-17 11:23 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\Log
2018-11-12 06:52 - 2016-10-24 16:39 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4099405795-894134324-1714426187-1002
2018-11-12 05:19 - 2016-10-24 15:12 - 000000000 ____D C:\Users\tom_000\AppData\Local\Packages
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 05:08 - 2016-11-21 14:00 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Mozilla
2018-11-12 05:07 - 2014-11-22 01:01 - 000863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 05:07 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-12 05:05 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000
2018-11-12 05:05 - 2017-12-03 12:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-12 05:05 - 2016-10-24 15:13 - 000000074 _____ C:\Users\tom_000\AppData\Roaming\sp_data.sys
2018-11-12 05:04 - 2018-01-22 13:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-12 05:04 - 2018-01-13 15:33 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-11-12 05:04 - 2017-12-03 12:52 - 000000000 ____D C:\Users\tom_000\OneDrive
2018-11-12 05:01 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-12 05:00 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-11-12 04:38 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe
2018-11-12 03:57 - 2018-05-04 13:25 - 005107400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-12 03:33 - 2014-11-22 00:45 - 000000000 ____D C:\WINDOWS\ShellNew
2018-11-12 03:33 - 2013-08-22 15:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 03:32 - 2012-07-26 05:26 - 000000199 _____ C:\WINDOWS\win.ini
2018-11-12 03:31 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-12 02:48 - 2016-10-25 22:43 - 000000000 __SHD C:\$360Section
2018-11-12 02:48 - 2016-10-24 17:12 - 000000000 ____D C:\ProgramData\360Quarant
2018-11-12 02:45 - 2018-07-14 20:38 - 004843838 _____ C:\Users\tom_000\Downloads\KMSPico 10.2.1.zip
2018-11-12 02:31 - 2016-10-24 15:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-12 01:30 - 2016-10-25 22:30 - 000000000 ____D C:\Users\tom_000\Documents\THE DUMP
2018-11-10 02:12 - 2017-12-11 00:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\GameMakerStudio2
2018-11-08 01:57 - 2016-10-24 22:55 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\vlc
2018-11-08 01:56 - 2018-05-13 22:43 - 000000000 ____D C:\Users\tom_000\Downloads\15-Free-Ambient-Sound-Effects
2018-11-08 01:10 - 2016-11-26 23:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-07 03:29 - 2018-07-16 13:13 - 000000000 ____D C:\Users\tom_000\Documents\Bluetooth Folder
2018-11-06 16:37 - 2017-12-11 00:01 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2018-11-05 21:34 - 2018-09-28 21:51 - 000004460 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-05 21:34 - 2018-09-28 21:51 - 000004326 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-05 21:34 - 2016-10-24 16:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\Adobe
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-05 21:21 - 2016-11-26 23:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-05 21:21 - 2016-10-24 15:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-05 21:20 - 2016-10-24 16:11 - 000004478 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-01 23:39 - 2016-10-26 15:14 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Adobe
2018-11-01 22:37 - 2017-12-30 22:41 - 000000925 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\Program Files\Revo Uninstaller Pro
2018-10-29 06:07 - 2016-10-24 17:11 - 000086248 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2018-10-19 03:31 - 2018-01-31 12:56 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4099405795-894134324-1714426187-1002
2018-10-15 21:48 - 2016-10-27 20:41 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-10-26 11:50 - 2016-10-26 11:50 - 007214592 _____ () C:\Users\tom_000\AppData\Roaming\agent.dat
2016-10-26 11:50 - 2016-10-26 11:50 - 000070704 _____ () C:\Users\tom_000\AppData\Roaming\Config.xml
2016-10-26 11:50 - 2016-10-26 11:50 - 001911081 _____ () C:\Users\tom_000\AppData\Roaming\Hotlab.tst
2016-10-26 11:50 - 2016-10-26 11:50 - 000019104 _____ () C:\Users\tom_000\AppData\Roaming\InstallationConfiguration.xml
2016-10-26 11:50 - 2016-10-26 11:50 - 000140288 _____ () C:\Users\tom_000\AppData\Roaming\Installer.dat
2016-10-26 11:50 - 2016-10-26 11:50 - 000018432 _____ () C:\Users\tom_000\AppData\Roaming\Main.dat
2016-10-26 11:50 - 2016-10-26 11:50 - 000005568 _____ () C:\Users\tom_000\AppData\Roaming\md.xml
2016-10-26 11:50 - 2016-10-26 11:50 - 000126464 _____ () C:\Users\tom_000\AppData\Roaming\noah.dat
2018-04-17 23:04 - 2018-04-18 23:13 - 000000560 _____ () C:\Users\tom_000\AppData\Roaming\odalaunch.ini
2016-10-24 15:13 - 2018-11-12 05:05 - 000000074 _____ () C:\Users\tom_000\AppData\Roaming\sp_data.sys
2016-10-26 11:53 - 2016-10-26 11:53 - 000001150 _____ () C:\Users\tom_000\AppData\Roaming\uninstall_temp.ico
2017-12-21 00:36 - 2017-12-21 00:36 - 000000045 _____ () C:\Users\tom_000\AppData\Roaming\WB.CFG
2016-10-26 11:51 - 2016-10-26 11:51 - 001897572 _____ () C:\Users\tom_000\AppData\Roaming\Xxx-fax.bin
2016-10-26 11:51 - 2016-10-26 11:51 - 000041472 _____ () C:\Users\tom_000\AppData\Local\plexgreen.dat
2016-10-26 11:51 - 2016-10-26 11:51 - 000000187 _____ () C:\Users\tom_000\AppData\Local\plexgreen.exe.config

Some files in TEMP:
====================
2018-09-12 19:13 - 2015-01-26 14:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\tom_000\AppData\Local\Temp\AcDeltree.exe
2018-11-06 02:16 - 2018-11-06 02:16 - 002741576 _____ (BitTorrent Inc.) C:\Users\tom_000\AppData\Local\Temp\Microsoft_Office_2013_Full_Version_With_Serial_Key.exe
2018-11-06 02:09 - 2018-11-06 02:10 - 002969488 _____ (BitTorrent Inc.) C:\Users\tom_000\AppData\Local\Temp\Microsoft_Office_2016_Full_Crack.exe
2018-06-28 13:00 - 2012-10-01 10:22 - 000150648 ____R (Microsoft Corporation) C:\Users\tom_000\AppData\Local\Temp\ose00000.exe
2018-10-20 14:09 - 2018-11-01 22:37 - 015890296 _____ (VS Revo Group ) C:\Users\tom_000\AppData\Local\Temp\VSUSetup.exe
2018-08-20 12:23 - 2018-09-12 18:54 - 000391384 _____ (adaware) C:\Users\tom_000\AppData\Local\Temp\wcupdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-12 06:52

==================== End of FRST.txt ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by tom_000 (12-11-2018 07:04:21)
Running from C:\Users\tom_000\Downloads
Windows 8.1 (Update) (X64) (2017-12-03 12:49:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4099405795-894134324-1714426187-500 - Administrator - Disabled)
Guest (S-1-5-21-4099405795-894134324-1714426187-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4099405795-894134324-1714426187-1004 - Limited - Enabled)
tom_000 (S-1-5-21-4099405795-894134324-1714426187-1002 - Administrator - Enabled) => C:\Users\tom_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: Total AV (Enabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 TurboVPN (HKLM-x32\...\TurboVpn) (Version: 1.1.0.1071 - 360 Security Center)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Autodesk DirectConnect 2016 64-bit (HKLM\...\{7A12802C-4864-423D-9732-3A22577CE006}) (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AVS Video Editor 8.0.4 (HKLM-x32\...\AVS Video Editor_is1) (Version: 8.0.4.305 - Online Media Technologies Ltd.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Doom Builder 2.1 (HKLM-x32\...\Doom Builder 2_is1) (Version: - CodeImp)
ELAN Touchpad 11.5.21.6_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.21.6 - ELAN Microelectronic Corp.)
FileZilla Client 3.35.1 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\FileZilla Client) (Version: 3.35.1 - Tim Kosse)
GameMaker Studio 2 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\GameMakerStudio2) (Version: - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
LEGO LOCO (HKLM-x32\...\LEGO LOCO) (Version: - )
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-GB)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-GB)) (Version: 45.8.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.3.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.7.1 (32-bit) (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\{850389b4-a056-4ecc-9c8d-e3ef594fc929}) (Version: 3.7.1150.0 - Python Software Foundation)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.0.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.1 - VS Revo Group, Ltd.)
SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version: - )
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.6 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.14.1 (HKLM-x32\...\DaggerfallSetup_is1) (Version: - Bethesda Softworks)
The Elder Scrolls III - Morrowind GotY (HKLM-x32\...\1435828767_is1) (Version: 2.0.0.7 - GOG.com)
The Sims 4 (HKLM-x32\...\{39320F2B-0F05-4593-ACBE-4356750BBEB2}) (Version: 1.0.797.20 - Electronic Arts)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.9.36 - TotalAV)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B03 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tom_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0023955C-FF93-4D98-B492-13DFACA86932} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {06515E22-96B6-4118-AAF3-4747E08DA898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {1A5A14DB-9F7D-4098-91D9-35675C6C7D9A} - System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\SimCity 3000\Apps\SC3U.exe" -d "D:\Electronic Arts\SimCity 3000\Apps"
Task: {2736F417-FF06-436C-B8CF-986ABF2A6BEC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {3CBF275E-804E-4830-9DF4-B2FFF6412AE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {3FDC8BFB-EA67-42AB-BEEB-B6DD4030EA09} - \[email protected] -> No File <==== ATTENTION
Task: {442E1362-48DE-44D8-8F83-812E36C0888C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {57722C69-7E74-49A9-B883-51C764AFEE8D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {61645AAD-11D8-46AF-8DD9-3C51CBBAB3E1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {62D40998-10B1-4E51-9C16-064B55A1BD12} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {67584B25-EC45-4A33-A3E3-EF03FB5B612C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {690A4EA0-FC72-4D7A-8E75-1C40F605DB6D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {75285037-005C-4639-A662-CE61B949E50C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {7D73304C-74C8-43C9-8B9B-A7ECF157F970} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8167DADC-F267-4BF6-87E6-B34F8BEF554B} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {91A833AE-BD50-4572-8A5E-06400587419C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {A4989271-722D-47A4-B2BB-8B6EFED319E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {ADD6C536-DA5F-49A1-90FE-6A5FA038C8A8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {B2352961-1460-461D-A9B5-EE3028F0D57D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C348DEDA-43CF-4C5E-A8D0-9B07C79D162B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C8A50F32-7F14-4F55-BDE9-9D689176886A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {CC6F9322-1D62-42AE-93FC-CBCCDDCEE524} - \One System Care Task -> No File <==== ATTENTION
Task: {D5D05400-2CFA-4B29-B645-6D90FFEF1C0B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {D69001D5-F4BC-4E7E-A5D8-FAEADC2ABA82} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {E9DC1E94-90B3-4FCF-BA1B-06F294B57B9E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EDC530A9-B74E-4FF9-8715-54A5184B9120} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EE535B9D-97EC-4D62-8D9F-B88A74801605} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-12] (AVAST Software)
Task: {EE7344A3-1C55-4CBD-A88C-970A85BB15E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\tom_000\Desktop\Minecraft\Skin Editor.lnk -> C:\Program Files (x86)\Minecraft\Extra\SkinEdit Alpha 3 pre 7\Launch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-16 13:15 - 2018-03-24 01:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2012-12-19 06:10 - 2012-12-19 06:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2018-04-16 12:45 - 2018-03-14 13:01 - 001268112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-07-23 08:54 - 2013-07-23 08:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-07-23 11:42 - 2018-07-23 11:42 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-13 11:44 - 2013-06-13 11:44 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-13 11:40 - 2013-06-13 11:40 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-06-13 11:47 - 2013-06-13 11:47 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2023-10-17 10:39 - 2013-05-15 13:39 - 000463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2016-12-08 15:38 - 2017-04-06 03:27 - 000377448 _____ () C:\Program Files (x86)\360\TurboVPN\vpn\vpnmgr.dll
2018-04-16 12:45 - 2018-03-14 13:01 - 001041808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-04-29 13:17 - 2013-04-29 13:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2018-01-22 13:44 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-22 13:44 - 2018-11-08 19:02 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-22 13:44 - 2018-11-08 19:02 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-22 13:44 - 2016-07-04 22:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-08 15:38 - 2017-04-06 03:27 - 000523392 _____ () C:\Program Files (x86)\360\TurboVPN\libphonenumber.dll
2018-01-22 13:45 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 002264352 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 000124704 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2023-10-17 10:28 - 2013-06-23 19:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2017-12-30 22:43 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\tom_000\Desktop\black-red-dragon-desktop-wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2E78C1E-82E7-4F4F-991E-FDF5CEBB0BAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D2684D4-F80A-4FAC-8A3B-872E97142CF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{121C5447-207A-425C-933A-74373EEEABB7}C:\program files\gamemaker studio 2\gamemakerstudio.exe] => (Allow) C:\program files\gamemaker studio 2\gamemakerstudio.exe
FirewallRules: [UDP Query User{FE120A4C-6B08-40AF-9380-EAA5560D69FE}C:\program files\gamemaker studio 2\gamemakerstudio.exe] => (Allow) C:\program files\gamemaker studio 2\gamemakerstudio.exe
FirewallRules: [{E74A53B6-39C2-407F-BE22-5DDAC3174E01}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{438A0453-4939-4DD7-B034-6C5346CC8447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5800239D-320A-42B7-8941-F0257B4F5256}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9A9CDB8-8F3B-4D65-B309-04B0DFD8AA8D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{572A1978-BC38-4067-A3E4-4100A81098E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zoombinis\Zoombinis.exe
FirewallRules: [{AE2FBCF2-9C53-41C4-8086-71E5EE31966A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zoombinis\Zoombinis.exe
FirewallRules: [{7EF4EFE1-37C1-4F7B-8B20-1280C3FD5032}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{561849A0-AE21-4377-AA7B-9DF1B9C2A70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{17887D86-8251-4CE7-99E5-32C0379BE289}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{31FDBB17-AAC1-4C2A-8F6D-7E99F165AF89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BE010C27-0BEA-4DE5-B8A6-FE84C1767F10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{343DEE6F-3EAB-43B9-9672-AAE81A5DCE72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AFA118DE-A242-42A7-911C-A115C1756CE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{5398C1B7-EEAB-45F9-8042-A02D3DC05FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{A9E106F4-A98D-4ACE-BDA6-B654D2C67294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{E1E93936-DDA0-4D04-93A3-470EC044C401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{A48CB9D1-8CE5-450E-9800-E41F55615C63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe
FirewallRules: [{A447F047-FEC4-4EF5-AE82-DF441D9430A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe
FirewallRules: [TCP Query User{855E9041-2288-46CA-972B-73614190C72C}C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe
FirewallRules: [UDP Query User{AD74ECCF-FC17-4D97-BB31-D6A749299484}C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe
FirewallRules: [TCP Query User{A7A52B97-9042-47D6-9547-329352EBD6D5}C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe
FirewallRules: [UDP Query User{3E25E9A9-4FF5-4062-9655-69CEA2C72780}C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe
FirewallRules: [{BB8DF588-CF83-4635-8E46-FF2F3E4DC5DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{5CCD1D26-6AC2-430E-8C94-BBCC70A564AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{75AFD684-F7CB-4EA5-8D81-8E53C2FD9463}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{42140891-B07F-41E1-8F63-8F4CAFA5F9C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{7E3ED64E-4FFC-4516-B0D0-19DECE3DCFB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [{32002D3C-269D-4B5F-9BC7-F14C2A140178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [{D5C5F0BF-4D09-4AF1-846E-F463C797AC6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe
FirewallRules: [{EF6B9BD6-7B14-42C0-A127-9C208F3C0C9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe
FirewallRules: [{EB06C43B-0B66-418A-B1F5-E622D053FF7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe
FirewallRules: [{47F8A932-9FAB-439B-A53C-00BD79E77454}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe
FirewallRules: [{39CD0E5C-7FB4-4671-AF14-B49633F572D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe
FirewallRules: [{3224103F-0D3F-4589-A186-C0E8E5EC9D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe
FirewallRules: [{79AEE680-BFE4-4500-BE34-0346DB30F17D}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{FEFA9B84-CE4F-43D6-AFA1-49DB030A4951}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{FB6F8FF7-3E2F-4AE6-AAFB-DE34CD8FA04E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rusted Warfare\Rusted Warfare.exe
FirewallRules: [{B3F89FCF-88AF-4C35-8674-2FCE608A7995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rusted Warfare\Rusted Warfare.exe
FirewallRules: [{5666F36C-B201-40C9-B50F-A0FCD81228C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Exiled Kingdoms\exiledkingdoms.exe
FirewallRules: [{C8E01A92-AD85-4064-ABB8-CB5FB18ADD70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Exiled Kingdoms\exiledkingdoms.exe
FirewallRules: [{4DCAC138-7EF2-4E77-A9A1-F0BC9B57E6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{75FCA597-7401-4333-93A1-BA39A45E58C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [TCP Query User{60F64D5A-EB76-4DF8-A514-A17C73F1CE0B}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [UDP Query User{0283EB00-B366-40FF-821C-2BE152DA2F19}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{B75302DE-B8A9-418D-81E8-14729EFDB5E7}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{454DD365-1FCB-4F64-A765-F10E017C0A4B}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{4F67F98D-BE36-4682-88E3-3679FA4957C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [{94DEDA27-2670-4C44-A239-9F0F0DDA8D0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [TCP Query User{27A02C38-1442-4510-AF94-6556F3F6C816}D:\electronic arts\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\electronic arts\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [UDP Query User{76BA3691-C08F-475B-82A0-D6CBB01C78E1}D:\electronic arts\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\electronic arts\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [TCP Query User{D8DB8DC5-29F4-47E4-A553-0169168EC5BB}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe] => (Allow) C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe
FirewallRules: [UDP Query User{6D33496D-6E09-4C3C-9871-A56D658DB69D}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe] => (Allow) C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe
FirewallRules: [TCP Query User{A0595C67-84A3-4936-8910-6CF3E9C24F49}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{51F7F62E-17B9-4B3F-94D7-B1EA1FD40679}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{595D29AF-32CB-4725-81E8-C5FD48F297B5}D:\electronic arts\simcity 3000\apps\updater\updater.exe] => (Allow) D:\electronic arts\simcity 3000\apps\updater\updater.exe
FirewallRules: [UDP Query User{31A1D5FB-1C0E-4205-AF1C-11D7684E1E00}D:\electronic arts\simcity 3000\apps\updater\updater.exe] => (Allow) D:\electronic arts\simcity 3000\apps\updater\updater.exe

==================== Restore Points =========================

25-10-2018 12:26:51 Scheduled Checkpoint
01-11-2018 22:40:37 Revo Uninstaller Pro's restore point - Castlevania - The New Generation
08-11-2018 01:10:27 Python 3.7.1 (32-bit)
12-11-2018 02:29:19 Revo Uninstaller Pro's restore point - Microsoft Office Professional Plus 2013
12-11-2018 02:29:55 PROPLUSR
12-11-2018 03:29:58 STANDARD
12-11-2018 03:53:35 Revo Uninstaller Pro's restore point - 360 Total Security
12-11-2018 05:05:24 Revo Uninstaller Pro's restore point - Avast Free Antivirus
12-11-2018 05:07:17 Revo Uninstaller Pro's restore point - SimCity 2000 Special Edition
12-11-2018 05:08:03 Revo Uninstaller Pro's restore point - Web Companion
12-11-2018 05:09:15 Revo Uninstaller Pro's restore point - Odamex 0.7.0
12-11-2018 05:10:56 Revo Uninstaller Pro's restore point - Origin
12-11-2018 05:11:56 Revo Uninstaller Pro's restore point - µTorrent
12-11-2018 05:13:32 Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 4.0.1
12-11-2018 05:14:16 Revo Uninstaller Pro's restore point - Money
12-11-2018 05:15:09 Revo Uninstaller Pro's restore point - Music Maker Jam
12-11-2018 05:17:05 Revo Uninstaller Pro's restore point - Sport
12-11-2018 05:17:55 Revo Uninstaller Pro's restore point - Travel
12-11-2018 05:18:55 Revo Uninstaller Pro's restore point - - Games App -

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2018 05:18:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:15:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:14:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:13:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:11:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:10:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/12/2018 05:01:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/12/2018 05:01:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avast Antivirus service depends on the aswMonFlt service which failed to start because of the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 05:01:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 05:01:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 04:04:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service did not respond on starting.

Error: (11/12/2018 04:03:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (11/12/2018 04:03:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/12/2018 03:58:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2018-11-12 04:47:34.120
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:54.325
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:38.531
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:42:24.633
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin.../Dynamer!rfn&threatid=2147721515&enterprise=0
Name: Trojan:Win32/Dynamer!rfn
ID: 2147721515
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\AppData\Roaming\WinSys\xcoresys.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:41:35.418
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...Bunitu.Q!bit&threatid=2147719161&enterprise=0
Name: TrojanProxy:Win32/Bunitu.Q!bit
ID: 2147719161
Severity: Severe
Category: Trojan Proxy Server
Path: file:_C:\Users\tom_000\AppData\Local\Temp\xdata7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 03:56:49.868
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-12 03:56:49.821
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-01-04 21:52:51.517
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8109.51 MB
Available physical RAM: 4992.79 MB
Total Virtual: 9389.51 MB
Available Virtual: 5257.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:104.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:227.95 GB) NTFS
Drive e: (Data1) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive f: (Data2) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS

\\?\Volume{5fad5eed-a8b5-43f7-ae97-6bd3da8314fc}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS
\\?\Volume{532860a5-8711-4ef4-a61d-bcd5d326fb54}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{c326800a-a155-427f-ae31-51bf334bfb80}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A4C07785)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 029DB826)

Partition: GPT.

==================== End of Addition.txt ============================
aswMBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2018-11-12 07:12:19
-----------------------------
07:12:19.950 OS Version: Windows x64 6.2.9200
07:12:19.950 Number of processors: 8 586 0x3C03
07:12:19.950 ComputerName: TOMPC UserName:
07:12:21.715 Initialize success
07:12:21.762 VM: initialized successfully
07:12:21.762 VM: Intel CPU supported
07:12:23.164 VM: not used
07:12:43.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
07:12:43.681 Disk 0 Vendor: HGST_HTS725050A7E630 GH2OA450 Size: 476940MB BusType: 11
07:12:43.681 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000038
07:12:43.681 Disk 1 Vendor: HGST_HTS725050A7E630 GH2OA450 Size: 476940MB BusType: 11
07:12:43.806 Disk 0 MBR read successfully
07:12:43.806 Disk 0 MBR scan
07:12:43.822 Disk 0 unknown MBR code
07:12:43.822 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:12:43.838 Disk 0 scanning C:\WINDOWS\system32\drivers
07:13:10.807 Service scanning
07:13:33.260 Modules scanning
07:13:33.760 Disk 0 trace - called modules:
07:13:33.760 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
07:13:33.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001d0bf3060]
07:13:33.776 3 CLASSPNP.SYS[fffff80004371170] -> nt!IofCallDriver -> [0xffffe001d060c5b0]
07:13:33.776 5 ACPI.sys[fffff80003e26c21] -> nt!IofCallDriver -> [0xffffe001d06065b0]
07:13:33.776 7 ACPI.sys[fffff80003e26c21] -> nt!IofCallDriver -> \Device\00000036[0xffffe001d060f1c0]
07:13:33.776 Disk 0 statistics 131195/0/0 @ 2.89 MB/s
07:13:33.791 Scan finished successfully
07:14:01.073 Disk 0 MBR has been saved successfully to "C:\Users\tom_000\Desktop\MBR.dat"
07:14:01.088 The log file has been saved successfully to "C:\Users\tom_000\Desktop\aswMBR.txt"
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#2
Hi there @FireflyX91 and welcome to PCHF :)

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"


Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post :)

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon
to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  • If the dashboard is not already displayed select it.
  • Then select Update to get the latest definition database.



  • Next we need to change a scanning option, select Settings on the main menu
  • Then Detection and Protection on the left.
  • Then select Scan for rootkits in the detection options, as well as the other two options already checked.



Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



  • Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected



A dialogue box may open and ask to restart the computer, if so select Yes



Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



Please copy and paste the contents of the text file in your next post :)
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#3
Thanks for the response. I've ran the Malwarebytes and here's the reports from that:


# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-12-2018
# Duration: 00:00:04
# OS: Windows 8.1
# Cleaned: 50
# Failed: 0


***** [ Services ] *****

Deleted SecurityService

***** [ Folders ] *****

Deleted C:\Users\tom_000\AppData\Roaming\AGData
Deleted C:\Program Files (x86)\TotalAV
Deleted C:\Users\tom_000\AppData\Roaming\TotalAV
Deleted C:\Users\tom_000\Documents\TotalAV
Deleted C:\ProgramData\Logic Handler
Deleted C:\ProgramData\iWin
Deleted C:\ProgramData\iwin games
Deleted C:\Windows\System32\SSL

***** [ Files ] *****

Deleted C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Deleted C:\Users\tom_000\Desktop\TotalAV.lnk
Deleted C:\Users\tom_000\AppData\Roaming\md.xml
Deleted C:\Users\tom_000\AppData\Roaming\Config.xml
Deleted C:\Users\tom_000\AppData\Roaming\noah.dat
Deleted C:\Users\tom_000\AppData\Roaming\Installer.dat
Deleted C:\Users\tom_000\AppData\Roaming\InstallationConfiguration.xml
Deleted C:\Users\tom_000\AppData\Roaming\Main.dat
Deleted C:\Users\tom_000\AppData\Roaming\agent.dat
Deleted C:\Users\tom_000\Downloads\TOTALAV_SETUP.EXE
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKU\S-1-5-18\Software\ByteFence
Deleted HKU\.DEFAULT\Software\ByteFence
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
Deleted HKCU\Software\CoinisRevShare
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC6F9322-1D62-42AE-93FC-CBCCDDCEE524}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6F9322-1D62-42AE-93FC-CBCCDDCEE524}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Deleted HKLM\Software\Wow6432Node\mtRonzap
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted http://www.bing.com/?pc=COSP&ptag=D102918-N0450A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5832 octets] - [12/11/2018 07:45:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/11/2018
Scan Time: 07:59
Log File: ec713500-e650-11e8-88fb-00ffb54f97c0.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7799
Licence: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: TOMPC\tom_000

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 292411
Threats Detected: 28
Threats Quarantined: 28
Time Elapsed: 9 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Wiki, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Quarantined, [2144], [360475],1.0.7799

Registry Value: 3
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [745], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [745], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [745], [259988],1.0.7799

Registry Data: 2
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [745], [293486],1.0.7799
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [745], [293485],1.0.7799

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++downloadastro.ysearchtab.com\idb\301792106ttes.files, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++downloadastro.ysearchtab.com\idb, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\USERS\TOM_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D8WQY9FC.DEFAULT\STORAGE\DEFAULT\http+++downloadastro.ysearchtab.com, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++repository.ysearchtab.com\idb\301792106ttes.files, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++repository.ysearchtab.com\idb, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\USERS\TOM_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D8WQY9FC.DEFAULT\STORAGE\DEFAULT\http+++repository.ysearchtab.com, Quarantined, [1986], [395234],1.0.7799

File: 16
PUP.Optional.Smeazymo, C:\USERS\TOM_000\APPDATA\LOCAL\plexgreen.dat, Quarantined, [2902], [183917],1.0.7799
PUP.Optional.Smeazymo, C:\USERS\TOM_000\APPDATA\LOCAL\plexgreen.exe.config, Quarantined, [2902], [183917],1.0.7799
PUP.Optional.Palikan, C:\USERS\TOM_000\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\PALIKAN.ICO, Quarantined, [318], [255721],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++downloadastro.ysearchtab.com\idb\301792106ttes.sqlite, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++downloadastro.ysearchtab.com\.metadata, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++downloadastro.ysearchtab.com\.metadata-v2, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++repository.ysearchtab.com\idb\301792106ttes.sqlite, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++repository.ysearchtab.com\.metadata, Quarantined, [1986], [395234],1.0.7799
PUP.Optional.YSearchTab, C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\storage\default\http+++repository.ysearchtab.com\.metadata-v2, Quarantined, [1986], [395234],1.0.7799
Adware.Linkury.Generic, C:\USERS\TOM_000\APPDATA\ROAMING\Hotlab.tst, Quarantined, [3737], [405188],1.0.7799
Adware.Linkury.Generic, C:\USERS\TOM_000\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, Quarantined, [3737], [405196],1.0.7799
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\848309421.js, Quarantined, [5344], [484673],1.0.7799
PUP.Optional.Conduit, C:\USERS\TOM_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D8WQY9FC.DEFAULT\PREFS.JS, Replaced, [216], [301520],1.0.7799
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\848309421.CFG, Quarantined, [5344], [345408],1.0.7799
Adware.Linkury, C:\USERS\TOM_000\APPDATA\ROAMING\XXX-FAX.BIN, Quarantined, [1132], [504848],1.0.7799
RiskWare.Tool.CK, C:\PROGRAM FILES (X86)\AVSVIDEOEDITOR\PATCH.EXE, Quarantined, [5781], [137325],1.0.7799

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#5
I'm not sure that it really matters but the shortcut to my antivirus has disappeared from the desktop. What could have caused that?

Anyway here's the updated FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by tom_000 (administrator) on TOMPC (12-11-2018 21:33:54)
Running from C:\Users\tom_000\Downloads
Loaded Profiles: tom_000 (Available Profiles: tom_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Windows\SysWOW64\UMonit64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\turbovpn.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350232 2016-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [turbovpn] => C:\Program Files (x86)\360\TurboVPN\turbovpn.exe [2039720 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] (Qualcomm®Atheros®)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {11d852ed-d472-11e8-bed0-240a64748f00} - "H:\windows\AutoRun.exe"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {5c2c7a09-d824-11e7-824e-806e6f6e6963} - "G:\Launcher\LAUNCHER.EXE"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {f271adf9-3388-11e8-beab-240a64748f00} - "K:\windows\AutoRun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D816D837-DE4A-40D8-9CA2-F47587DBBC66}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{F94E9B2C-F669-4329-A390-092A546AB1BF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4099405795-894134324-1714426187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-06-13] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: d8wqy9fc.default
FF ProfilePath: C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default [2018-11-12]
FF Homepage: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102918-N0450A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF Extension: (ADB Helper) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\[email protected] [2018-08-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF SearchPlugin: C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\searchplugins\bing-lavasoft-ff59.xml [2018-10-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-19] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TurboVpnSvc; C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe [384424 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4307192 2016-02-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-06-30] (ASUS Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-02-13] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2018-05-30] (LogMeIn Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-12] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-12] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31632 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59272 2018-03-14] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
R3 pwftap; C:\WINDOWS\system32\DRIVERS\pwftap.sys [36736 2016-10-14] (The OpenVPN Project)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [10848 2000-08-30] () [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2018-04-27] (BigNox Corporation)
S1 aswArPot; \??\C:\WINDOWS\system32\drivers\aswArPot.sys [X]
S1 aswbidsdriver; \??\C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [X]
S0 aswbidsh; system32\drivers\aswbidsha.sys [X]
S0 aswblog; system32\drivers\aswbloga.sys [X]
S0 aswbuniv; system32\drivers\aswbuniva.sys [X]
S1 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
S3 aswHwid; \??\C:\WINDOWS\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; system32\drivers\aswRvrt.sys [X]
S1 aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys [X]
S1 aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys [X]
S2 aswStm; \??\C:\WINDOWS\system32\drivers\aswStm.sys [X]
S3 aswVmm; \??\C:\Users\tom_000\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S1 otjynlav; \??\C:\WINDOWS\system32\drivers\otjynlav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-21 07:11 - 2023-10-21 07:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-10-17 19:15 - 2023-10-17 10:39 - 000000000 ____D C:\eSupport
2023-10-17 19:14 - 2013-08-15 10:54 - 000000044 _____ C:\WINDOWS\AsToolCDVer.txt
2023-10-17 11:00 - 2016-10-24 15:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-10-17 10:45 - 2023-10-17 10:45 - 000040798 _____ C:\WINDOWS\AsChkDev.txt
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 ____D C:\ProgramData\USBChargerPlus
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 _____ C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTEK_G750JW_G750JX_G750JXA_V70_WIN8.MRK
2023-10-17 10:39 - 2023-10-17 10:39 - 000003266 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2023-10-17 10:39 - 2023-10-17 10:39 - 000003054 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2023-10-17 10:39 - 2023-10-17 10:39 - 000003026 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2023-10-17 10:39 - 2023-10-17 10:39 - 000003002 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2023-10-17 10:39 - 2023-10-17 10:39 - 000002986 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2023-10-17 10:39 - 2023-10-17 10:39 - 000002954 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files\ASUS
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files (x86)\ASUS Gaming Mouse
2023-10-17 10:39 - 2018-01-02 20:22 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2023-10-17 10:39 - 2018-01-02 20:22 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2023-10-17 10:39 - 2016-11-04 03:21 - 000000000 ____D C:\ProgramData\P4G
2023-10-17 10:39 - 2013-01-10 13:20 - 000022016 _____ C:\WINDOWS\SysWOW64\ASUS.scr
2023-10-17 10:39 - 2012-07-09 17:17 - 000000433 _____ C:\WINDOWS\gx850nbuninst.iss
2023-10-17 10:36 - 2016-10-24 15:14 - 000000000 ____D C:\ProgramData\Atheros
2023-10-17 10:34 - 2013-03-27 07:37 - 000000911 _____ C:\WINDOWS\SysWOW64\ProductName.ini
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\WINDOWS\SysWOW64\UMonit64.exe
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\SysWOW64\IconCfg0.ini
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\system32\IconCfg0.ini
2023-10-17 10:34 - 2012-11-29 03:26 - 005623808 _____ (Genesys) C:\WINDOWS\system32\GeneIcon.dll
2023-10-17 10:34 - 2012-03-26 15:50 - 000172097 _____ C:\WINDOWS\SysWOW64\NoMSGuninstall.exe
2023-10-17 10:34 - 2011-05-30 02:13 - 000001519 _____ C:\WINDOWS\SysWOW64\_IconCfg0.ini
2023-10-17 10:32 - 2017-07-26 07:58 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2023-10-17 10:32 - 2013-06-13 11:26 - 000347336 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_a2dp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000179432 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_hcrp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000136784 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_rcp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000115912 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_avdt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000089800 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_flt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000077464 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_lwflt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000034384 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_bus.sys
2023-10-17 10:31 - 2017-12-03 12:55 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2023-10-17 10:29 - 2023-10-17 10:29 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-10-17 10:29 - 2018-01-16 16:29 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-10-17 10:29 - 2017-07-21 16:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2023-10-17 10:29 - 2013-08-20 12:17 - 002585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2023-10-17 10:29 - 2013-08-14 08:36 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 001084160 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2023-10-17 10:29 - 2013-08-05 10:11 - 002743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2023-10-17 10:29 - 2013-07-28 02:48 - 027518208 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2023-10-17 10:29 - 2013-07-24 02:07 - 002032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2023-10-17 10:29 - 2013-07-23 07:40 - 002103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 014048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 001916672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 000922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2023-10-17 10:29 - 2013-06-05 13:42 - 000208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000501192 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000487368 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000415688 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2023-10-17 10:29 - 2012-03-08 03:47 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2023-10-17 10:29 - 2011-08-23 09:00 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2023-10-17 10:29 - 2010-09-27 01:34 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\ProgramData\Intel
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files\Intel
2023-10-17 10:28 - 2017-12-03 12:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2023-10-17 10:28 - 2013-06-23 19:05 - 000064624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\HECIx64.sys
2023-10-17 10:28 - 2013-06-23 19:05 - 000016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2023-10-17 10:21 - 2023-10-17 10:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-10-17 10:21 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files (x86)\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ___HD C:\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\WINDOWS\Options
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2023-10-17 10:21 - 2013-06-27 18:43 - 000084997 _____ C:\WINDOWS\system32\athw8x.cat
2023-10-17 10:21 - 2013-06-27 18:43 - 000080211 _____ C:\WINDOWS\system32\athwbx.cat
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2023-10-17 10:21 - 2013-06-06 02:23 - 003794432 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2023-10-17 10:21 - 2013-01-28 04:36 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2023-10-17 10:20 - 2023-10-17 10:21 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
2018-11-12 08:13 - 2018-11-12 08:13 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-12 08:12 - 2018-11-12 19:04 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-12 08:12 - 2018-11-12 08:12 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-12 07:54 - 2018-11-12 07:54 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-12 07:54 - 2018-11-12 07:54 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-12 07:54 - 2018-11-12 07:54 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Users\tom_000\AppData\Local\mbamtray
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Users\tom_000\AppData\Local\mbam
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-12 07:54 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-12 07:53 - 2018-11-12 07:53 - 079602504 _____ (Malwarebytes ) C:\Users\tom_000\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793.exe
2018-11-12 07:44 - 2018-11-12 07:46 - 000000000 ____D C:\AdwCleaner
2018-11-12 07:43 - 2018-11-12 07:43 - 007592144 _____ (Malwarebytes) C:\Users\tom_000\Desktop\adwcleaner_7.2.4.0.exe
2018-11-12 07:04 - 2018-11-12 07:04 - 005200384 _____ (AVAST Software) C:\Users\tom_000\Desktop\aswmbr.exe
2018-11-12 07:03 - 2018-11-12 21:34 - 000018795 _____ C:\Users\tom_000\Downloads\FRST.txt
2018-11-12 07:03 - 2018-11-12 21:33 - 000000000 ____D C:\FRST
2018-11-12 06:58 - 2018-11-12 07:02 - 002415616 _____ (Farbar) C:\Users\tom_000\Downloads\FRST64.exe
2018-11-12 05:05 - 2018-11-12 05:05 - 000000000 ____D C:\Users\tom_000\ansel
2018-11-12 04:45 - 2018-11-12 04:45 - 000000000 ____D C:\Users\tom_000\Downloads\Chips-Challenge_DOS_EN
2018-11-12 04:44 - 2018-11-12 04:44 - 000180329 _____ C:\Users\tom_000\Downloads\Chips-Challenge_DOS_EN.zip
2018-11-12 04:41 - 2018-11-12 04:41 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-11-12 04:05 - 2018-11-12 04:05 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-11-12 03:54 - 2018-11-12 03:54 - 000000000 ____D C:\ProgramData\360TSBackup
2018-11-12 03:41 - 2018-11-12 03:41 - 000002853 _____ C:\Users\tom_000\Desktop\Word.lnk
2018-11-12 03:41 - 2018-11-12 03:41 - 000002805 _____ C:\Users\tom_000\Desktop\Excel.lnk
2018-11-12 03:40 - 2018-11-12 03:40 - 000002823 _____ C:\Users\tom_000\Desktop\PowerPoint.lnk
2018-11-12 03:33 - 2018-11-12 03:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-11-12 03:31 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-12 03:31 - 2018-11-12 03:31 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-12 03:29 - 2018-11-12 03:29 - 000000000 __RHD C:\MSOCache
2018-11-12 03:28 - 2018-11-12 03:28 - 000000000 ____D C:\Users\tom_000\Downloads\Office-13
2018-11-12 03:16 - 2018-11-12 03:16 - 556103853 _____ C:\Users\tom_000\Downloads\Office-13.zip
2018-11-12 02:51 - 2018-11-12 02:57 - 674844328 _____ (Microsoft Corporation) C:\Users\tom_000\Downloads\proplussp2013-kb2817430-fullfile-x86-en-us.exe
2018-11-12 02:47 - 2018-11-12 02:47 - 000000000 ____D C:\Users\tom_000\Downloads\KMSPico 10.2.1
2018-11-12 02:45 - 2018-11-12 02:45 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Temp
2018-11-12 02:30 - 2018-11-12 05:01 - 000000000 ____D C:\Users\tom_000\Downloads\installer_x86-x64_89006
2018-11-12 01:41 - 2018-11-12 01:41 - 000363948 _____ C:\Users\tom_000\Downloads\morrowind_icon_by_hazreth.zip
2018-11-08 05:02 - 2018-11-12 01:50 - 000000657 _____ C:\Users\Public\Desktop\Morrowind.lnk
2018-11-08 02:05 - 2018-11-08 02:05 - 000001240 _____ C:\Users\tom_000\Desktop\Sim City 3000.lnk
2018-11-08 01:53 - 2018-11-08 01:57 - 000000000 ____D C:\Users\tom_000\Downloads\The.Elder.Scrolls.III.Morrowind.GOTY.Edition-GOG
2018-11-08 01:51 - 2018-11-08 01:58 - 000000000 ____D C:\Users\tom_000\Downloads\Simcity 4 Deluxe edition GOG_
2018-11-08 01:50 - 2018-11-08 01:56 - 000000000 ____D C:\Users\tom_000\Downloads\SimCity.3000.Unlimited-GOG
2018-11-08 01:11 - 2018-11-08 01:11 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-11-08 01:10 - 2018-11-08 01:10 - 000000000 ____D C:\Users\tom_000\AppData\Local\Package Cache
2018-11-06 03:56 - 2018-11-12 04:59 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\WinSys
2018-11-06 02:06 - 2018-11-06 02:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-06 02:05 - 2018-11-06 02:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-11-06 02:05 - 2018-11-06 02:04 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-06 02:03 - 2018-11-06 02:03 - 002741576 _____ (BitTorrent Inc.) C:\Users\tom_000\Downloads\uTorrent.exe
2018-11-06 00:20 - 2018-11-06 00:20 - 000003170 _____ C:\WINDOWS\System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2}
2018-11-05 22:16 - 2018-11-05 22:16 - 000000598 _____ C:\WINDOWS\eReg.dat
2018-10-29 14:33 - 2018-10-29 14:33 - 000000000 ____D C:\Users\tom_000\AppData\Local\Circus_of_Doom
2018-10-20 14:08 - 2018-10-20 14:08 - 000062616 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2018-10-20 14:06 - 2018-10-20 14:06 - 000902808 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2018-10-20 14:06 - 2018-10-20 14:06 - 000902296 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2018-10-15 23:04 - 2018-10-15 23:05 - 000000000 ____D C:\Users\tom_000\Downloads\ROTT Collection
2018-10-15 00:36 - 2018-10-15 00:36 - 000000000 ____D C:\Users\tom_000\Downloads\nightmare_5

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-17 19:16 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\ASUS
2023-10-17 11:23 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\Log
2018-11-12 21:29 - 2017-12-03 12:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-12 19:28 - 2016-10-24 16:39 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4099405795-894134324-1714426187-1002
2018-11-12 19:02 - 2016-11-21 14:00 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Mozilla
2018-11-12 08:19 - 2014-11-22 01:01 - 000863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 08:19 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-12 08:15 - 2016-10-24 15:13 - 000000074 _____ C:\Users\tom_000\AppData\Roaming\sp_data.sys
2018-11-12 08:14 - 2018-01-22 13:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-12 08:14 - 2018-01-13 15:33 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-11-12 08:14 - 2017-12-03 12:52 - 000000000 ____D C:\Users\tom_000\OneDrive
2018-11-12 08:12 - 2017-12-30 18:46 - 000000000 ____D C:\Program Files (x86)\AVSVideoEditor
2018-11-12 08:12 - 2016-10-24 15:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-12 08:12 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-12 07:46 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000
2018-11-12 05:19 - 2016-10-24 15:12 - 000000000 ____D C:\Users\tom_000\AppData\Local\Packages
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 05:00 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-11-12 04:38 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe
2018-11-12 03:57 - 2018-05-04 13:25 - 005107400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-12 03:33 - 2014-11-22 00:45 - 000000000 ____D C:\WINDOWS\ShellNew
2018-11-12 03:33 - 2013-08-22 15:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 03:32 - 2012-07-26 05:26 - 000000199 _____ C:\WINDOWS\win.ini
2018-11-12 03:31 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-12 02:48 - 2016-10-25 22:43 - 000000000 __SHD C:\$360Section
2018-11-12 02:48 - 2016-10-24 17:12 - 000000000 ____D C:\ProgramData\360Quarant
2018-11-12 02:45 - 2018-07-14 20:38 - 004843838 _____ C:\Users\tom_000\Downloads\KMSPico 10.2.1.zip
2018-11-12 01:30 - 2016-10-25 22:30 - 000000000 ____D C:\Users\tom_000\Documents\THE DUMP
2018-11-10 02:12 - 2017-12-11 00:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\GameMakerStudio2
2018-11-08 01:57 - 2016-10-24 22:55 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\vlc
2018-11-08 01:56 - 2018-05-13 22:43 - 000000000 ____D C:\Users\tom_000\Downloads\15-Free-Ambient-Sound-Effects
2018-11-08 01:10 - 2016-11-26 23:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-07 03:29 - 2018-07-16 13:13 - 000000000 ____D C:\Users\tom_000\Documents\Bluetooth Folder
2018-11-06 16:37 - 2017-12-11 00:01 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2018-11-05 21:34 - 2018-09-28 21:51 - 000004460 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-05 21:34 - 2018-09-28 21:51 - 000004326 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-05 21:34 - 2016-10-24 16:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\Adobe
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-05 21:21 - 2016-11-26 23:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-05 21:21 - 2016-10-24 15:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-05 21:20 - 2016-10-24 16:11 - 000004478 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-01 23:39 - 2016-10-26 15:14 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Adobe
2018-11-01 22:37 - 2017-12-30 22:41 - 000000925 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\Program Files\Revo Uninstaller Pro
2018-10-29 06:07 - 2016-10-24 17:11 - 000086248 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2018-10-19 03:31 - 2018-01-31 12:56 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4099405795-894134324-1714426187-1002
2018-10-15 21:48 - 2016-10-27 20:41 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2018-04-17 23:04 - 2018-04-18 23:13 - 000000560 _____ () C:\Users\tom_000\AppData\Roaming\odalaunch.ini
2016-10-24 15:13 - 2018-11-12 08:15 - 000000074 _____ () C:\Users\tom_000\AppData\Roaming\sp_data.sys
2017-12-21 00:36 - 2017-12-21 00:36 - 000000045 _____ () C:\Users\tom_000\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
2018-09-12 19:13 - 2015-01-26 14:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\tom_000\AppData\Local\Temp\AcDeltree.exe
2018-11-06 02:16 - 2018-11-06 02:16 - 002741576 _____ (BitTorrent Inc.) C:\Users\tom_000\AppData\Local\Temp\Microsoft_Office_2013_Full_Version_With_Serial_Key.exe
2018-11-06 02:09 - 2018-11-06 02:10 - 002969488 _____ (BitTorrent Inc.) C:\Users\tom_000\AppData\Local\Temp\Microsoft_Office_2016_Full_Crack.exe
2018-06-28 13:00 - 2012-10-01 10:22 - 000150648 ____R (Microsoft Corporation) C:\Users\tom_000\AppData\Local\Temp\ose00000.exe
2018-10-20 14:09 - 2018-11-01 22:37 - 015890296 _____ (VS Revo Group ) C:\Users\tom_000\AppData\Local\Temp\VSUSetup.exe
2018-08-20 12:23 - 2018-09-12 18:54 - 000391384 _____ (adaware) C:\Users\tom_000\AppData\Local\Temp\wcupdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-12 19:38

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by tom_000 (12-11-2018 21:34:30)
Running from C:\Users\tom_000\Downloads
Windows 8.1 (Update) (X64) (2017-12-03 12:49:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4099405795-894134324-1714426187-500 - Administrator - Disabled)
Guest (S-1-5-21-4099405795-894134324-1714426187-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4099405795-894134324-1714426187-1004 - Limited - Enabled)
tom_000 (S-1-5-21-4099405795-894134324-1714426187-1002 - Administrator - Enabled) => C:\Users\tom_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 TurboVPN (HKLM-x32\...\TurboVpn) (Version: 1.1.0.1071 - 360 Security Center)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Autodesk DirectConnect 2016 64-bit (HKLM\...\{7A12802C-4864-423D-9732-3A22577CE006}) (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AVS Video Editor 8.0.4 (HKLM-x32\...\AVS Video Editor_is1) (Version: 8.0.4.305 - Online Media Technologies Ltd.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Doom Builder 2.1 (HKLM-x32\...\Doom Builder 2_is1) (Version: - CodeImp)
ELAN Touchpad 11.5.21.6_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.21.6 - ELAN Microelectronic Corp.)
FileZilla Client 3.35.1 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\FileZilla Client) (Version: 3.35.1 - Tim Kosse)
GameMaker Studio 2 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\GameMakerStudio2) (Version: - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
LEGO LOCO (HKLM-x32\...\LEGO LOCO) (Version: - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-GB)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-GB)) (Version: 45.8.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.3.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.7.1 (32-bit) (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\{850389b4-a056-4ecc-9c8d-e3ef594fc929}) (Version: 3.7.1150.0 - Python Software Foundation)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.0.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.1 - VS Revo Group, Ltd.)
SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version: - )
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.6 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.14.1 (HKLM-x32\...\DaggerfallSetup_is1) (Version: - Bethesda Softworks)
The Elder Scrolls III - Morrowind GotY (HKLM-x32\...\1435828767_is1) (Version: 2.0.0.7 - GOG.com)
The Sims 4 (HKLM-x32\...\{39320F2B-0F05-4593-ACBE-4356750BBEB2}) (Version: 1.0.797.20 - Electronic Arts)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B03 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tom_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0023955C-FF93-4D98-B492-13DFACA86932} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {06515E22-96B6-4118-AAF3-4747E08DA898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {1A5A14DB-9F7D-4098-91D9-35675C6C7D9A} - System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\SimCity 3000\Apps\SC3U.exe" -d "D:\Electronic Arts\SimCity 3000\Apps"
Task: {2736F417-FF06-436C-B8CF-986ABF2A6BEC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {3CBF275E-804E-4830-9DF4-B2FFF6412AE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {3FDC8BFB-EA67-42AB-BEEB-B6DD4030EA09} - \[email protected] -> No File <==== ATTENTION
Task: {442E1362-48DE-44D8-8F83-812E36C0888C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {57722C69-7E74-49A9-B883-51C764AFEE8D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {61645AAD-11D8-46AF-8DD9-3C51CBBAB3E1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {62D40998-10B1-4E51-9C16-064B55A1BD12} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {67584B25-EC45-4A33-A3E3-EF03FB5B612C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {690A4EA0-FC72-4D7A-8E75-1C40F605DB6D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {75285037-005C-4639-A662-CE61B949E50C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {7D73304C-74C8-43C9-8B9B-A7ECF157F970} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8167DADC-F267-4BF6-87E6-B34F8BEF554B} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {91A833AE-BD50-4572-8A5E-06400587419C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {A4989271-722D-47A4-B2BB-8B6EFED319E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {ADD6C536-DA5F-49A1-90FE-6A5FA038C8A8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {B2352961-1460-461D-A9B5-EE3028F0D57D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C348DEDA-43CF-4C5E-A8D0-9B07C79D162B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C8A50F32-7F14-4F55-BDE9-9D689176886A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {D5D05400-2CFA-4B29-B645-6D90FFEF1C0B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {D69001D5-F4BC-4E7E-A5D8-FAEADC2ABA82} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {E9DC1E94-90B3-4FCF-BA1B-06F294B57B9E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EDC530A9-B74E-4FF9-8715-54A5184B9120} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EE535B9D-97EC-4D62-8D9F-B88A74801605} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-12] (AVAST Software)
Task: {EE7344A3-1C55-4CBD-A88C-970A85BB15E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\tom_000\Desktop\Minecraft\Skin Editor.lnk -> C:\Program Files (x86)\Minecraft\Extra\SkinEdit Alpha 3 pre 7\Launch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-16 13:15 - 2018-03-24 01:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2012-12-19 06:10 - 2012-12-19 06:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2018-04-16 12:45 - 2018-03-14 13:01 - 001268112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-12 07:54 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-12 07:54 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-07-23 08:54 - 2013-07-23 08:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-07-23 11:42 - 2018-07-23 11:42 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-13 11:44 - 2013-06-13 11:44 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-13 11:40 - 2013-06-13 11:40 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-13 11:47 - 2013-06-13 11:47 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2023-10-17 10:39 - 2013-05-15 13:39 - 000463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2016-12-08 15:38 - 2017-04-06 03:27 - 000377448 _____ () C:\Program Files (x86)\360\TurboVPN\vpn\vpnmgr.dll
2018-04-16 12:45 - 2018-03-14 13:01 - 001041808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-04-29 13:17 - 2013-04-29 13:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2018-01-22 13:44 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-22 13:44 - 2018-11-08 19:02 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-22 13:44 - 2018-11-08 19:02 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-22 13:44 - 2016-07-04 22:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-08 15:38 - 2017-04-06 03:27 - 000523392 _____ () C:\Program Files (x86)\360\TurboVPN\libphonenumber.dll
2018-01-22 13:45 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 002264352 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 000124704 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2023-10-17 10:28 - 2013-06-23 19:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2017-12-30 22:43 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\tom_000\Desktop\black-red-dragon-desktop-wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2E78C1E-82E7-4F4F-991E-FDF5CEBB0BAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D2684D4-F80A-4FAC-8A3B-872E97142CF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{121C5447-207A-425C-933A-74373EEEABB7}C:\program files\gamemaker studio 2\gamemakerstudio.exe] => (Allow) C:\program files\gamemaker studio 2\gamemakerstudio.exe
FirewallRules: [UDP Query User{FE120A4C-6B08-40AF-9380-EAA5560D69FE}C:\program files\gamemaker studio 2\gamemakerstudio.exe] => (Allow) C:\program files\gamemaker studio 2\gamemakerstudio.exe
FirewallRules: [{E74A53B6-39C2-407F-BE22-5DDAC3174E01}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{438A0453-4939-4DD7-B034-6C5346CC8447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5800239D-320A-42B7-8941-F0257B4F5256}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9A9CDB8-8F3B-4D65-B309-04B0DFD8AA8D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{572A1978-BC38-4067-A3E4-4100A81098E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zoombinis\Zoombinis.exe
FirewallRules: [{AE2FBCF2-9C53-41C4-8086-71E5EE31966A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zoombinis\Zoombinis.exe
FirewallRules: [{7EF4EFE1-37C1-4F7B-8B20-1280C3FD5032}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{561849A0-AE21-4377-AA7B-9DF1B9C2A70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{17887D86-8251-4CE7-99E5-32C0379BE289}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{31FDBB17-AAC1-4C2A-8F6D-7E99F165AF89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BE010C27-0BEA-4DE5-B8A6-FE84C1767F10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{343DEE6F-3EAB-43B9-9672-AAE81A5DCE72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AFA118DE-A242-42A7-911C-A115C1756CE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{5398C1B7-EEAB-45F9-8042-A02D3DC05FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Putt-Putt 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{A9E106F4-A98D-4ACE-BDA6-B654D2C67294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{E1E93936-DDA0-4D04-93A3-470EC044C401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Strife\strife-ve.exe
FirewallRules: [{A48CB9D1-8CE5-450E-9800-E41F55615C63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe
FirewallRules: [{A447F047-FEC4-4EF5-AE82-DF441D9430A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen 2\glh2.exe
FirewallRules: [TCP Query User{855E9041-2288-46CA-972B-73614190C72C}C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe
FirewallRules: [UDP Query User{AD74ECCF-FC17-4D97-BB31-D6A749299484}C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\glhwcl.exe
FirewallRules: [TCP Query User{A7A52B97-9042-47D6-9547-329352EBD6D5}C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe
FirewallRules: [UDP Query User{3E25E9A9-4FF5-4062-9655-69CEA2C72780}C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hexen 2\hwcl.exe
FirewallRules: [{BB8DF588-CF83-4635-8E46-FF2F3E4DC5DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{5CCD1D26-6AC2-430E-8C94-BBCC70A564AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{75AFD684-F7CB-4EA5-8D81-8E53C2FD9463}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{42140891-B07F-41E1-8F63-8F4CAFA5F9C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{7E3ED64E-4FFC-4516-B0D0-19DECE3DCFB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [{32002D3C-269D-4B5F-9BC7-F14C2A140178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heretic Shadow of the Serpent Riders\base\dosbox.exe
FirewallRules: [{D5C5F0BF-4D09-4AF1-846E-F463C797AC6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe
FirewallRules: [{EF6B9BD6-7B14-42C0-A127-9C208F3C0C9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen Deathkings of the Dark Citadel\base\dosbox.exe
FirewallRules: [{EB06C43B-0B66-418A-B1F5-E622D053FF7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe
FirewallRules: [{47F8A932-9FAB-439B-A53C-00BD79E77454}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hexen\base\dosbox.exe
FirewallRules: [{39CD0E5C-7FB4-4671-AF14-B49633F572D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe
FirewallRules: [{3224103F-0D3F-4589-A186-C0E8E5EC9D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Unit Whole Blood\dosbox.exe
FirewallRules: [{79AEE680-BFE4-4500-BE34-0346DB30F17D}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{FEFA9B84-CE4F-43D6-AFA1-49DB030A4951}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{FB6F8FF7-3E2F-4AE6-AAFB-DE34CD8FA04E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rusted Warfare\Rusted Warfare.exe
FirewallRules: [{B3F89FCF-88AF-4C35-8674-2FCE608A7995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rusted Warfare\Rusted Warfare.exe
FirewallRules: [{5666F36C-B201-40C9-B50F-A0FCD81228C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Exiled Kingdoms\exiledkingdoms.exe
FirewallRules: [{C8E01A92-AD85-4064-ABB8-CB5FB18ADD70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Exiled Kingdoms\exiledkingdoms.exe
FirewallRules: [{4DCAC138-7EF2-4E77-A9A1-F0BC9B57E6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [{75FCA597-7401-4333-93A1-BA39A45E58C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe
FirewallRules: [TCP Query User{60F64D5A-EB76-4DF8-A514-A17C73F1CE0B}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [UDP Query User{0283EB00-B366-40FF-821C-2BE152DA2F19}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{B75302DE-B8A9-418D-81E8-14729EFDB5E7}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{454DD365-1FCB-4F64-A765-F10E017C0A4B}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{4F67F98D-BE36-4682-88E3-3679FA4957C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [{94DEDA27-2670-4C44-A239-9F0F0DDA8D0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Gold\System\Unreal.exe
FirewallRules: [TCP Query User{27A02C38-1442-4510-AF94-6556F3F6C816}D:\electronic arts\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\electronic arts\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [UDP Query User{76BA3691-C08F-475B-82A0-D6CBB01C78E1}D:\electronic arts\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\electronic arts\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [TCP Query User{D8DB8DC5-29F4-47E4-A553-0169168EC5BB}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe] => (Allow) C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe
FirewallRules: [UDP Query User{6D33496D-6E09-4C3C-9871-A56D658DB69D}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe] => (Allow) C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe
FirewallRules: [TCP Query User{A0595C67-84A3-4936-8910-6CF3E9C24F49}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{51F7F62E-17B9-4B3F-94D7-B1EA1FD40679}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{595D29AF-32CB-4725-81E8-C5FD48F297B5}D:\electronic arts\simcity 3000\apps\updater\updater.exe] => (Allow) D:\electronic arts\simcity 3000\apps\updater\updater.exe
FirewallRules: [UDP Query User{31A1D5FB-1C0E-4205-AF1C-11D7684E1E00}D:\electronic arts\simcity 3000\apps\updater\updater.exe] => (Allow) D:\electronic arts\simcity 3000\apps\updater\updater.exe

==================== Restore Points =========================

12-11-2018 03:53:35 Revo Uninstaller Pro's restore point - 360 Total Security
12-11-2018 05:05:24 Revo Uninstaller Pro's restore point - Avast Free Antivirus
12-11-2018 05:07:17 Revo Uninstaller Pro's restore point - SimCity 2000 Special Edition
12-11-2018 05:08:03 Revo Uninstaller Pro's restore point - Web Companion
12-11-2018 05:09:15 Revo Uninstaller Pro's restore point - Odamex 0.7.0
12-11-2018 05:10:56 Revo Uninstaller Pro's restore point - Origin
12-11-2018 05:11:56 Revo Uninstaller Pro's restore point - µTorrent
12-11-2018 05:13:32 Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 4.0.1
12-11-2018 05:14:16 Revo Uninstaller Pro's restore point - Money
12-11-2018 05:15:09 Revo Uninstaller Pro's restore point - Music Maker Jam
12-11-2018 05:17:05 Revo Uninstaller Pro's restore point - Sport
12-11-2018 05:17:55 Revo Uninstaller Pro's restore point - Travel
12-11-2018 05:18:55 Revo Uninstaller Pro's restore point - - Games App -

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2018 05:18:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:15:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:14:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:13:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:11:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:10:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/12/2018 08:12:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/12/2018 08:12:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 07:47:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 07:47:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/12/2018 07:46:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/12/2018 07:46:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/12/2018 07:46:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2018 07:46:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-11-12 04:47:34.120
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:54.325
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:38.531
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:42:24.633
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin.../Dynamer!rfn&threatid=2147721515&enterprise=0
Name: Trojan:Win32/Dynamer!rfn
ID: 2147721515
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\AppData\Roaming\WinSys\xcoresys.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:41:35.418
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...Bunitu.Q!bit&threatid=2147719161&enterprise=0
Name: TrojanProxy:Win32/Bunitu.Q!bit
ID: 2147719161
Severity: Severe
Category: Trojan Proxy Server
Path: file:_C:\Users\tom_000\AppData\Local\Temp\xdata7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 03:56:49.868
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-12 03:56:49.821
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-01-04 21:52:51.517
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8109.51 MB
Available physical RAM: 4993.49 MB
Total Virtual: 9389.51 MB
Available Virtual: 5447.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:103.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:227.95 GB) NTFS
Drive e: (Data1) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive f: (Data2) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS

\\?\Volume{5fad5eed-a8b5-43f7-ae97-6bd3da8314fc}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS
\\?\Volume{532860a5-8711-4ef4-a61d-bcd5d326fb54}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{c326800a-a155-427f-ae31-51bf334bfb80}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A4C07785)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 029DB826)

Partition: GPT.

==================== End of Addition.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#6
I'm assuming you are referring to ByteFence.

ByteFence is not a reliable nor trustworthy AV.

I'm going to go through your logs and create a fix for you. In the meantime, go ahead and run the following for me please :)

Download Security Check to your desktop.
Right click it and choose Run as Administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#7
I see that you have a P2P (Peer-to-Peer) file sharing program installed. I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

I also see that you have cracked software. Know that most malware comes from cracked software, keygens, etc.
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#8
I'm assuming you are referring to ByteFence.

ByteFence is not a reliable nor trustworthy AV.
I wasn't aware that ByteFence was even installed. I was actually referring to Total AV... which seems to have completely disappeared from my pc now :unsure:

I see that you have a P2P (Peer-to-Peer) file sharing program installed
If you mean uTorrent, I had recently uninstalled that as I was concerned that it may have been the source of some of the Malware. However I just did a search and realised that the .exe is still in my downloads folder. I've deleted that now.

I also see that you have cracked software. Know that most malware comes from cracked software, keygens, etc.
I don't think I've ever downloaded a crack that didn't contain something suspicious. I may have been a bit naive, hoping that antivirus software would eventually remove anything like that.

And here are the results of Security Check:
SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 13.11.2018 14:41:26
Path starting: C:\Users\tom_000\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: tom_000
VersionXML: 5.66is-13.11.2018
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Core Lang: English(0809)
Installation date OS: 03.12.2017 12:49:04
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeStandardVL_KMS_Client edition Initial grace period ends :41093 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Winsyntax\ASWS.exe
SystemDrive: C: FS: [NTFS] Capacity: [185.9 Gb] Used: [82 Gb] Free: [103.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.19155
User Account Control enabled (Level 3)
Automatically download and schedule installation
Date install updates: 2018-10-09 21:02:13
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4420.1017
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 3.6.1.2711 v.3.6.1.2711
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 (x64) v.16.04 Warning! Download Update
Uninstall old version and install new one.
NVIDIA GeForce Experience 3.13.1.30 v.3.13.1.30 Warning! Download Update
FileZilla Client 3.35.1 v.3.35.1 Warning! Download Update
Steam v.2.10.91.91
VLC media player v.2.2.4 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.1.0.4880 Warning! Download Update
Adobe Flash Player 31 NPAPI v.31.0.0.122 Warning! Download Update
Adobe Shockwave Player 12.2 v.12.2.5.195 Warning! Download Update
Adobe Acrobat Reader DC v.19.008.20080
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 63.0.1 (x64 en-GB) v.63.0.1
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 45.8.0 (x86 en-GB) v.45.8.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.63.0.1.6877
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.1.0.1644
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.704
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#9
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#10
All done. Here it is:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by tom_000 (15-11-2018 15:24:42) Run:1
Running from C:\Users\tom_000\Downloads
Loaded Profiles: tom_000 (Available Profiles: tom_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {11d852ed-d472-11e8-bed0-240a64748f00} - "H:\windows\AutoRun.exe"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {5c2c7a09-d824-11e7-824e-806e6f6e6963} - "G:\Launcher\LAUNCHER.EXE"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {f271adf9-3388-11e8-beab-240a64748f00} - "K:\windows\AutoRun.exe"
Handler: mso-minsb-roaming.16 - No CLSID Value
Handler: mso-minsb.16 - No CLSID Value
Handler: osf-roaming.16 - No CLSID Value
Handler: osf.16 - No CLSID Value
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tom_000\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
Task: {3FDC8BFB-EA67-42AB-BEEB-B6DD4030EA09} - \[email protected] -> No File <==== ATTENTION
Task: {D69001D5-F4BC-4E7E-A5D8-FAEADC2ABA82} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
FirewallRules: [TCP Query User{60F64D5A-EB76-4DF8-A514-A17C73F1CE0B}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [UDP Query User{0283EB00-B366-40FF-821C-2BE152DA2F19}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe] => (Allow) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{B75302DE-B8A9-418D-81E8-14729EFDB5E7}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
FirewallRules: [{454DD365-1FCB-4F64-A765-F10E017C0A4B}] => (Block) C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11d852ed-d472-11e8-bed0-240a64748f00} => removed successfully
HKLM\Software\Classes\CLSID\{11d852ed-d472-11e8-bed0-240a64748f00} => not found
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c2c7a09-d824-11e7-824e-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{5c2c7a09-d824-11e7-824e-806e6f6e6963} => not found
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f271adf9-3388-11e8-beab-240a64748f00} => removed successfully
HKLM\Software\Classes\CLSID\{f271adf9-3388-11e8-beab-240a64748f00} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\osf.16 => removed successfully
HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => removed successfully
HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => removed successfully
HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FDC8BFB-EA67-42AB-BEEB-B6DD4030EA09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FDC8BFB-EA67-42AB-BEEB-B6DD4030EA09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\[email protected]" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D69001D5-F4BC-4E7E-A5D8-FAEADC2ABA82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D69001D5-F4BC-4E7E-A5D8-FAEADC2ABA82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{60F64D5A-EB76-4DF8-A514-A17C73F1CE0B}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0283EB00-B366-40FF-821C-2BE152DA2F19}C:\users\tom_000\desktop\ygopro links - rb\ygopro_vs.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B75302DE-B8A9-418D-81E8-14729EFDB5E7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{454DD365-1FCB-4F64-A765-F10E017C0A4B}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4099405795-894134324-1714426187-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting Subinterface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3d95:bf8f:99f5:c23b%2
Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3d95:bf8f:99f5:c23b%2
IPv4 Address. . . . . . . . . . . : 192.168.0.27
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18146590 B
Java, Flash, Steam htmlcache => 26866850 B
Windows/system/drivers => 17675911 B
Edge => 0 B
Chrome => 0 B
Firefox => 1129190043 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 280854 B
systemprofile32 => 2149226 B
LocalService => 42144 B
NetworkService => 4175854 B
UpdatusUser => 0 B
tom_000 => 1698026357 B

RecycleBin => 3914712616 B
EmptyTemp: => 6.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:26:53 ====
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#11
I have also tried to reinstall TotalAV and noticed that MalwareBytes quarantines it. I was led to believe this was a safe program...?
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,324
1,673
Sydney, Australia
pchelpforum.net
#12
Hope you don't mind me butting in here but please read THIS

After you have read the above you should remove TotalAV ASAP, and please DO NOT install or change any software on your PC unless your helper requests you to.
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#13
Hope you don't mind me butting in here but please read THIS

After you have read the above you should remove TotalAV ASAP, and please DO NOT install or change any software on your PC unless your helper requests you to.
Thanks for sharing that with me. I was surprised since I'd read some good things about it from independent review sites. Luckily I haven't reinstalled it. I just wish I hadn't actually paid for d*** thing now >_> Oh well... we live and learn.

Do you have any recommendations for a legit antivirus?
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#15
Emsisoft Anti-Malware and Malwarebytes. You won't need more than that
Thanks for the info. I'll consider this.

And here are the updated logs that you requested:

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by tom_000 (administrator) on TOMPC (16-11-2018 20:19:21)
Running from C:\Users\tom_000\Downloads
Loaded Profiles: tom_000 (Available Profiles: tom_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\TurboVPN\turbovpn.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350232 2016-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [turbovpn] => C:\Program Files (x86)\360\TurboVPN\turbovpn.exe [2039720 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] (Qualcomm®Atheros®)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-10] (Valve Corporation)
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\RunOnce: [Uninstall 18.172.0826.0010\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tom_000\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\amd64"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\RunOnce: [Uninstall 18.172.0826.0010] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tom_000\AppData\Local\Microsoft\OneDrive\18.172.0826.0010"
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\MountPoints2: {11d852ed-d472-11e8-bed0-240a64748f00} - "H:\windows\AutoRun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D816D837-DE4A-40D8-9CA2-F47587DBBC66}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{F94E9B2C-F669-4329-A390-092A546AB1BF}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4099405795-894134324-1714426187-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-06-13] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: d8wqy9fc.default
FF ProfilePath: C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default [2018-11-16]
FF Homepage: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\d8wqy9fc.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102918-N0450A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF Extension: (ADB Helper) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\[email protected] [2018-08-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-15]
FF Extension: (Firefox Monitor) - C:\Users\tom_000\AppData\Roaming\Mozilla\Firefox\Profiles\d8wqy9fc.default\features\{6799460e-a911-480d-89f7-7442b1c926e4}\[email protected] [2018-11-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-11-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-19] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [523152 2018-03-14] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TurboVpnSvc; C:\Program Files (x86)\360\TurboVPN\vpn\VpnProc.exe [384424 2017-04-06] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4307192 2016-02-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-06-30] (ASUS Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-02-13] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2018-05-30] (LogMeIn Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-16] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31632 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59272 2018-03-14] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
R3 pwftap; C:\WINDOWS\system32\DRIVERS\pwftap.sys [36736 2016-10-14] (The OpenVPN Project)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [10848 2000-08-30] () [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2018-04-27] (BigNox Corporation)
S1 aswArPot; \??\C:\WINDOWS\system32\drivers\aswArPot.sys [X]
S1 aswbidsdriver; \??\C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [X]
S0 aswbidsh; system32\drivers\aswbidsha.sys [X]
S0 aswblog; system32\drivers\aswbloga.sys [X]
S0 aswbuniv; system32\drivers\aswbuniva.sys [X]
S1 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
S3 aswHwid; \??\C:\WINDOWS\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; system32\drivers\aswRvrt.sys [X]
S1 aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys [X]
S1 aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys [X]
S2 aswStm; \??\C:\WINDOWS\system32\drivers\aswStm.sys [X]
S3 aswVmm; \??\C:\Users\tom_000\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S1 otjynlav; \??\C:\WINDOWS\system32\drivers\otjynlav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-21 07:11 - 2023-10-21 07:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-10-17 19:15 - 2023-10-17 10:39 - 000000000 ____D C:\eSupport
2023-10-17 19:14 - 2013-08-15 10:54 - 000000044 _____ C:\WINDOWS\AsToolCDVer.txt
2023-10-17 11:00 - 2016-10-24 15:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-10-17 10:45 - 2023-10-17 10:45 - 000040798 _____ C:\WINDOWS\AsChkDev.txt
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 ____D C:\ProgramData\USBChargerPlus
2023-10-17 10:45 - 2023-10-17 10:45 - 000000000 _____ C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTEK_G750JW_G750JX_G750JXA_V70_WIN8.MRK
2023-10-17 10:39 - 2023-10-17 10:39 - 000003266 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2023-10-17 10:39 - 2023-10-17 10:39 - 000003054 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2023-10-17 10:39 - 2023-10-17 10:39 - 000003026 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2023-10-17 10:39 - 2023-10-17 10:39 - 000003002 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2023-10-17 10:39 - 2023-10-17 10:39 - 000002986 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2023-10-17 10:39 - 2023-10-17 10:39 - 000002954 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files\ASUS
2023-10-17 10:39 - 2023-10-17 10:39 - 000000000 ____D C:\Program Files (x86)\ASUS Gaming Mouse
2023-10-17 10:39 - 2018-01-02 20:22 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2023-10-17 10:39 - 2018-01-02 20:22 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2023-10-17 10:39 - 2016-11-04 03:21 - 000000000 ____D C:\ProgramData\P4G
2023-10-17 10:39 - 2013-01-10 13:20 - 000022016 _____ C:\WINDOWS\SysWOW64\ASUS.scr
2023-10-17 10:39 - 2012-07-09 17:17 - 000000433 _____ C:\WINDOWS\gx850nbuninst.iss
2023-10-17 10:36 - 2016-10-24 15:14 - 000000000 ____D C:\ProgramData\Atheros
2023-10-17 10:34 - 2013-03-27 07:37 - 000000911 _____ C:\WINDOWS\SysWOW64\ProductName.ini
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\WINDOWS\SysWOW64\UMonit64.exe
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\SysWOW64\IconCfg0.ini
2023-10-17 10:34 - 2012-12-04 08:10 - 000000213 _____ C:\WINDOWS\system32\IconCfg0.ini
2023-10-17 10:34 - 2012-11-29 03:26 - 005623808 _____ (Genesys) C:\WINDOWS\system32\GeneIcon.dll
2023-10-17 10:34 - 2012-03-26 15:50 - 000172097 _____ C:\WINDOWS\SysWOW64\NoMSGuninstall.exe
2023-10-17 10:34 - 2011-05-30 02:13 - 000001519 _____ C:\WINDOWS\SysWOW64\_IconCfg0.ini
2023-10-17 10:32 - 2017-07-26 07:58 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2023-10-17 10:32 - 2013-06-13 11:26 - 000347336 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_a2dp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000179432 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_hcrp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000136784 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_rcp.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000115912 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_avdt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000089800 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_flt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000077464 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_lwflt.sys
2023-10-17 10:32 - 2013-06-13 11:26 - 000034384 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_bus.sys
2023-10-17 10:31 - 2017-12-03 12:55 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2023-10-17 10:29 - 2023-10-17 10:29 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-10-17 10:29 - 2018-01-16 16:29 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-10-17 10:29 - 2017-07-21 16:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2023-10-17 10:29 - 2013-08-20 12:17 - 002585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2023-10-17 10:29 - 2013-08-14 08:36 - 000662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 001084160 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2023-10-17 10:29 - 2013-08-14 08:35 - 000663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2023-10-17 10:29 - 2013-08-05 10:11 - 002743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2023-10-17 10:29 - 2013-07-28 02:48 - 027518208 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2023-10-17 10:29 - 2013-07-24 02:07 - 002032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2023-10-17 10:29 - 2013-07-23 07:40 - 002103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 014048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 001916672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2023-10-17 10:29 - 2013-07-23 07:39 - 000922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2023-10-17 10:29 - 2013-06-05 13:42 - 000208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000501192 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000487368 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2023-10-17 10:29 - 2012-10-02 06:41 - 000415688 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2023-10-17 10:29 - 2012-03-08 03:47 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2023-10-17 10:29 - 2011-08-23 09:00 - 000603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2023-10-17 10:29 - 2010-09-27 01:34 - 000318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\ProgramData\Intel
2023-10-17 10:28 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files\Intel
2023-10-17 10:28 - 2017-12-03 12:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2023-10-17 10:28 - 2013-06-23 19:05 - 000064624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\HECIx64.sys
2023-10-17 10:28 - 2013-06-23 19:05 - 000016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2023-10-17 10:21 - 2023-10-17 10:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-10-17 10:21 - 2023-10-17 10:28 - 000000000 ____D C:\Program Files (x86)\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ___HD C:\Intel
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\WINDOWS\Options
2023-10-17 10:21 - 2023-10-17 10:21 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2023-10-17 10:21 - 2013-06-27 18:43 - 000084997 _____ C:\WINDOWS\system32\athw8x.cat
2023-10-17 10:21 - 2013-06-27 18:43 - 000080211 _____ C:\WINDOWS\system32\athwbx.cat
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2023-10-17 10:21 - 2013-06-21 02:50 - 003873792 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2023-10-17 10:21 - 2013-06-06 02:23 - 003794432 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2023-10-17 10:21 - 2013-01-28 04:36 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2023-10-17 10:20 - 2023-10-17 10:21 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
2018-11-16 13:31 - 2018-11-16 13:31 - 000002343 _____ C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-11-15 15:50 - 2018-11-15 15:50 - 000000000 ____D C:\Users\tom_000\Documents\Custom Office Templates
2018-11-15 15:33 - 2018-11-16 16:31 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-15 15:33 - 2018-11-15 15:33 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-15 15:33 - 2018-11-15 15:33 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-15 15:32 - 2018-11-15 15:32 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-15 15:24 - 2018-11-16 20:19 - 000000000 ____D C:\Users\tom_000\Downloads\FRST-OlderVersion
2018-11-15 15:24 - 2018-11-15 15:26 - 000012086 _____ C:\Users\tom_000\Downloads\Fixlog.txt
2018-11-14 23:20 - 2018-11-14 23:20 - 000000000 ____D C:\Users\tom_000\AppData\Local\Origin
2018-11-14 16:58 - 2018-10-18 02:48 - 025737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 16:57 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2018-11-14 16:57 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2018-11-14 16:57 - 2018-10-25 00:46 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 16:57 - 2018-10-25 00:45 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 16:57 - 2018-10-18 02:17 - 020281344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 16:57 - 2018-10-16 03:46 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 16:57 - 2018-10-16 03:39 - 002171800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 16:57 - 2018-10-16 03:39 - 001662504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 16:57 - 2018-10-16 03:39 - 001063368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 16:57 - 2018-10-16 03:18 - 001137472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 16:57 - 2018-10-16 03:02 - 001563584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 16:57 - 2018-10-16 03:02 - 001214920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 16:57 - 2018-10-12 20:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 16:57 - 2018-10-12 20:26 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 16:57 - 2018-10-12 20:25 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-11-14 16:57 - 2018-10-12 20:22 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-11-14 16:57 - 2018-10-12 20:17 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-11-14 16:57 - 2018-10-12 20:16 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-11-14 16:57 - 2018-10-12 20:16 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-11-14 16:57 - 2018-10-12 20:03 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 16:57 - 2018-10-12 20:00 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-11-14 16:57 - 2018-10-12 19:59 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 16:57 - 2018-10-12 19:57 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-11-14 16:57 - 2018-10-12 19:56 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-11-14 16:57 - 2018-10-12 19:51 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 16:57 - 2018-10-12 19:47 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-11-14 16:57 - 2018-10-12 19:42 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-11-14 16:57 - 2018-10-12 19:38 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 16:57 - 2018-10-12 19:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-11-14 16:57 - 2018-10-12 02:16 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2018-11-14 16:57 - 2018-10-12 02:12 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-11-14 16:57 - 2018-10-12 02:10 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 16:57 - 2018-10-12 02:10 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-11-14 16:57 - 2018-10-12 02:01 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-11-14 16:57 - 2018-10-12 01:59 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 16:57 - 2018-10-12 01:59 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-11-14 16:57 - 2018-10-12 01:58 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-11-14 16:57 - 2018-10-12 01:58 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-11-14 16:57 - 2018-10-12 01:35 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-11-14 16:57 - 2018-10-12 01:30 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-11-14 16:57 - 2018-10-12 01:27 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-11-14 16:57 - 2018-10-12 01:27 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-11-14 16:57 - 2018-10-12 01:25 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 16:57 - 2018-10-12 01:19 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-11-14 16:57 - 2018-10-12 01:17 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 16:57 - 2018-10-12 01:12 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-11-14 16:57 - 2018-10-12 01:06 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 16:57 - 2018-10-12 00:55 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-11-14 16:57 - 2018-10-06 18:14 - 001547192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 16:57 - 2018-10-06 18:14 - 000388536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 16:57 - 2018-10-06 18:04 - 001308976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 16:57 - 2018-10-06 18:03 - 000356288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 16:57 - 2018-10-06 16:48 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-11-14 16:57 - 2018-10-06 15:41 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-11-14 16:57 - 2018-10-06 15:34 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-11-14 16:57 - 2018-10-06 15:32 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 16:57 - 2018-09-28 13:38 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 16:57 - 2018-09-28 13:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 16:57 - 2018-09-23 16:47 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 16:57 - 2018-09-23 16:45 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-14 16:57 - 2018-09-23 16:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2018-11-14 16:57 - 2018-09-23 16:37 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 16:57 - 2018-09-23 16:24 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 16:57 - 2018-09-23 16:23 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-11-14 16:57 - 2018-09-23 16:23 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 16:57 - 2018-09-23 16:20 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 16:57 - 2018-09-23 16:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 16:57 - 2018-09-23 16:00 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-11-14 16:57 - 2018-09-23 16:00 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 16:57 - 2018-09-23 15:58 - 000904192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 16:57 - 2018-09-23 15:56 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 16:57 - 2018-09-23 15:53 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-11-14 16:57 - 2018-09-23 15:51 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 16:57 - 2018-09-23 15:50 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 16:57 - 2018-09-12 18:30 - 000137008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-11-14 16:57 - 2018-09-11 15:30 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 16:57 - 2018-08-26 03:38 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 16:57 - 2018-08-26 03:38 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-11-14 16:57 - 2018-08-26 03:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 16:57 - 2018-08-26 03:21 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-11-14 16:57 - 2018-08-26 01:45 - 000513448 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 16:57 - 2018-08-26 01:45 - 000513448 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 16:57 - 2018-08-21 13:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 16:57 - 2018-08-21 13:35 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 16:57 - 2018-08-19 16:22 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-11-14 16:57 - 2018-08-19 15:52 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 16:57 - 2018-08-19 15:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-11-13 23:57 - 2018-11-13 23:57 - 000000000 ____D C:\Users\tom_000\Downloads\spec
2018-11-13 14:40 - 2018-11-13 14:41 - 000000000 ____D C:\SecurityCheck
2018-11-13 14:39 - 2018-11-13 14:39 - 000524066 _____ (glax24 (safezone.cc)) C:\Users\tom_000\Downloads\SecurityCheck.exe
2018-11-12 21:34 - 2018-11-12 21:34 - 000053761 _____ C:\Users\tom_000\Downloads\Addition.txt
2018-11-12 07:54 - 2018-11-12 07:54 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-12 07:54 - 2018-11-12 07:54 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Users\tom_000\AppData\Local\mbamtray
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Users\tom_000\AppData\Local\mbam
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-12 07:54 - 2018-11-12 07:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-12 07:54 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-12 07:44 - 2018-11-12 07:46 - 000000000 ____D C:\AdwCleaner
2018-11-12 07:43 - 2018-11-12 07:43 - 007592144 _____ (Malwarebytes) C:\Users\tom_000\Desktop\adwcleaner_7.2.4.0.exe
2018-11-12 07:04 - 2018-11-12 07:04 - 005200384 _____ (AVAST Software) C:\Users\tom_000\Desktop\aswmbr.exe
2018-11-12 07:03 - 2018-11-16 20:19 - 000018808 _____ C:\Users\tom_000\Downloads\FRST.txt
2018-11-12 07:03 - 2018-11-16 20:19 - 000000000 ____D C:\FRST
2018-11-12 06:58 - 2018-11-16 20:19 - 002416128 _____ (Farbar) C:\Users\tom_000\Downloads\FRST64.exe
2018-11-12 05:05 - 2018-11-12 05:05 - 000000000 ____D C:\Users\tom_000\ansel
2018-11-12 04:44 - 2018-11-12 04:44 - 000180329 _____ C:\Users\tom_000\Downloads\Chips-Challenge_DOS_EN.zip
2018-11-12 04:41 - 2018-11-12 04:41 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-11-12 04:05 - 2018-11-12 04:05 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-11-12 03:54 - 2018-11-12 03:54 - 000000000 ____D C:\ProgramData\360TSBackup
2018-11-12 03:41 - 2018-11-12 03:41 - 000002853 _____ C:\Users\tom_000\Desktop\Word.lnk
2018-11-12 03:41 - 2018-11-12 03:41 - 000002805 _____ C:\Users\tom_000\Desktop\Excel.lnk
2018-11-12 03:40 - 2018-11-12 03:40 - 000002823 _____ C:\Users\tom_000\Desktop\PowerPoint.lnk
2018-11-12 03:33 - 2018-11-12 03:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-11-12 03:32 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-11-12 03:31 - 2018-11-12 03:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-12 03:31 - 2018-11-12 03:31 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-12 03:29 - 2018-11-12 03:29 - 000000000 __RHD C:\MSOCache
2018-11-12 02:45 - 2018-11-15 15:26 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Temp
2018-11-08 05:02 - 2018-11-12 01:50 - 000000657 _____ C:\Users\Public\Desktop\Morrowind.lnk
2018-11-08 02:05 - 2018-11-08 02:05 - 000001240 _____ C:\Users\tom_000\Desktop\Sim City 3000.lnk
2018-11-08 01:53 - 2018-11-08 01:57 - 000000000 ____D C:\Users\tom_000\Downloads\The.Elder.Scrolls.III.Morrowind.GOTY.Edition-GOG
2018-11-08 01:11 - 2018-11-08 01:11 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-11-08 01:10 - 2018-11-08 01:10 - 000000000 ____D C:\Users\tom_000\AppData\Local\Package Cache
2018-11-06 03:56 - 2018-11-12 04:59 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\WinSys
2018-11-06 02:06 - 2018-11-06 02:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-06 02:05 - 2018-11-06 02:05 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-11-06 02:05 - 2018-11-06 02:04 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-06 00:20 - 2018-11-06 00:20 - 000003170 _____ C:\WINDOWS\System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2}
2018-11-05 22:16 - 2018-11-05 22:16 - 000000598 _____ C:\WINDOWS\eReg.dat
2018-10-29 14:33 - 2018-10-29 14:33 - 000000000 ____D C:\Users\tom_000\AppData\Local\Circus_of_Doom
2018-10-20 14:08 - 2018-10-20 14:08 - 000062616 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2018-10-20 14:06 - 2018-10-20 14:06 - 000902808 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2018-10-20 14:06 - 2018-10-20 14:06 - 000902296 _____ (Python Software Foundation) C:\WINDOWS\py.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-17 19:16 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\ASUS
2023-10-17 11:23 - 2012-08-02 13:33 - 000000000 ____D C:\WINDOWS\Log
2018-11-16 18:00 - 2016-11-21 14:00 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Mozilla
2018-11-16 14:14 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\rescache
2018-11-16 14:07 - 2017-12-03 12:52 - 000000000 ____D C:\Users\tom_000\OneDrive
2018-11-16 14:06 - 2016-10-24 16:39 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4099405795-894134324-1714426187-1002
2018-11-16 13:31 - 2018-01-31 12:56 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4099405795-894134324-1714426187-1002
2018-11-16 13:29 - 2017-12-03 12:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-16 01:20 - 2016-10-25 23:17 - 000000000 ____D C:\Users\tom_000\AppData\Local\CrashDumps
2018-11-15 22:13 - 2012-07-26 08:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-15 21:36 - 2014-11-22 01:01 - 000863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 21:36 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-15 15:36 - 2016-10-24 15:13 - 000000074 _____ C:\Users\tom_000\AppData\Roaming\sp_data.sys
2018-11-15 15:35 - 2018-01-22 13:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-15 15:34 - 2018-01-13 15:33 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-11-15 15:32 - 2018-05-04 13:25 - 005107400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-15 15:32 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-15 15:30 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-11-15 03:24 - 2017-12-02 17:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-15 03:22 - 2017-12-02 17:21 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-14 17:05 - 2012-07-26 07:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 04:54 - 2017-12-11 00:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\GameMakerStudio2
2018-11-13 23:09 - 2017-12-11 00:01 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2018-11-12 08:12 - 2017-12-30 18:46 - 000000000 ____D C:\Program Files (x86)\AVSVideoEditor
2018-11-12 08:12 - 2016-10-24 15:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-12 07:46 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000
2018-11-12 05:19 - 2016-10-24 15:12 - 000000000 ____D C:\Users\tom_000\AppData\Local\Packages
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-12 05:19 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 04:38 - 2017-12-03 12:28 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe
2018-11-12 03:33 - 2014-11-22 00:45 - 000000000 ____D C:\WINDOWS\ShellNew
2018-11-12 03:33 - 2013-08-22 15:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 03:32 - 2012-07-26 05:26 - 000000199 _____ C:\WINDOWS\win.ini
2018-11-12 03:31 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-12 02:48 - 2016-10-25 22:43 - 000000000 __SHD C:\$360Section
2018-11-12 02:48 - 2016-10-24 17:12 - 000000000 ____D C:\ProgramData\360Quarant
2018-11-12 02:45 - 2018-07-14 20:38 - 004843838 _____ C:\Users\tom_000\Downloads\KMSPico 10.2.1.zip
2018-11-12 01:30 - 2016-10-25 22:30 - 000000000 ____D C:\Users\tom_000\Documents\THE DUMP
2018-11-08 01:57 - 2016-10-24 22:55 - 000000000 ____D C:\Users\tom_000\AppData\Roaming\vlc
2018-11-08 01:56 - 2018-05-13 22:43 - 000000000 ____D C:\Users\tom_000\Downloads\15-Free-Ambient-Sound-Effects
2018-11-08 01:10 - 2016-11-26 23:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-07 03:29 - 2018-07-16 13:13 - 000000000 ____D C:\Users\tom_000\Documents\Bluetooth Folder
2018-11-05 21:34 - 2018-09-28 21:51 - 000004460 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-05 21:34 - 2018-09-28 21:51 - 000004326 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-05 21:34 - 2016-10-24 16:01 - 000000000 ____D C:\Users\tom_000\AppData\Local\Adobe
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-05 21:34 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-05 21:21 - 2016-11-26 23:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-05 21:21 - 2016-10-24 15:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-05 21:20 - 2016-10-24 16:11 - 000004478 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-02 20:48 - 2017-12-03 16:45 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-02 20:48 - 2017-12-03 16:45 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-01 23:39 - 2016-10-26 15:14 - 000000000 ____D C:\Users\tom_000\AppData\LocalLow\Adobe
2018-11-01 22:37 - 2017-12-30 22:41 - 000000925 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-11-01 22:37 - 2016-10-24 20:01 - 000000000 ____D C:\Program Files\Revo Uninstaller Pro
2018-10-29 06:07 - 2016-10-24 17:11 - 000086248 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys

==================== Files in the root of some directories =======

2018-04-17 23:04 - 2018-04-18 23:13 - 000000560 _____ () C:\Users\tom_000\AppData\Roaming\odalaunch.ini
2016-10-24 15:13 - 2018-11-15 15:36 - 000000074 _____ () C:\Users\tom_000\AppData\Roaming\sp_data.sys
2017-12-21 00:36 - 2017-12-21 00:36 - 000000045 _____ () C:\Users\tom_000\AppData\Roaming\WB.CFG

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-15 16:44

==================== End of FRST.txt ============================
ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by tom_000 (16-11-2018 20:19:52)
Running from C:\Users\tom_000\Downloads
Windows 8.1 (Update) (X64) (2017-12-03 12:49:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4099405795-894134324-1714426187-500 - Administrator - Disabled)
Guest (S-1-5-21-4099405795-894134324-1714426187-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4099405795-894134324-1714426187-1004 - Limited - Enabled)
tom_000 (S-1-5-21-4099405795-894134324-1714426187-1002 - Administrator - Enabled) => C:\Users\tom_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 TurboVPN (HKLM-x32\...\TurboVpn) (Version: 1.1.0.1071 - 360 Security Center)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Autodesk DirectConnect 2016 64-bit (HKLM\...\{7A12802C-4864-423D-9732-3A22577CE006}) (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk Maya 2016 (HKLM\...\{3905B678-DC8D-4D5E-AA95-EA254D6C1239}) (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
AVS Video Editor 8.0.4 (HKLM-x32\...\AVS Video Editor_is1) (Version: 8.0.4.305 - Online Media Technologies Ltd.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Doom Builder 2.1 (HKLM-x32\...\Doom Builder 2_is1) (Version: - CodeImp)
ELAN Touchpad 11.5.21.6_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.21.6 - ELAN Microelectronic Corp.)
FileZilla Client 3.35.1 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\FileZilla Client) (Version: 3.35.1 - Tim Kosse)
GameMaker Studio 2 (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\GameMakerStudio2) (Version: - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
LEGO LOCO (HKLM-x32\...\LEGO LOCO) (Version: - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-GB)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-GB)) (Version: 45.8.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.3.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.7.1 (32-bit) (HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\{850389b4-a056-4ecc-9c8d-e3ef594fc929}) (Version: 3.7.1150.0 - Python Software Foundation)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.0.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.1 - VS Revo Group, Ltd.)
SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version: - )
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7.6 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.14.1 (HKLM-x32\...\DaggerfallSetup_is1) (Version: - Bethesda Softworks)
The Elder Scrolls III - Morrowind GotY (HKLM-x32\...\1435828767_is1) (Version: 2.0.0.7 - GOG.com)
The Sims 4 (HKLM-x32\...\{39320F2B-0F05-4593-ACBE-4356750BBEB2}) (Version: 1.0.797.20 - Electronic Arts)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.01B03 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4099405795-894134324-1714426187-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-06-13] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0023955C-FF93-4D98-B492-13DFACA86932} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {06515E22-96B6-4118-AAF3-4747E08DA898} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {1A5A14DB-9F7D-4098-91D9-35675C6C7D9A} - System32\Tasks\{F2537DE5-73D6-4E57-B3F8-5971014558C2} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\SimCity 3000\Apps\SC3U.exe" -d "D:\Electronic Arts\SimCity 3000\Apps"
Task: {2736F417-FF06-436C-B8CF-986ABF2A6BEC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {3CBF275E-804E-4830-9DF4-B2FFF6412AE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {442E1362-48DE-44D8-8F83-812E36C0888C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {57722C69-7E74-49A9-B883-51C764AFEE8D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {61645AAD-11D8-46AF-8DD9-3C51CBBAB3E1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {62D40998-10B1-4E51-9C16-064B55A1BD12} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {67584B25-EC45-4A33-A3E3-EF03FB5B612C} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {690A4EA0-FC72-4D7A-8E75-1C40F605DB6D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {75285037-005C-4639-A662-CE61B949E50C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {7D73304C-74C8-43C9-8B9B-A7ECF157F970} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8167DADC-F267-4BF6-87E6-B34F8BEF554B} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {91A833AE-BD50-4572-8A5E-06400587419C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {A4989271-722D-47A4-B2BB-8B6EFED319E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {ADD6C536-DA5F-49A1-90FE-6A5FA038C8A8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {B2352961-1460-461D-A9B5-EE3028F0D57D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C348DEDA-43CF-4C5E-A8D0-9B07C79D162B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C8A50F32-7F14-4F55-BDE9-9D689176886A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {D5D05400-2CFA-4B29-B645-6D90FFEF1C0B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-11-05] (Adobe Systems Incorporated)
Task: {E9DC1E94-90B3-4FCF-BA1B-06F294B57B9E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EDC530A9-B74E-4FF9-8715-54A5184B9120} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {EE535B9D-97EC-4D62-8D9F-B88A74801605} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-12] (AVAST Software)
Task: {EE7344A3-1C55-4CBD-A88C-970A85BB15E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:CIMV2\__TimerInstruction->Sleep:
WMI:CIMV2\__IntervalTimerInstruction->Sleep:

Shortcut: C:\Users\tom_000\Desktop\Minecraft\Skin Editor.lnk -> C:\Program Files (x86)\Minecraft\Extra\SkinEdit Alpha 3 pre 7\Launch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-04-16 13:15 - 2018-03-24 01:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2012-12-19 06:10 - 2012-12-19 06:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2018-04-16 12:45 - 2018-03-14 13:01 - 001268112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-12 07:54 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-12 07:54 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-03 12:23 - 2018-03-23 23:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-23 08:54 - 2013-07-23 08:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-07-23 11:42 - 2018-07-23 11:42 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 04:44 - 2010-07-15 04:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-06-13 11:44 - 2013-06-13 11:44 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-13 11:40 - 2013-06-13 11:40 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2023-10-17 10:34 - 2013-03-14 09:46 - 000040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-06-13 11:47 - 2013-06-13 11:47 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2023-10-17 10:39 - 2013-05-15 13:39 - 000463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2016-12-08 15:38 - 2017-04-06 03:27 - 000377448 _____ () C:\Program Files (x86)\360\TurboVPN\vpn\vpnmgr.dll
2018-04-16 12:45 - 2018-03-14 13:01 - 001041808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-04-29 13:17 - 2013-04-29 13:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-12-08 15:38 - 2017-04-06 03:27 - 000523392 _____ () C:\Program Files (x86)\360\TurboVPN\libphonenumber.dll
2018-01-22 13:44 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-22 13:44 - 2018-11-10 02:55 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-22 13:44 - 2016-09-01 01:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-22 13:44 - 2017-12-20 01:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-22 13:44 - 2018-11-10 02:55 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-22 13:44 - 2016-07-04 22:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-22 13:45 - 2018-10-30 18:06 - 000879904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 088009504 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 002264352 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-01-22 13:45 - 2018-09-23 00:00 - 000124704 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2023-10-17 10:28 - 2013-06-23 19:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4099405795-894134324-1714426187-1002\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2018-11-15 15:25 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4099405795-894134324-1714426187-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\tom_000\Desktop\black-red-dragon-desktop-wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2ECF0E8D-E9C8-4A63-B854-46E3C32276B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8B428F8-E2B4-4FD9-B60C-1C5379CE4CC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA0A21D7-AD58-403E-8D88-64FA17E11078}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F72E207-F8A3-459A-B9A7-CA7C1C5E34F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Restore Points =========================

15-11-2018 15:24:44 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2018 01:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Faulting module name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Exception code: 0xc0000005
Fault offset: 0x002aafac
Faulting process ID: 0x1f04
Faulting application start time: 0x01d47d46842c4215
Faulting application path: D:\Morrowind\Morrowind.exe
Faulting module path: D:\Morrowind\Morrowind.exe
Report ID: bd86fe21-e93d-11e8-bed8-240a64748f00
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2018 10:13:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Faulting module name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x72456542
Exception code: 0xc0000005
Fault offset: 0x002aafc9
Faulting process ID: 0x137c
Faulting application start time: 0x01d47d226cd30ba6
Faulting application path: D:\Morrowind\Morrowind.exe
Faulting module path: D:\Morrowind\Morrowind.exe
Report ID: bdcbb9ba-e923-11e8-bed8-240a64748f00
Faulting package full name:
Faulting package-relative application ID:

Error: (11/15/2018 03:24:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7ca34bb2-c47e-4c68-8c9d-30dc0b824e13}

Error: (11/12/2018 05:18:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:17:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:15:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/12/2018 05:14:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/15/2018 03:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/15/2018 03:35:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/15/2018 03:32:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswStm service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/15/2018 03:32:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (11/15/2018 03:27:49 PM) (Source: DCOM) (EventID: 10010) (User: TOMPC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/15/2018 03:25:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/15/2018 03:25:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2018 03:25:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2018-11-12 04:47:34.120
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:54.325
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe;file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:43:38.531
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...2/Azden.A!cl&threatid=2147718745&enterprise=0
Name: Trojan:Win32/Azden.A!cl
ID: 2147718745
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\Downloads\smplayer.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:42:24.633
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin.../Dynamer!rfn&threatid=2147721515&enterprise=0
Name: Trojan:Win32/Dynamer!rfn
ID: 2147721515
Severity: Severe
Category: Trojan
Path: file:_C:\Users\tom_000\AppData\Roaming\WinSys\xcoresys.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 04:41:35.418
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?lin...Bunitu.Q!bit&threatid=2147719161&enterprise=0
Name: TrojanProxy:Win32/Bunitu.Q!bit
ID: 2147719161
Severity: Severe
Category: Trojan Proxy Server
Path: file:_C:\Users\tom_000\AppData\Local\Temp\xdata7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\TotalAV\SecurityService.exe
Signature Version: AV: 1.279.1673.0, AS: 1.279.1673.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4

Date: 2018-11-12 03:56:49.868
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-12 03:56:49.821
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1585.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-01-04 21:52:51.517
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-04 09:52:53.689
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.259.1155.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14405.2
Error code: 0x80072ee2
Error description: The operation timed out

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8109.51 MB
Available physical RAM: 4660.11 MB
Total Virtual: 9389.51 MB
Available Virtual: 4966.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:116.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:227.95 GB) NTFS
Drive e: (Data1) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive f: (Data2) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS

\\?\Volume{5fad5eed-a8b5-43f7-ae97-6bd3da8314fc}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS
\\?\Volume{532860a5-8711-4ef4-a61d-bcd5d326fb54}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{c326800a-a155-427f-ae31-51bf334bfb80}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A4C07785)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 029DB826)

Partition: GPT.

==================== End of Addition.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#18
I am. You can gladly send us a donation through our Paypal link here :)

https://paypal.me/pchf

Now let's clean up our mess lol :p

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click "run as administrator"

Place a tick in the following checkboxes

  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore

Then select "Run"



Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post :)
 

FireflyX91

Malware Trainee (F)
PCHF Member
PCHF Donator
Nov 12, 2018
17
5
27
#19
And here are the results of Delfix:

# DelFix v1.013 - Logfile created 21/11/2018 at 01:22:33
# Updated 17/04/2016 by Xplode
# Username : tom_000 - TOMPC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\Users\tom_000\Downloads\FRST-OlderVersion
Deleted : C:\Users\tom_000\Desktop\adwcleaner_7.2.4.0.exe
Deleted : C:\Users\tom_000\Desktop\aswmbr.exe
Deleted : C:\Users\tom_000\Downloads\Addition.txt
Deleted : C:\Users\tom_000\Downloads\Fixlog.txt
Deleted : C:\Users\tom_000\Downloads\FRST.txt
Deleted : C:\Users\tom_000\Downloads\FRST64.exe
Deleted : C:\Users\tom_000\Downloads\SecurityCheck.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #143 [Restore Point Created by FRST | 11/15/2018 15:24:44]

New restore point created !

########## - EOF - ##########
Also you should receive a $10 donation from me as a thank you for the help you have provided :)
 
Likes: jmarket

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
1,949
476
PCHF Bunker
pchelpforum.net
#20
Much appreciated @FireflyX91 :) I'm glad we were able to assist you in this matter :)

Please don't hesitate to come back for any assistance you may need in the future. We will always be here :)

If you want I will go ahead and mark this as solved :)
 
Status
Not open for further replies.