Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Downloaded and installed suspected false Firefox update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 10th, 2018, 11:10 am

Hi guys,

Symptoms:
1. I recently saw a popup appear at the top of my browser, advising I had to update some sort of critical firefox update.
2. I clicked the link, went to a page that appeared to be firefox/Mozilla, and selected the w7 64bit update.
3. it downloaded a file "Firefox Installer.exe" , which I ran and upgraded (however this file seems suspicious as, when in properties under the details tab, it lists "Original filename: 7zs.sfx.exe" ? - have attached a screenshot)
4. now I appear to have two sets of firefox browsers on my PC (v56.0 - which was my original browser, but now seems to have some plugins disabled due to the recent update. and also v58.0.2 firefox quantum, which also has security plugins disabled as a result of the update version being incompatible)

all of the above leads me to believe that I may have some kind of malware issue.

Any assistance is greatly appreciated!

Thankyou in advance for your time and efforts!

Screen shot attached also.

Requested Logs from FRST64:

1. FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 01
Ran by flynn (administrator) on FLYNN-PC (11-02-2018 02:02:24)
Running from C:\Users\flynn\Downloads
Loaded Profiles: flynn (Available Profiles: flynn)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(f.lux Software LLC) C:\Users\flynn\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_26_0_0_126_ActiveX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-14] (Piriform Ltd)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [f.lux] => C:\Users\flynn\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-11] (f.lux Software LLC)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Violectric Control Panel Autostart.lnk [2017-09-09]
ShortcutTarget: Violectric Control Panel Autostart.lnk -> C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{DA720BB9-99B9-459B-9C11-6BF324A31CD1}: [DhcpNameServer] 192.168.5.1

Internet Explorer:
==================
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/seekingsalvation
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-01-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareu ... PIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareu ... TSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareu ... /CTPID.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: z4roa0cw.default
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default [2018-02-11]
FF Homepage: Mozilla\Firefox\Profiles\z4roa0cw.default -> hxxps://duckduckgo.com/
FF Extension: (Disconnect) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (HTTPS Everywhere) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\https-everywhere@eff.org.xpi [2018-01-30]
FF Extension: (RequestPolicy) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\requestpolicy@requestpolicy.com.xpi [2016-07-14] [Legacy]
FF Extension: (UAControl) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\uacontrol@qz.tsugumi.org.xpi [2016-07-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-10]
FF Extension: (User-Agent JS Fixer) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2016-07-14] [Legacy]
FF Extension: (NoScript) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-10]
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\24hemwe1.testing [2018-02-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-01] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default [2018-02-10]
CHR Extension: (Slides) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-18]
CHR Extension: (Docs) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-18]
CHR Extension: (Google Drive) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-07]
CHR Extension: (YouTube) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-07]
CHR Extension: (uBlock Origin) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-01-26]
CHR Extension: (Sheets) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-01-26]
CHR Extension: (MyEtherWallet) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2018-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-26]
CHR Extension: (Gmail) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2018-01-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-04-30] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 02:00 - 2018-02-11 02:02 - 000050210 _____ C:\Users\flynn\Downloads\Addition.txt
2018-02-11 02:00 - 2018-02-11 02:02 - 000018961 _____ C:\Users\flynn\Downloads\FRST.txt
2018-02-11 01:54 - 2018-02-11 02:00 - 002404352 _____ (Farbar) C:\Users\flynn\Downloads\FRST64.exe
2018-02-10 20:19 - 2018-02-10 20:19 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-10 20:19 - 2018-02-10 20:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-10 20:19 - 2018-02-10 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-09 21:24 - 2018-02-10 20:18 - 000001410 _____ C:\Users\flynn\Desktop\mompov epoch.txt
2018-02-09 21:15 - 2018-02-09 21:15 - 000005704 _____ C:\Users\flynn\Desktop\mompov deets FAILED SIGNUP.txt
2018-02-09 20:31 - 2018-02-09 21:09 - 000005704 _____ C:\Users\flynn\Desktop\mompov deets.txt
2018-02-08 21:12 - 2018-02-08 21:12 - 000000000 ___DL C:\Users\flynn\AppData\LocalLow\PlayReady
2018-01-21 13:44 - 2018-01-21 13:44 - 000000000 ____D C:\Users\flynn\AppData\Local\UnrealEngine
2018-01-21 13:44 - 2018-01-21 13:44 - 000000000 ____D C:\Users\flynn\AppData\Local\TslGame
2018-01-19 05:39 - 2018-01-19 05:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 02:02 - 2017-02-08 20:09 - 000000000 ____D C:\FRST
2018-02-11 02:01 - 2016-07-12 17:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-11 01:00 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\inf
2018-02-11 00:33 - 2017-02-07 19:53 - 000000000 ____D C:\Users\flynn\AppData\LocalLow\Mozilla
2018-02-10 23:09 - 2009-07-14 15:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 23:09 - 2009-07-14 15:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 21:55 - 2009-07-14 16:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 21:49 - 2016-07-12 16:25 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-10 21:48 - 2009-07-14 16:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 21:13 - 2016-07-12 23:08 - 000000000 ____D C:\Users\flynn\AppData\Roaming\MPC-HC
2018-02-10 20:20 - 2016-07-12 17:47 - 000000000 ____D C:\Users\flynn\AppData\Roaming\foobar2000
2018-02-10 20:19 - 2016-07-12 17:03 - 000000000 ____D C:\Users\flynn\AppData\Roaming\Mozilla
2018-02-10 18:46 - 2016-07-12 17:59 - 000000000 ____D C:\Users\flynn\AppData\Roaming\qBittorrent
2018-02-10 10:09 - 2016-07-12 15:48 - 000000000 ____D C:\Users\flynn
2018-02-10 06:11 - 2016-11-04 14:13 - 000000000 ____D C:\Program Files\Recuva
2018-02-06 23:15 - 2016-07-12 20:42 - 000000000 ____D C:\Users\flynn\AppData\Local\Battle.net
2018-02-04 08:52 - 2016-10-23 22:24 - 000000000 ____D C:\Windows\Minidump
2018-02-04 08:52 - 2016-07-19 22:52 - 000000000 ____D C:\Users\flynn\AppData\Local\CrashDumps
2018-01-31 21:00 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-29 20:33 - 2016-08-28 10:37 - 000000000 ____D C:\Users\flynn\AppData\Local\ElevatedDiagnostics
2018-01-29 20:27 - 2009-07-14 13:34 - 000453443 ____R C:\Windows\system32\Drivers\etc\hosts.20180211-020229.backup
2018-01-26 11:41 - 2016-07-12 21:15 - 000000000 ____D C:\Users\flynn\Documents\ccleaner backups
2018-01-21 13:44 - 2016-07-16 15:04 - 000000000 ____D C:\Users\flynn\AppData\Local\NVIDIA Corporation
2018-01-21 13:43 - 2016-07-16 14:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-20 16:55 - 2016-07-12 17:38 - 000000000 ____D C:\Users\flynn\AppData\Roaming\MusicBee
2018-01-19 05:39 - 2017-04-18 22:53 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-19 05:39 - 2009-07-14 14:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-19 05:37 - 2017-04-18 22:38 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-12 20:50 - 2016-07-12 20:43 - 000000000 ____D C:\Users\flynn\Documents\StarCraft II

==================== Files in the root of some directories =======

2016-12-10 15:21 - 2016-12-17 07:38 - 000000600 _____ () C:\Users\flynn\AppData\Local\PUTTY.RND
2017-08-21 00:04 - 2017-08-21 00:04 - 000007609 _____ () C:\Users\flynn\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-08 21:20

==================== End of FRST.txt ============================

2. addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 01
Ran by flynn (11-02-2018 02:02:42)
Running from C:\Users\flynn\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-12 04:48:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1648639942-364084454-2766153320-500 - Administrator - Disabled)
flynn (S-1-5-21-1648639942-364084454-2766153320-1000 - Administrator - Enabled) => C:\Users\flynn
Guest (S-1-5-21-1648639942-364084454-2766153320-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{9D29D67C-315D-46A1-A3A9-3CAF24871578}) (Version: 1.0.022 - ASUSTek Computer Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
f.lux (HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Flux) (Version: - f.lux Software LLC)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Free Virtual Keyboard 3.0.1.0 (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
LG Power Tools (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.007 - Portrait Displays, Inc.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Violectric Audio Driver v3.0.0 (HKLM-x32\...\Violectric Audio Driver v3.0.0) (Version: 3.0.0 - Violectric)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1648639942-364084454-2766153320-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-06] (NVIDIA Corporation)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07FDA491-E404-4EE9-9A5D-60521408EBCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {084E7C9C-235A-4DC3-BD2F-FF08EAE41A88} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-19] (Microsoft Corporation)
Task: {28757681-FD9D-47D2-ADB9-68CF3EC95C6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {3DC6E7DD-7B67-4DA0-8B16-143CD46296B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {44C92ACE-AF03-4B2B-8068-0C48540F1407} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {4A3C8766-0B60-48B8-8FCF-F7253C52E414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {59BB98AE-C501-4584-AE2A-97228C393E78} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {5C522309-CB12-4D51-89E8-895973B7890B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {7F8C504D-C311-4AE0-98BB-500C1F82AEB0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {97216AC6-EDD6-410A-A1CB-CC765F39475B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {9A54E6E2-6A39-4314-BE2A-0C98C46074CC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {A333814C-F7D2-497C-89CF-EE4D65F9717A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {A3AE6E79-3488-4F87-82C7-A1D496688FA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {A66B24B2-4B31-463E-999A-07F0B658695F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {ADB32BA2-16F0-4674-B4C0-EC9B25EEDB82} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {AF18AB99-9031-44E7-9FE5-6F4B5F4D9335} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {B4EAB0F5-6C7C-422D-B499-46D3A50CC518} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-06-21] (ASUSTek Computer Inc.)
Task: {B8D31284-9010-492A-BC3E-B8DF20A2B4F5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {C073F1C2-159A-423D-B622-34F0754ED126} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {D77FF2BE-502F-4420-9EF5-E914F6FFA8BE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {E16C0328-F620-4247-80C4-DB94BC7B77E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E9B28576-BBFC-4381-A82D-26AF466F8968} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {EBE901F0-47AB-466A-9A7B-A5BD31E1F558} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-14] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 000055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-07-12 16:25 - 2017-12-06 06:32 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000098320 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2017-06-20 20:54 - 2017-11-16 12:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-18 23:33 - 2017-04-18 23:33 - 000959168 _____ () C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-04-18 22:55 - 2018-01-19 05:35 - 008929480 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000274960 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2017-09-09 21:19 - 2015-05-06 17:11 - 000315392 _____ () C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe
2016-07-12 16:37 - 2013-06-18 13:26 - 000677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2016-07-12 16:37 - 2013-06-18 13:26 - 000714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
2016-07-12 16:37 - 2013-11-12 12:44 - 000163344 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
2016-07-12 16:37 - 2013-11-12 12:44 - 000197136 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
2016-07-12 17:15 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-12 17:15 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-12 17:15 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-12 17:15 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-12 17:15 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-06-20 20:54 - 2017-11-16 12:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000093712 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2013-06-20 12:01 - 2013-06-20 12:01 - 000258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-05-14 16:11 - 2013-05-14 16:11 - 000049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2017-09-09 21:19 - 2015-05-06 17:11 - 000200704 _____ () C:\Program Files\Violectric\Violectric_Audio_Driver\violectric_usbaudioapi.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000187920 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2017-06-20 20:54 - 2017-11-16 12:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-04-18 23:33 - 2017-04-18 23:33 - 000679624 _____ () C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2018-02-11 02:02 - 000453723 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15600 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1648639942-364084454-2766153320-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{66FBF906-0D28-43F7-B766-FFA1543A731E}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{67536B77-F116-411B-A4B5-CEFC887E9F83}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{64F421B9-4F5B-4F8E-8129-55E3E4F499C4}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{6D8E9A47-2181-491C-BE03-D8F1F7F746AC}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{155E0717-986F-4DCF-B814-61A544537D54}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{01AAAC01-259F-4D66-9F57-CD50A61B1B9D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{19A7CC4D-90C5-4A4E-B240-9E5BF5479761}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6968E411-6F19-494F-998E-08197D87CB43}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{05F9F64A-99E0-4628-B0F2-D66A7779A1FE}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [{3E89E153-72E9-4B38-A8E5-4BDF7F69F3C0}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [TCP Query User{6DEAC644-CAF7-49BB-A14B-9F5277479C16}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{2DC3B367-38EF-4F29-9EAD-7D1478BD2EB4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{962B6077-BB49-4DA0-9652-42D78149507D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F2E775A9-D329-4796-B68C-4D189618A6D1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6947829D-1D3F-4755-BA0E-B98CBBFCCE23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C05D0FCC-AD9C-4551-A6CF-E3E08142C82A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A1A0C68-CCAC-4481-99D7-24DB27DD4366}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E71F3D6-86B4-45E1-9502-553EEAAF2AB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F98188E4-F080-4DCD-8EE3-CD78A30168E1}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{16210C61-7464-4AA1-837F-255D8E2C58A2}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A460B9E-0E64-4F07-BAF5-CEB86671FA79}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{73B1D6F1-5DBA-41B2-B715-9679240E2577}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4AFE5DF7-934A-46AC-9855-455AC77AA267}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{A294CB6E-BDF6-49FF-BE03-24DB65684288}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{7F4D5EAB-774B-4E83-BB63-D4C412ABA01D}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{61A270F1-D44B-4CC7-A37E-9136EE474644}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DCF99FC8-3206-4390-8308-9BCF258217EC}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{CF3802F3-5F07-4A60-8332-DA9A9EE29E96}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{60438213-FB90-49D5-8368-E343A853DED7}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{692AF56D-C1E7-4E1F-AE43-4B381B066448}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{76C3F2FF-AECD-438D-80E8-56A22587A61C}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A3B1E5CA-B9FA-4D74-B5AF-347E1B133589}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9AB35043-237C-46BE-983C-8B85EC2FFD73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5A2AAA98-14DD-449D-8C1B-55474CA973E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B83634C1-B846-4E37-B9C0-6FDA8AA507AC}] => (Allow) F:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{102978C3-356B-4883-9DBC-0BD19E3B2F5D}] => (Allow) F:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E99F818A-37D9-4868-B601-1AFD0FC3516E}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{7366B0F2-9B5E-4918-A36E-44EEAFA70813}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{0F1C76DC-EB82-47C3-8B57-87769E049A03}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{C7C99B31-6669-42C2-AC7B-DF6E2796C24B}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [TCP Query User{6352E63D-AC44-42AE-A25C-4235140C59E3}F:\games\diablo iii\x64\diablo iii64.exe] => (Allow) F:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{B876BF2C-9CAE-40D9-B7A0-6DD303748D1B}F:\games\diablo iii\x64\diablo iii64.exe] => (Allow) F:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [{30B92C5F-3D16-470C-845A-C619CB3E5CB2}] => (Allow) F:\Programs\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{E46A7750-CDDF-47C4-AACE-12A7242580E5}] => (Allow) F:\Programs\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F133D14B-EE81-45DD-BE13-DD76FB8028A8}F:\games\overwatch public test\overwatch test\overwatch.exe] => (Allow) F:\games\overwatch public test\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{77794184-B61A-4FFF-AFA5-2539E5400338}F:\games\overwatch public test\overwatch test\overwatch.exe] => (Allow) F:\games\overwatch public test\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A3D89EE3-2DD7-4DD0-B718-A78511626030}F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{B5412163-C0F8-4B78-A8E0-94E9354E4766}F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{28837959-224C-4DCD-8EF8-3D9DEB56CCF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{242E5B6F-B38F-4322-881B-0E1C64D4301B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{65C574AB-0397-400A-8DAB-C2C1BBBDDCAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BFF18B2-B9A3-4CA7-B41C-E38D6BF0EAF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C5561890-4545-4F0A-9694-68575542A987}F:\games\starcraft\starcraft.exe] => (Allow) F:\games\starcraft\starcraft.exe
FirewallRules: [UDP Query User{6DF4C904-3F17-4A6C-A90F-696A4623149C}F:\games\starcraft\starcraft.exe] => (Allow) F:\games\starcraft\starcraft.exe
FirewallRules: [{36B0F735-0DDB-4AC0-A286-9E49E85BF632}] => (Allow) F:\Programs\Steam\steamapps\common\MARVEL VS. CAPCOM INFINITE\MVCI.exe
FirewallRules: [{CDAE7EFE-139E-4BED-B458-CC42CB57DB8B}] => (Allow) F:\Programs\Steam\steamapps\common\MARVEL VS. CAPCOM INFINITE\MVCI.exe
FirewallRules: [{BD4549CD-491F-42FF-879F-14637C0F0E96}] => (Allow) F:\Programs\Steam\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{D7444C94-89A4-457E-A579-21E975EBB389}] => (Allow) F:\Programs\Steam\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{54D2BA5F-02B7-49D2-8BD1-B32D25996351}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC9C63CA-2D1D-4669-8892-86FC30743120}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{48A4B504-95BB-4A19-AAA5-A63DE076302A}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{82DBB780-BA67-4BED-815B-9D29AF09A6FF}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{EDDE0685-4B3F-4E66-AD31-3B0736EB501C}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CE62AB31-9F67-4DD0-B907-276081C2CE60}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C3EC089-3FDF-4445-B4A2-C79DBF87E073}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A2BF605-0B9D-4D5B-9EC8-8A6C4165FFCD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3621971F-CE37-484B-9526-6D5038F7C28E}F:\games\starcraft ii\versions\base60321\sc2_x64.exe] => (Block) F:\games\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [UDP Query User{F61B5FEB-08F0-4C05-9F41-C03EDE1E0E04}F:\games\starcraft ii\versions\base60321\sc2_x64.exe] => (Block) F:\games\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [{4C0C26B2-04D4-4A57-AEAC-37EE8218371B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D9D62332-819F-44DE-AB6F-F1566772FE50}] => (Allow) F:\Programs\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{0BAC5B38-ED7E-435F-B885-C0C06BB08004}] => (Allow) F:\Programs\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{110C0433-26DD-43F1-AD18-4809AD8C8939}F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{44E41A1F-83D2-47AD-A94A-D9B644F05B11}F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{42F00905-4F1C-4E55-B4E0-EE67116FC4C8}] => (Allow) F:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83EE7E45-914D-4E0F-B6FD-DE3B5BC3CDD9}] => (Allow) F:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{534364AB-0B66-47EA-A218-5A64EFEEDCA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{59ACFE31-9E25-4600-BF82-5B7D9EE1F6A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

21-01-2018 13:42:09 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-01-2018 13:43:08 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-01-2018 13:43:18 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
21-01-2018 13:43:26 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-01-2018 13:43:34 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
21-01-2018 13:43:41 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-01-2018 19:00:54 Windows Backup
21-01-2018 23:14:16 Windows Update
24-01-2018 00:26:56 Windows Update
28-01-2018 19:00:58 Windows Backup
30-01-2018 17:53:50 Windows Update
02-02-2018 19:09:19 Windows Update
04-02-2018 19:00:46 Windows Backup
06-02-2018 19:35:57 Windows Update
09-02-2018 19:40:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2018 09:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2018 09:13:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9095

Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9095

Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8034

Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8034

Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2018 12:31:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7035

Error: (02/10/2018 12:31:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7035


System errors:
=============
Error: (02/10/2018 09:48:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/10/2018 09:13:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/10/2018 09:06:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/10/2018 04:02:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/10/2018 01:13:19 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/10/2018 12:54:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/10/2018 12:47:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/09/2018 11:26:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/09/2018 11:19:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/09/2018 07:36:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16281.73 MB
Available physical RAM: 12894.32 MB
Total Virtual: 32561.65 MB
Available Virtual: 28900.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:384.98 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:622.6 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:2794.39 GB) (Free:78.25 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:263.32 GB) NTFS
Drive g: (Elements) (Fixed) (Total:2794.49 GB) (Free:150.69 GB) NTFS
Drive j: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:552.45 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:7451.91 GB) (Free:5692.05 GB) NTFS
Drive l: (Elements) (Fixed) (Total:2794.49 GB) (Free:1039.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D05E9F5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 6.

========================================================
Disk: 7 (MBR Code: Windows 7 or 8) (Size: 7452 GB) (Disk ID: 9FCACA4F)

Partition: GPT.

==================== End of Addition.txt ============================
You do not have the required permissions to view the files attached to this post.
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am
Advertisement
Register to Remove

Re: Downloaded and installed suspected false Firefox update

Unread postby mAL_rEm018 » February 10th, 2018, 11:15 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello malware help223,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 10th, 2018, 11:43 am

Hello mAL_rEm018,

thankyou for your quick response!

I did read the 'how to get help in this forum' thread you have linked before posting and followed the guide.
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am

Re: Downloaded and installed suspected false Firefox update

Unread postby mAL_rEm018 » February 11th, 2018, 5:44 am

Hello malware help223,


Please answer the following question..
  • Is this computer used for any type of business purposes?

Please run the following scans..


TSG-SysInfo
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on SysInfo.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • A window entitled TSG SysInfo will open. Please copy/paste the highlighted text in your next reply.


MGA Diagnostics
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on MGADiag.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.


CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • TSG-SysInfo log
  • MGADiag.txt
  • CKFiles.txt

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 12th, 2018, 4:39 am

1. no I do not run any businesses. this is my home private computer

2. TSG-sysinfo
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD FX(tm)-8320 Eight-Core Processor, AMD64 Family 21 Model 2 Stepping 0
Processor Count: 8
RAM: 16281 Mb
Graphics Card: NVIDIA GeForce GTX 980 Ti, -1 Mb
Hard Drives: C: 465 GB (382 GB Free); D: 1862 GB (618 GB Free); E: 2794 GB (62 GB Free); F: 2794 GB (258 GB Free); G: 2794 GB (146 GB Free); J: 1863 GB (552 GB Free); K: 7451 GB (5764 GB Free); L: 2794 GB (2056 GB Free);
Motherboard: ASUSTeK COMPUTER INC., SABERTOOTH 990FX R2.0
Antivirus: None
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am

Re: Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 12th, 2018, 4:44 am

3. MGAdiag.txt copy and pasted:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-9VDMH-KDT4W-KWDK2
Windows Product Key Hash: cFmWSraBpSukmxhaCVY793EQMpA=
Windows Product ID: 00371-OEM-9046801-69804
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {BBB3D395-E67C-492F-8B49-8E3372F6AC44}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.170913-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-

80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3

-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BBB3D395-E67C-492F-8B49

-8E3372F6AC44}

</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Arc

hitecture>x64</Architecture><PKey>*****-*****-*****-*****-

KWDK2</PKey><PID>00371-OEM-9046801-69804</PID><PIDType>3</PIDType><SID>S-1-5

-21-1648639942-364084454-2766153320</SID><SYSTEM><Manufacturer>To be filled

by O.E.M.</Manufacturer><Model>To be filled by

O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends

Inc.</Manufacturer><Version>2005</Version><SMBIOSVersion major="2"

minor="7"/><Date>20130916000000.000000+000</Date></BIOS><HWID>C2100E00018400F

2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS

Eastern Standard Time(GMT+10:00)

</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name>

<model></model></SBID><OEM/><GANotification/></MachineData><Software><Office>

<Result>109</Result><Products/><Applications/></Office></Software></GenuineRe

sults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00180-468-069804-02-1033-7601.0000-1942016
Installation ID: 003864333465077733906873236700497366007401435606946345
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: KWDK2
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12-Feb-18 7:41:27 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:11:2018 12:18
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current:

LgAAAAAAAwABAAEAAAACAAAAAQABAAEAHKKKokZSdMRkx15U5MOUm8rEENFudQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
BGRT ALASKA A M I
SSDT AMD POWERNOW
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am

Re: Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 12th, 2018, 4:47 am

4. not sure if CKscanner worked? this is what it outputted:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.QGNAXZ
----- EOF -----
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am

Re: Downloaded and installed suspected false Firefox update

Unread postby mAL_rEm018 » February 12th, 2018, 5:04 pm

Hello malware help223,

I have an additional couple of questions I need to ask you before we proceed. They might appear a bit intrusive, however I can assure you that I am only trying to get enough information, so that I can make a proper assessment of the situation. :)
  1. Please tell me how you acquired your license for Microsoft Office 365 Pro Plus.
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us)
  2. How did you get an OEM System Builder license?
    Windows License Type: OEM System Builder
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Downloaded and installed suspected false Firefox update

Unread postby malware help223 » February 12th, 2018, 5:17 pm

Office 365 was installed as a free version from my university. I bought that Windows 7 oem as it was the only version of Windows 7 I could find. Windows don't offer windows 7 much at all these days it seems. I didn't want to use Windows 10. I hope that isn't an issue??
malware help223
Active Member
 
Posts: 6
Joined: February 10th, 2018, 10:36 am

Re: Downloaded and installed suspected false Firefox update

Unread postby mAL_rEm018 » February 13th, 2018, 6:50 am

malware help223 wrote:Office 365 was installed as a free version from my university.

Connected to Educational Network
I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such computers.


This topic is now closed
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 99 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware