Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Need help with my laptop!! Disk usage at 100%..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Need help with my laptop!! Disk usage at 100%..

Unread postby tedilos » February 18th, 2017, 1:16 pm

My laptop which is running windows 10 start to run slow down and when i check task manager, the disk usage is at 100 %. I go to internet and found some solutions like disable windows search and scan for malware using malwarebytes Anti-malware but it doesn't help. So now i need some advices from you guys.. Thanks in advance

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
Ran by vsoli (administrator) on SOLIDET (18-02-2017 21:52:53)
Running from C:\Users\vsoli\Downloads
Loaded Profiles: vsoli (Available Profiles: vsoli)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\KMS-R@1n.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-09-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-09-21] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-10] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3964984 2016-09-21] (Tonec Inc.)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-27] (Piriform Ltd)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2992248 2016-09-20] (i-Funbox.com)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\Run: [同步助手移动服务] => C:\Program Files\Tongbu\tbMobileService.exe [201944 2016-10-17] (同步网络平台)
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\MountPoints2: {0fea4194-899d-11e6-8ea9-206a8a38aa12} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\MountPoints2: {2a530a9e-8997-11e6-8ea9-206a8a38aa12} - "D:\HiSuiteDownLoader.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [183144 2017-01-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [161016 2017-01-17] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-12] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ebc18951-19aa-419d-ab12-7977e5effc82}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/vi-vn/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-21]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-16]
FF HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\vsoli\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\vsoli\AppData\Roaming\IDM\idmmzcc5 [2017-02-18] [not signed]
FF HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tongbu.com/tongbu,version=0.1 -> C:\Program Files\Tongbu\Addin\npTongbuAddin.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default [2017-02-18]
CHR Extension: (Google Docs) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-21]
CHR Extension: (Google Drive) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (YouTube) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-21]
CHR Extension: (Adobe Acrobat) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-12]
CHR Extension: (Avast SafePrice) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-25]
CHR Extension: (iCloud Bookmarks) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (AdBlock) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (Avast Online Security) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Khmer Online Dictionary) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmdfigacchohadlnhkcghnneodajcga [2016-09-21]
CHR Extension: (IDM Integration Module) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Gmail) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\vsoli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-09-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-09-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-09-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-17] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-10] (AVAST Software)
S2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [253952 2011-05-17] (Ryan Conrad) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-10-05] (Macrovision Europe Ltd.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] ()
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-09-21] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-23] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [456456 2017-02-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-12] (AVAST Software)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18816 2016-05-25] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-21] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 21:52 - 2017-02-18 21:54 - 00021669 _____ C:\Users\vsoli\Downloads\FRST.txt
2017-02-18 21:40 - 2017-02-18 21:40 - 00000000 ____D C:\Users\vsoli\Downloads\FRST-OlderVersion
2017-02-18 21:39 - 2017-02-18 21:52 - 00000000 ____D C:\FRST
2017-02-18 21:36 - 2017-02-18 21:36 - 00000000 ___HD C:\OneDriveTemp
2017-02-18 00:19 - 2017-02-18 00:19 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-17 23:40 - 2017-02-18 00:12 - 288769686 _____ C:\Users\vsoli\Downloads\iPhone_4.0_64bit_10.2.1_14D27_Restore.ipsw (1).crdownload
2017-02-17 23:35 - 2017-02-17 23:37 - 50252406 _____ C:\Users\vsoli\Downloads\iPhone_4.0_64bit_10.2.1_14D27_Restore.ipsw.crdownload
2017-02-17 23:26 - 2017-02-18 21:40 - 02422272 _____ (Farbar) C:\Users\vsoli\Downloads\FRST64.exe
2017-02-17 23:14 - 2017-02-17 23:14 - 00000000 ___HD C:\$AV_ASW
2017-02-13 00:43 - 2017-02-13 00:43 - 00000000 ____D C:\Windows\SysWOW64\NV
2017-02-13 00:43 - 2017-02-13 00:43 - 00000000 ____D C:\Windows\system32\NV
2017-02-13 00:43 - 2017-02-13 00:43 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-13 00:43 - 2016-09-10 01:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-13 00:43 - 2016-09-10 01:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-02-13 00:43 - 2016-09-10 01:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-13 00:43 - 2016-09-10 01:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-13 00:33 - 2017-02-13 00:34 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-12 20:12 - 2017-02-18 21:33 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-12 20:12 - 2017-02-10 07:52 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-12 20:12 - 2017-02-10 07:52 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-12 20:12 - 2017-02-10 07:52 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-12 20:12 - 2017-02-10 07:52 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-12 20:10 - 2017-02-12 20:10 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-27 23:34 - 2017-01-27 23:34 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-27 23:34 - 2017-01-27 23:34 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-20 22:17 - 2017-01-20 22:17 - 00000000 ____D C:\Users\vsoli\AppData\Roaming\Synaptics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 21:54 - 2016-09-21 22:16 - 00000000 ____D C:\Users\vsoli\AppData\Roaming\DMCache
2017-02-18 21:50 - 2015-10-30 14:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 21:50 - 2015-10-30 14:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 21:49 - 2016-10-09 11:03 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2017-02-18 21:48 - 2016-10-09 11:04 - 00000000 ____D C:\ProgramData\Intuit
2017-02-18 21:47 - 2016-09-21 21:31 - 00004006 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1474468251
2017-02-18 21:47 - 2016-09-21 21:31 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-18 21:44 - 2016-09-21 20:44 - 00000000 ____D C:\Users\vsoli\AppData\Local\Packages
2017-02-18 21:41 - 2016-10-08 16:46 - 00000000 ____D C:\Windows\Minidump
2017-02-18 21:41 - 2016-09-25 11:55 - 00000000 ____D C:\Users\vsoli\AppData\Local\CrashDumps
2017-02-18 21:41 - 2016-09-21 22:16 - 00000000 ____D C:\Users\vsoli\AppData\Roaming\IDM
2017-02-18 21:41 - 2016-09-21 21:52 - 00000000 ____D C:\Users\vsoli\AppData\Roaming\uTorrent
2017-02-18 21:41 - 2015-10-30 14:21 - 00000000 ____D C:\Windows\INF
2017-02-18 21:37 - 2016-09-21 23:35 - 00003022 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (vsoli)
2017-02-18 21:36 - 2016-10-08 17:11 - 00000000 ___RD C:\Users\vsoli\iCloudDrive
2017-02-18 21:36 - 2016-09-21 20:50 - 00000000 ___RD C:\Users\vsoli\OneDrive
2017-02-18 21:34 - 2016-09-23 01:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-18 21:34 - 2016-09-21 23:18 - 00000390 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2017-02-18 00:17 - 2016-09-22 10:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-18 00:17 - 2016-09-21 23:15 - 00000232 _____ C:\Windows\Tasks\AutoKMS.job
2017-02-18 00:16 - 2015-10-30 13:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-02-18 00:15 - 2016-09-21 22:16 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-02-17 23:08 - 2016-10-08 18:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-17 23:08 - 2016-09-22 00:04 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E02ED2B9-7DED-4AB7-B9C9-B8F4EDE9F365}
2017-02-17 23:02 - 2016-09-23 01:27 - 00000000 ____D C:\temp
2017-02-17 22:57 - 2016-09-21 20:41 - 00000000 ____D C:\Users\vsoli
2017-02-15 22:55 - 2016-09-23 01:43 - 00000000 ____D C:\Users\vsoli\AppData\Local\NVIDIA Corporation
2017-02-13 01:34 - 2016-11-21 18:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-13 00:41 - 2016-09-22 11:06 - 00000000 ____D C:\Windows\Panther
2017-02-13 00:40 - 2016-09-21 20:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-13 00:40 - 2016-09-21 20:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-12 20:47 - 2016-09-21 21:16 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-12 20:47 - 2016-09-21 21:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-12 20:13 - 2016-09-21 21:28 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-12 20:12 - 2016-09-21 21:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-12 20:10 - 2016-09-21 21:28 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-12 20:10 - 2016-09-21 21:28 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148690522209304
2017-02-12 20:10 - 2016-09-21 21:28 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-12 20:10 - 2016-09-21 21:28 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-12 20:10 - 2016-09-21 21:28 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-12 20:10 - 2016-09-21 21:28 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-12 20:10 - 2016-09-21 21:28 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-10 07:56 - 2016-09-21 21:28 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-10 07:56 - 2016-09-21 21:28 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-10 07:52 - 2016-09-21 21:28 - 00456456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-01-27 23:31 - 2016-12-19 19:29 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-27 23:15 - 2016-12-18 12:25 - 00003274 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 23:14 - 2016-09-21 20:50 - 00002367 _____ C:\Users\vsoli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 22:52 - 2016-10-24 17:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-09-21 23:56 - 2016-09-21 23:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-13 00:24

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by vsoli (18-02-2017 21:57:47)
Running from C:\Users\vsoli\Downloads
Windows 10 Pro Version 1511 (X64) (2016-09-21 13:34:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4033929175-4212605835-3706222368-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4033929175-4212605835-3706222368-503 - Limited - Disabled)
Guest (S-1-5-21-4033929175-4212605835-3706222368-501 - Limited - Disabled)
vsoli (S-1-5-21-4033929175-4212605835-3706222368-1001 - Administrator - Enabled) => C:\Users\vsoli

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
DeepSkyStacker (HKLM-x32\...\{18435829-4E75-4CD1-9796-A62DBBAE2ED7}) (Version: 3.2.0 - )
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.2 - IObit)
Droid Explorer 0.8.8.2 (x64) (HKLM\...\{09AD6FBB-2843-4644-B669-DEC30A75E8A3}) (Version: 0.8.8.2 - Ryan Conrad)
EditPlus 2 (HKLM-x32\...\EditPlus 2) (Version: - )
FonePaw Android Data Recovery 1.9.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.9.0 - FonePaw)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
iFunbox (v3.0.3939.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3939.1352 - iFunbox DevTeam)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Khmer Converter 1.5.1 (HKLM-x32\...\Khmer Converter_is1) (Version: - Khmer Software Initiative)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Tongbu Assistant 3.2.8.5 (HKLM-x32\...\Tongbu3) (Version: 3.2.8.5 - Xiamen Tongbu Network Ltd.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11242C5B-9429-454C-8A33-064C6E62C205} - System32\Tasks\Driver Booster SkipUAC (vsoli) => C:\Program Files (x86)\IObit\Driver Booster\4.0.2\DriverBooster.exe [2016-09-20] (IObit)
Task: {220A9A8D-4230-488B-AEC7-25F085D043FF} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {2F816C7B-B1F7-4E0D-9C6E-75CF01B3BC9F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {356890A2-4175-4208-82E1-7D19C6667C10} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {50956370-6820-4B18-8292-ECDF97B25B98} - System32\Tasks\SafeZone scheduled Autoupdate 1474468251 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {530932B2-68E2-4B39-9C65-D8B43F9FE63C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {59EEED16-7AB5-425F-8B49-39006CA1A13E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5A29A87F-1939-4BAD-A817-25B4D7953494} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
Task: {7020F283-9BBA-4FFD-B613-03CA699E6AB2} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.2\Scheduler.exe [2016-09-20] (IObit)
Task: {7032D7C0-42D7-49B2-86F6-4290FA450CF7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {70F6232B-09D5-4CEC-A310-DCC4D755C706} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {87155859-9D2E-43E7-A882-DC39D143AD17} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic
Task: {90324EE4-A3C3-4292-9DB9-DD8126E676DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {BE214B90-A80C-4381-A94F-57F355B1612E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {C9BB69E7-43EB-4BDD-8DF6-ADB5A2EE951D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {CDF0C50D-83E0-49D2-BEBE-7580D17EE908} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {E5271A74-FCC2-4B20-B8EE-D0BB8BCF8535} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-10] (AVAST Software)
Task: {FD003EC3-E937-4346-8A89-ECB397D18F99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-21 20:33 - 2016-09-21 20:33 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-22 22:03 - 2016-09-23 01:51 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-08-26 16:08 - 2016-08-26 16:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-10-08 17:33 - 2016-09-30 11:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 17:33 - 2016-09-30 11:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-08 17:35 - 2016-09-30 11:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-10-30 14:18 - 2015-10-30 14:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-23 01:27 - 2016-12-29 20:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-09 14:49 - 2016-10-25 16:42 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-11-09 14:49 - 2016-10-25 16:42 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-07-13 05:12 - 2016-07-13 05:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 05:22 - 2016-07-13 05:22 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 14:52 - 2016-10-25 11:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 14:51 - 2016-10-25 11:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 14:52 - 2016-10-25 11:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:51 - 2016-10-25 11:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-09-22 00:43 - 2016-09-22 00:43 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-03 13:23 - 2016-02-24 12:30 - 00594944 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext_x64.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00236856 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-09-21 22:17 - 2016-09-21 22:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-10-08 17:33 - 2016-09-30 00:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 17:33 - 2016-09-30 00:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 17:33 - 2016-09-30 00:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 17:33 - 2016-09-30 00:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 17:33 - 2016-09-30 00:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-08 17:33 - 2016-09-30 00:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 17:33 - 2016-09-30 00:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-10 07:57 - 2017-02-10 07:57 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-21 21:47 - 2016-09-21 21:47 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-10 07:52 - 2017-02-10 07:52 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-10 07:57 - 2017-02-10 07:57 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 14:24 - 2016-10-04 01:24 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4033929175-4212605835-3706222368-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A55BCB3A-CA30-4C20-89B0-B4244F1F29EA}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{07B4E0D1-8AB4-461A-B8C1-60CC853B14AE}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{34507E5C-509E-4641-8F23-CC0C32925A40}] => (Allow) C:\Users\vsoli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6485B30-9E01-4675-9F44-401B6B1B884B}] => (Allow) C:\Users\vsoli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DEAF7927-B896-4DC1-8B02-6F302AEEB81A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\DriverBooster.exe
FirewallRules: [{16055FEA-4FBD-4679-8D67-AA8A8ED1B2D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\DriverBooster.exe
FirewallRules: [{DD078760-0132-4E0C-87D7-483CF9A0FDE1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\DBDownloader.exe
FirewallRules: [{A23B1EE8-56ED-4A59-8E57-0050998C227C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\DBDownloader.exe
FirewallRules: [{A2592EBB-AC51-4A0D-B7F0-E54DC0C17AB9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\AutoUpdate.exe
FirewallRules: [{5297969C-3C8C-472E-8643-C66F4AAFFA0E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.2\AutoUpdate.exe
FirewallRules: [{5E7958DF-9EF4-49FA-81A0-CA9B432B03B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0429CFE1-4622-4661-90CD-27DC3672017E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD1B9D07-EF66-4C42-B685-58640ED5EEFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F6C5BEF-1F6B-404C-BC58-8EBB95EE0B53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D57A80D4-1B7F-4243-B399-76CEB948F58D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{57792DAC-53F4-430C-BA43-AB83DE58A670}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{56AF6577-3409-44F8-8AE9-75072BE57379}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{38B6F8D6-47BE-4ACE-9B05-490524849253}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9FFC4008-8D1C-44B7-98AC-21AF02AD520D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C6662471-11CE-44F0-9077-4DD47DBA6F68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7CF15805-7187-4406-9C05-CC88AE5F656E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D9E13293-04FE-4A13-94DE-1C1EDFEF14F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{51D11ABF-995B-4191-BB88-94C124D606CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC8906BA-6FBF-4ADE-BB16-A6DB39C9CF5F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{755C45C1-A206-4BE9-81C0-0F9B8BFA13FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6F2B3ECE-6391-46DE-87A1-5E9E3E97194B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2017 09:49:22 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: SOLIDET)
Description: Application or service 'Intuit QuickBooks FCS' could not be restarted.

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (02/18/2017 09:39:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16


System errors:
=============
Error: (02/18/2017 12:18:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBVSS service to connect.

Error: (02/18/2017 12:18:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

Error: (02/18/2017 12:18:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DroidExplorerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/18/2017 12:18:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DroidExplorerService service to connect.

Error: (02/18/2017 12:15:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_46ade service to connect.

Error: (02/18/2017 12:15:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_46ade service to connect.

Error: (02/18/2017 12:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_46ade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/18/2017 12:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_46ade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/18/2017 12:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_46ade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/18/2017 12:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_46ade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-02-18 21:51:20.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-18 21:49:40.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 12:03:03.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 05:08:12.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-28 10:00:43.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 23:18:06.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 23:08:47.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-11 22:47:26.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-26 07:11:54.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-25 21:49:48.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 3946.17 MB
Available physical RAM: 2105.58 MB
Total Virtual: 4650.17 MB
Available Virtual: 2746.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.37 GB) (Free:3.91 GB) NTFS
Drive e: () (Fixed) (Total:493.67 GB) (Free:43.75 GB) NTFS
Drive f: (Untitled) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: DC833E94)
Partition 1: (Active) - (Size=133 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=493.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
tedilos
Active Member
 
Posts: 1
Joined: September 19th, 2015, 11:31 am
Top
Advertisement
Register to Remove

Re: Need help with my laptop!! Disk usage at 100%..

Unread postby pgmigg » February 18th, 2017, 5:32 pm

Illegal Operating System

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software including Operating System
  • Cracked software
  • Illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs

This topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5403
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index