Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Win Erx03 pops up constantly

This is a discussion on Win Erx03 pops up constantly within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. This has just started. Almost impossible to close the page except by using Task Manager but then it pops up


Closed Thread
 
Thread Tools Search this Thread
Old 09-29-2018, 04:18 AM   #1
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



This has just started. Almost impossible to close the page except by using Task Manager but then it pops up again. It is not in the download list in control panel nor in my search providers. I've changed my default homepage. I've done a search in the Registry to no avail so it must be residing somewhere.
All help gratefully received.
P.S. I would send likes as I believe people who help should be rewarded somehow but I do not belong to any social media so I'll send a personal like here.
blenkinsop is offline  
Sponsored Links
Advertisement
 
Old 09-30-2018, 11:23 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

We want all our members to perform the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them in a reply to this thread.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-13-2018, 06:59 AM   #3
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



dds files attached
Thanks - sorry for delay, been away

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.19130
Run by Stuart at 14:53:57 on 2018-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16322.13696 [GMT 1:00]
.
AV: ESET Security *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET Security *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\ShadowExplorer\sesvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
E:\Games\Wolf\Steam.exe
E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Steam] "E:\Games\Wolf\Steam.exe" -silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [] C:\Program Files (x86)\Broadcom\WirelessBCM MIMO\Utility\Wlan11ag.exe -hide
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALTI~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A0F1F251-27A0-46FE-8193-E559EAD1AD4C} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe" /launch /hide
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-9-15 20464]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2018-1-5 253880]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2017-12-23 339920]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2017-2-19 604752]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2015-7-13 141512]
R1 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2018-4-12 109864]
R1 RapportAegle64;RapportAegle64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2018-9-6 498064]
R1 RapportCerberus_1930074;RapportCerberus_1930074;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [2018-10-1 1651176]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2018-9-6 719440]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2018-9-6 752000]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-12-4 927232]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2018-9-15 2260144]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-4 169432]
R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-23 6234056]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-14 522688]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-14 464272]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-24 469952]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2018-9-6 5256184]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2015-11-4 33088]
R2 RealTimes Desktop Service;RealTimes Desktop Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2015-12-5 1095976]
R2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2015-6-23 9216]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2015-6-3 172376]
R3 ekrnEpfw;ESET Firewall Helper;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2018-9-15 2260144]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-9-15 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-9-15 786416]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2018-5-20 59240]
R3 nvvhci;NVVHCI Enumerator Service;C:\Windows\System32\drivers\nvvhci.sys [2018-5-20 58816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-14 883928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S3 dc21x4vm;dc21x4vm;C:\Windows\System32\drivers\dc21x4vm.sys [2009-6-10 57344]
S3 ESETCleanersDriver;ESET Cleaner Service;C:\Windows\System32\drivers\ESETCleanersDriver.sys [2015-6-28 170280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-9-14 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-14 522688]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-5-20 31168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-8 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-8 1255736]
.
=============== Created Last 30 ================
.
2018-09-22 14:46:08 142336 ----a-w- C:\Windows\System32\poqexec.exe
2018-09-22 14:46:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
==================== Find3M ====================
.
2018-09-29 07:22:24 253880 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2018-09-15 2001 188824 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2018-09-15 2001 141512 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2018-09-15 2001 109864 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys
2018-09-15 07:28:38 842240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-09-15 07:28:38 175104 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-06 05:22:50 604752 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2018-09-06 05:22:50 339920 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2018-08-31 15:08:34 340480 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2018-08-31 15:08:34 1311744 ----a-w- C:\Windows\SysWow64\msjet40.dll
2018-08-30 01:47:47 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2018-08-30 01:10:54 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2018-08-28 05:50:21 243200 ----a-w- C:\Windows\System32\drivers\ks.sys
2018-08-23 22:56:52 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-08-23 22:56:43 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-08-23 22:44:34 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-08-23 22:43:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-08-23 22:43:53 576512 ----a-w- C:\Windows\System32\vbscript.dll
2018-08-23 22:43:53 417280 ----a-w- C:\Windows\System32\html.iec
2018-08-23 22:43:24 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-08-23 22:34:55 5779456 ----a-w- C:\Windows\System32\jscript9.dll
2018-08-23 22:33:32 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-08-23 22:33:31 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-08-23 22:33:07 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-08-23 22:27:56 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-08-23 22:19:17 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-08-23 22:18:55 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-08-23 21:59:45 2136064 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-08-23 21:59:31 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-08-23 21:52:39 4510720 ----a-w- C:\Windows\System32\wininet.dll
2018-08-23 21:25:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-08-23 21:15:05 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-08-23 21:14:49 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-08-23 21:14:20 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-08-23 21:14:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-08-23 21:13:29 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-08-23 2137 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-08-23 2120 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-08-23 20:56:34 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-08-23 20:56:17 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-08-23 20:51:15 4494848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-08-23 20:44:17 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-08-23 20:44:01 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-08-23 20:30:53 4037632 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-08-13 15:54:24 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2018-08-13 15:54:24 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2018-08-13 15:54:24 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2018-08-13 15:54:24 1888768 ----a-w- C:\Windows\System32\msxml3.dll
2018-08-13 15:54:23 8192 ----a-w- C:\Windows\System32\msimg32.dll
2018-08-13 15:54:18 56832 ----a-w- C:\Windows\System32\mf3216.dll
2018-08-13 15:53:59 405504 ----a-w- C:\Windows\System32\gdi32.dll
2018-08-13 15:53:53 1867776 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2018-08-13 15:41:07 313344 ----a-w- C:\Windows\SysWow64\gdi32.dll
2018-08-13 15:40:39 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2018-08-13 15:40:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2018-08-13 15:40:39 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2018-08-13 15:40:39 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2018-08-13 15:40:38 4608 ----a-w- C:\Windows\SysWow64\msimg32.dll
2018-08-13 15:40:32 43008 ----a-w- C:\Windows\SysWow64\mf3216.dll
2018-08-13 15:40:17 1499648 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2018-08-12 20:32:06 378464 ----a-w- C:\Windows\System32\drivers\netio.sys
2018-08-12 20:31:39 1894496 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2018-08-12 20:31:30 289376 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2018-08-12 20:28:38 18944 ----a-w- C:\Windows\System32\netevent.dll
2018-08-12 20:14:40 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2018-08-10 15:59:36 154800 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-08-10 15:59:30 5552816 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-08-10 15:58:27 96864 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-08-10 15:58:17 385120 ----a-w- C:\Windows\System32\atmfd.dll
2018-08-10 15:57:43 631624 ----a-w- C:\Windows\System32\winresume.efi
2018-08-10 15:57:27 708272 ----a-w- C:\Windows\System32\winload.efi
2018-08-10 15:56:38 1664296 ----a-w- C:\Windows\System32\ntdll.dll
2018-08-10 15:55:08 361984 ----a-w- C:\Windows\System32\wow64win.dll
2018-08-10 15:55:08 243712 ----a-w- C:\Windows\System32\wow64.dll
2018-08-10 15:55:08 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2018-08-10 15:55:06 22528 ----a-w- C:\Windows\System32\wfapigp.dll
2018-08-10 15:55:06 215552 ----a-w- C:\Windows\System32\winsrv.dll
2018-08-10 15:55:05 210432 ----a-w- C:\Windows\System32\wdigest.dll
2018-08-10 15:55:02 94208 ----a-w- C:\Windows\System32\TSpkg.dll
2018-08-10 15:55:01 152064 ----a-w- C:\Windows\System32\t2embed.dll
2018-08-10 15:55:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2018-08-10 15:55:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2018-08-10 15:55:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2018-08-10 15:55:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2018-08-10 15:53:55 14336 ----a-w- C:\Windows\System32\dciman32.dll
2018-08-10 15:45:59 4054192 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-08-10 15:45:48 309424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2018-08-10 15:44:43 3961440 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-08-10 15:42:51 1315512 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-08-10 15:40:55 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2018-08-10 15:39:58 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2018-08-10 15:39:58 644096 ----a-w- C:\Windows\SysWow64\advapi32.dll
2018-08-10 15:39:55 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2018-08-10 15:27:40 77312 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2018-08-10 15:22:16 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-08-10 15:22:12 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-08-10 15:22:11 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-08-10 15:21:23 64000 ----a-w- C:\Windows\System32\auditpol.exe
2018-08-10 15:20:23 18944 ----a-w- C:\Windows\SysWow64\wfapigp.dll
2018-08-10 15:17:57 338432 ----a-w- C:\Windows\System32\conhost.exe
.
============= FINISH: 14:54:15.02 ===============
Attached Files
File Type: txt attach.txt (12.6 KB, 9 views)
File Type: txt dds.txt (20.3 KB, 8 views)
blenkinsop is offline  
Sponsored Links
Advertisement
 
Old 10-13-2018, 10:04 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2018, 09:33 AM   #5
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



Thanks, 3 files


Thread tools only gave me 2 options, neither were about subscribing to this thread but maybe as it was my thread it does it automatically??
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-15-2018
# Duration: 00:00:09
# OS: Windows 7 Home Premium
# Scanned: 31969
# Detected: 0

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1671 octets] - [15/10/2018 17:17:34]
AdwCleaner[C00].txt - [1725 octets] - [15/10/2018 17:18:14]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Stuart (administrator) on STUART-PC (15-10-2018 17:21:32)
Running from C:\Users\Stuart\Desktop
Loaded Profiles: Stuart (Available Profiles: Stuart & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
( www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Users\Stuart\Desktop\adwcleaner_7.2.4.0.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) E:\Games\Wolf\Steam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Valve Corporation) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_31_0_0_108_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [177928 2018-09-15] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1226288 2007-05-24] (Nero AG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2015-12-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] ()
HKLM-x32\...\Run: [] => C:\Program Files (x86)\Broadcom\WirelessBCM MIMO\Utility\Wlan11ag.exe -hide
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-29] (Nero AG)
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\...\Run: [Steam] => E:\Games\Wolf\Steam.exe [3208992 2018-10-13] (Valve Corporation)
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322248 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-05]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A0F1F251-27A0-46FE-8193-E559EAD1AD4C}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.co.uk/
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2277837192-3314559870-1521232080-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF DefaultProfile: zv8h75ok.default-1488645127378-1535133270582
FF ProfilePath: C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\zv8h75ok.default-1488645127378-1535133270582 [2018-10-13]
FF Extension: (IBM Security Rapport) - C:\Users\Stuart\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2018-10-01]
FF Extension: (Tails Verification) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\zv8h75ok.default-1488645127378-1535133270582\Extensions\{4121db26-aeba-4014-b6fe-1db322d7c585}.xpi [2018-08-24]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @Nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-12-05] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-12-05] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default [2018-10-13]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-09]
CHR Extension: (IBM Security Rapport) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-08-19]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-09]
CHR Extension: (Video Downloader professional) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
CHR HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260144 2018-09-15] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260144 2018-09-15] (ESET)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-29] (Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5256184 2018-09-06] (IBM Corp.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-05] (RealNetworks, Inc.)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] ( www.shadowexplorer.com) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [141512 2018-09-15] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188824 2018-09-15] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-09-15] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-06-28] (ESET)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-09-29] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [498064 2018-09-06] (IBM Corp.)
R1 RapportCerberus_1930074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [1651176 2018-10-01] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [719440 2018-09-06] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [339920 2018-09-06] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [604752 2018-09-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [752000 2018-09-06] (IBM Corp.)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-15 17:21 - 2018-10-15 17:21 - 000017422 _____ C:\Users\Stuart\Desktop\FRST.txt
2018-10-15 17:21 - 2018-10-15 17:21 - 000000000 ____D C:\FRST
2018-10-15 17:16 - 2018-10-15 17:16 - 007592144 _____ (Malwarebytes) C:\Users\Stuart\Desktop\adwcleaner_7.2.4.0.exe
2018-10-15 17:15 - 2018-10-15 17:18 - 000000000 ____D C:\AdwCleaner
2018-10-15 17:14 - 2018-10-15 17:14 - 002414592 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64.exe
2018-10-13 18:06 - 2018-10-13 18:06 - 000000000 ____D C:\Users\Stuart\Desktop\tech
2018-10-13 14:43 - 2018-10-13 14:43 - 000688992 ____R (Swearware) C:\Users\Stuart\Downloads\dds.scr
2018-09-22 15:46 - 2016-07-22 15:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-09-22 15:46 - 2016-07-22 15:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-15 17:19 - 2013-12-04 14:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-15 17:18 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-15 17:18 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-15 17:18 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-15 17:17 - 2009-07-14 06:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-15 17:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-10-12 19:53 - 2013-10-08 01:36 - 000000000 ____D C:\Windows\system32\MRT
2018-10-12 19:52 - 2013-10-08 01:36 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-09 10:34 - 2015-12-27 15:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-08 21:55 - 2013-12-08 00:11 - 000000000 ____D C:\ProgramData\TEMP
2018-10-07 17:38 - 2014-03-31 18:40 - 000000000 ____D C:\Users\Stuart\Pers
2018-10-06 09:43 - 2013-12-08 22:30 - 000000000 ____D C:\Users\Stuart\AppData\LocalLow\Adobe
2018-10-01 18:45 - 2017-02-19 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-09-29 11:04 - 2015-09-12 18:23 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-09-29 11:03 - 2013-12-08 00:11 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-09-29 08:22 - 2018-01-05 23:20 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-23 13:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-09-23 12:23 - 2013-12-15 19:29 - 000000000 ___RD C:\Users\Stuart\Virtual Machines
2018-09-23 12:23 - 2009-07-14 05:45 - 000410928 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-21 20:39 - 2017-01-09 17:49 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-21 20:39 - 2014-12-27 12:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-15 21:06 - 2018-04-12 16:26 - 000109864 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-09-15 21:06 - 2015-07-13 07:14 - 000188824 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-09-15 21:06 - 2015-07-13 07:14 - 000141512 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-09-15 11:09 - 2017-03-07 21:01 - 000000000 ____D C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-09-15 08:28 - 2014-09-14 15:55 - 000000000 ____D C:\Users\Stuart\AppData\Local\Adobe
2018-09-15 08:28 - 2013-12-07 23:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-15 08:28 - 2013-12-07 23:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-15 08:28 - 2013-12-07 23:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-15 08:28 - 2013-12-07 23:15 - 000000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2018-05-21 17:25 - 2018-05-21 18:06 - 000000127 _____ () C:\Users\Stuart\AppData\Roaming\Camdata.ini
2018-05-21 17:25 - 2018-05-21 18:06 - 000000408 _____ () C:\Users\Stuart\AppData\Roaming\CamLayout.ini
2018-05-21 17:25 - 2018-05-21 18:06 - 000000408 _____ () C:\Users\Stuart\AppData\Roaming\CamShapes.ini
2018-05-21 17:25 - 2018-05-21 18:06 - 000004545 _____ () C:\Users\Stuart\AppData\Roaming\CamStudio.cfg
2017-12-31 23:30 - 2017-12-31 23:31 - 000007618 _____ () C:\Users\Stuart\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-10-06 14:57
==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Stuart (15-10-2018 17:21:55)
Running from C:\Users\Stuart\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-07 02:49:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2277837192-3314559870-1521232080-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2277837192-3314559870-1521232080-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2277837192-3314559870-1521232080-1003 - Limited - Enabled)
Stuart (S-1-5-21-2277837192-3314559870-1521232080-1002 - Administrator - Enabled) => C:\Users\Stuart
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Broadcom 802.11n Network Adapter (HKLM-x32\...\{AFD36BF1-DA28-4702-A83F-C49D03199A0F}) (Version: 07.13.2006 - Broadcom)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Enemy Front PROPER (HKLM-x32\...\Enemy Front PROPER_is1) (Version: - )
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.0.0 - )
EPSON PhotoQuicker3.5 (HKLM-x32\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
EPSON PRINT Image Framer Tool2.1 (HKLM-x32\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version: - )
EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
EPSON Web-To-Page (HKLM-x32\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
ESCX6600 Reference Guide (HKLM-x32\...\ESCX6600 Reference Guide) (Version: - )
ESCX6600 Software Guide (HKLM-x32\...\ESCX6600 Software Guide) (Version: - )
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
FairStars CD Ripper 1.60 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Plus! 98 (HKLM-x32\...\Plus98) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 2 Essentials (HKLM-x32\...\{69E8BEBD-B3AA-4981-BA49-AD0AEA731033}) (Version: 7.02.8835 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.100 - Trusteer) Hidden
RealDownloader (HKLM-x32\...\{5185C946-9278-48AE-8090-599C0EB13BED}) (Version: 18.1.2.185 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{692AC224-5A8F-4F71-B539-5145190C0A60}) (Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{82bb33f9-dcda-4d6e-9b11-5becccddffcc}) (Version: 18.1.2.185 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (HKLM-x32\...\{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}) (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.100 - Trusteer)
Unreal Gold (HKLM-x32\...\Unreal Gold) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
Video Downloader (HKLM-x32\...\{99488327-CEB3-4855-AEDF-2ED38B2C4161}) (Version: 1.1.0 - RealNetworks) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein II The New Colossus The Deeds of Captain Wilkins (HKLM-x32\...\Wolfenstein II The New Colossus The Deeds of Cap~70F43D1E_is1) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-15] (ESET)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-15] (ESET)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2015-12-05] (RealNetworks, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-15] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0305E47C-5721-49BD-8884-E0949D0D7B1F} - System32\Tasks\{4FABAD89-4521-4253-A928-2F0B421AAB6E} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {09BC4393-D013-4AA2-890F-28A7A82FDBFA} - System32\Tasks\{96DF8AD5-C7BD-4E90-A22B-46FD81C738E1} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Task: {0C5D7F77-F852-4DF7-AC42-2D6B0D416A9E} - System32\Tasks\{0D4BE55C-30AA-43A4-A178-44C19AABA5F6} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {127DCCD6-7098-4912-92D2-D49FAA1064CD} - System32\Tasks\{86B2070A-AC83-4194-9EE3-59755E610CDA} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {137DCB76-93E7-4D61-B63B-70992CF2877C} - System32\Tasks\{5B10370B-B502-4AD4-B3C2-7C88125303A6} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {14AD6F85-9CF5-4F23-9F5B-3CB315593310} - System32\Tasks\{98EB6412-24B6-44AD-A74C-91F0A3A60DD9} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {16E991D7-A838-4016-91E6-F454FA0335A2} - System32\Tasks\{07E4B443-CE1D-4C2A-A682-E986BB1496AF} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {176678C3-A3C5-422B-93D9-4835CAB71632} - System32\Tasks\{E9BCA208-C1A2-4264-B8BE-190A37A8EB7B} => C:\Users\Stuart\Downloads\Games\plunder\plunder\instfiles\SETUP.EXE
Task: {19DB43D2-10D8-4CB3-8573-8F2D27DD8899} - System32\Tasks\{0A7B47D9-A3F1-47E3-ADEE-05F2323F7CA5} => C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhoebeLE.exe
Task: {1CBADF7E-6F0E-4D39-B442-A4729A4D5ECB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2277837192-3314559870-1521232080-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {1FAC7312-E639-4A0F-9BF0-75774FFDD974} - System32\Tasks\{286C432F-A6C7-4F9C-923C-B529BD417AF7} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\Plus!\Setup!98\setup.exe -c /M
Task: {2489C81D-669E-48E0-B449-E3D7A40BF4C9} - System32\Tasks\{7088EC5D-CB66-4781-8727-124BEFA84B6D} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {278CF06D-17F6-4420-B50D-A950B9EE6ED2} - System32\Tasks\{C5C5C1EB-7781-4FCA-9B70-A0E268D2B970} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {2A9194EB-1D00-4A84-B3F2-C777B0389784} - System32\Tasks\{CED3BE34-827E-40EE-AA32-195283A216C8} => C:\Windows\system32\pcalua.exe -a C:\Users\Stuart\Downloads\MovieManagerSetup.exe -d C:\Users\Stuart\Downloads
Task: {2B8784CD-8DA3-4EE1-BD1D-19BA19B1FC73} - System32\Tasks\{745B35C1-0692-4B7C-8AB4-5FF5C292D3A9} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {2B888C83-5B13-4211-8718-D56A927876A0} - System32\Tasks\{8679301D-2616-4DD1-953A-B639A2D127C3} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {2D08F140-4796-4CCF-9050-4193249FA7BD} - System32\Tasks\{37056558-46C5-46B8-88F5-50A8B5F16EA0} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {2DE7A8F0-412D-4292-BF98-CAF658E2F231} - System32\Tasks\{9A6FC9B0-1773-4404-96DE-C0F9AC3AAF29} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3308FE95-94CC-460F-93C5-BD4CF7983C61} - System32\Tasks\{CC3ABC53-8241-4ACF-8424-F7EEAB6F6001} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {330D5DF4-4D5A-43C1-96AB-2F63A89804FD} - System32\Tasks\{47BA2574-40DB-47C7-9390-C4865951C94E} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {3A019C7B-1D2F-4D37-922A-E854ED166CAF} - System32\Tasks\{82D6293F-1640-4194-8C75-948408361618} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {3A31F67C-F966-4E0E-B37D-DD2C924C8830} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {3A4FD85A-4C54-4DC7-BA62-6FA1E956A4BF} - System32\Tasks\{F83AA5DA-4071-4A14-BAEA-5A0B0E2A94EF} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {3B2A6BAF-C6AB-493B-827A-130DD3E857F0} - System32\Tasks\{59B187B0-A313-4922-A8BB-05AA6972C2E8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Valve\Steam\SteamApps\SourceMods\pdark\unins000.exe" -d "C:\Program Files (x86)\Valve\Steam\SteamApps\SourceMods\pdark"
Task: {3DEC580D-92F2-41B7-BCB2-B6F30E6CF4FF} - System32\Tasks\{4C9D33CA-71EF-4D38-8CBC-CEFABB0B9FC8} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {3DFE0AFA-E695-497E-9D30-037FE52C200A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2277837192-3314559870-1521232080-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {3F1EF6CD-0510-4F6A-966A-8D86353E9997} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2277837192-3314559870-1521232080-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {413B439D-1658-44CE-9FDA-A3DCA75C0060} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {4182D12C-FBD6-4489-95BC-A8FC0C803938} - System32\Tasks\{620860AD-62AF-4E34-B9D5-EA5046D1995E} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {41DF51FA-425D-40C8-A521-ED66B3B9A172} - System32\Tasks\{F42D1598-13DF-4399-BDC7-4C56CB017EF7} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {42E1C7E5-71C3-4C5D-8495-2F2FAEF30836} - System32\Tasks\{EE513533-1D02-4FB4-BD65-540BBA2D4ADD} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {43626C9C-E3F4-466D-92A8-C3E061F66DC7} - System32\Tasks\{8DAD5D47-DA73-4E98-82BA-51D3C7DEB3CA} => D:\setup.exe
Task: {481DEA6B-4759-4EF7-B4DC-118C81791F04} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {4BEAFAA7-650C-4C5B-BAFC-A35D2A0C7568} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-24] ()
Task: {4CF1962D-C074-463D-B534-32971A926DD7} - System32\Tasks\{7714C24D-B797-4A59-A2B9-A5FAEB5F0882} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {4F70E8DF-164C-4B07-913E-3A6FFCA0A590} - System32\Tasks\{D5023656-A99B-456C-9971-C9986075D168} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {50C411DA-C785-419F-8597-86E8192B772D} - System32\Tasks\{11333B70-3E89-4615-8815-41D3451761CB} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {52E10043-91E4-45AD-B259-9C7F7FA4BE9A} - System32\Tasks\{1DFAA5D8-9CE3-4CF4-9747-FF259E088E35} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {5311479D-0168-4982-8339-626FBF4B84B9} - System32\Tasks\{8434E660-2F0B-4E20-84AD-A82D59DFE737} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {562E9509-2A48-48AF-A397-A828181F9618} - System32\Tasks\{E2281316-28A4-4B2C-84FA-EC64D1632EA1} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {5CAFAA25-AC55-47ED-9728-EFD62C8DD3DF} - System32\Tasks\{BFC227D5-834C-48B6-872D-01EE63FC08DF} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {613177D0-2338-4CA5-83DF-29B8F9E7FFEA} - System32\Tasks\{2F8DEB07-9B1D-485C-9973-8F69603486F5} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {6196F893-7DCD-455E-A106-E3448D7093C3} - System32\Tasks\{53FB081A-7673-4283-A713-6B587196E047} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {62499DD8-0EF3-4F05-A9C9-E566FFCB8ADF} - System32\Tasks\{0D8B699F-3953-43E8-86FB-C8A5AB0C7D15} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {63750839-5A9B-4E76-98C6-D168B9E39813} - System32\Tasks\{E1A053E2-4C47-4C28-93D2-D2342E48A31B} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {6701139C-46E4-498C-ADE9-B31EC99D829B} - System32\Tasks\{F4126158-1EA0-41B1-BE1A-7719A2937C16} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {6C647CDE-E5D4-4D4A-A12E-FFB9B87FFBC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {6DA60326-E237-4A60-B64D-7A389FB4380B} - System32\Tasks\{AD9E1BB2-7C5E-402D-A98E-D4BA44BFEE6C} => D:\setup.exe
Task: {6DB2E49E-1033-41A6-9557-829F47CE5F24} - System32\Tasks\{B6145788-8F6E-4ED9-ABA6-62427ABBB60F} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {6F75C34C-2453-4192-9948-C397822455A0} - System32\Tasks\{B5E59595-60CC-46CC-BC70-551235A57A12} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {70EE586D-5CA9-4FDE-8E67-F76A6415E5DD} - System32\Tasks\{554A442C-5FD1-451E-8AD7-D53A8FC44863} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {74A75E29-5773-45D9-BA0D-313A3B54D91F} - System32\Tasks\{F3B33896-8163-4B2D-96F1-DBBD55AE13A3} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {77687055-CBB0-47C2-A0F0-E62A7CDB78FD} - System32\Tasks\{C0291AC0-3D00-4CC6-AEF3-88E190802EAD} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\MAGICD~1\UNWISE.EXE -c C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Task: {77EBAD7F-74B3-4B3E-B822-4A2E6CEA85A9} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2277837192-3314559870-1521232080-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {78064611-4109-4B5B-BF16-1C0EE9C83E8C} - System32\Tasks\{2ECD5560-985E-451B-83C9-6B20470C8E57} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {7924B3CF-D6C1-4170-BE0F-8FAECE260D57} - System32\Tasks\{DA9BB953-7B47-4F49-8E09-E70EB1F4524B} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {7988172C-9C30-4566-8FB4-D270659D2D08} - System32\Tasks\{3A1EDE84-04A2-4083-9FF1-B1BF1CC92FD1} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {7CC4879B-6F99-442C-A5A1-5931BA9C7E9C} - System32\Tasks\{7B402D0F-FD99-40E9-82E1-34E811830927} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {7CF86A82-8056-438F-91D0-7534C7E174AE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {7ECA74D5-4142-44A4-A9E1-DE7B16DD03F8} - System32\Tasks\{DB01C7BA-4AB5-4140-B70E-8FB1AC02D2B2} => D:\plus98\setup.exe
Task: {83F7E155-36F3-4808-B47E-BAC4A6CA591F} - System32\Tasks\{E8C04CC7-90AD-4922-9876-83BAF8C6B98A} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {86FA700E-4C42-4CB7-9A8B-253C56AADB10} - System32\Tasks\{87639674-22D4-410B-B6C8-C25BEF94FB79} => C:\Windows\system32\pcalua.exe -a D:\plus98\setup.exe -d D:\plus98
Task: {88329208-7D49-46DB-B977-0481525B76E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {89A38270-DABC-4E44-83B4-3506E2D5EDB3} - System32\Tasks\{4A8F6E5C-2576-44E9-9912-0D37B0EC4C4B} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {8A4BA523-5A0B-4401-B693-BB85C6A64976} - System32\Tasks\{86704377-B8E4-4349-8489-DE4BF62660A7} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {8B948751-7741-46D5-B61A-821E5FFC67C7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8C3DEB43-F933-4772-9238-C37D2B0324FE} - System32\Tasks\{73FA95BE-6DED-4BC4-B973-36657CA47890} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {9060AA20-E171-4D2E-8CF3-21951E2FD1A3} - System32\Tasks\{76D52D18-2CCE-46FE-8E64-B2905439CEC6} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {906BDB5C-D3B9-43AE-8B48-B302862B2BF6} - System32\Tasks\{298C4057-D5EE-4D1F-A353-B715B27EA482} => C:\DOSBox\DOSBox.exe [2010-05-12] (DOSBox Team)
Task: {91B0B127-3BDB-4CE4-8C5A-06B293FCC486} - System32\Tasks\{BDA71AF6-B683-4AB6-A2E9-B3D97CCBF834} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {92F76DB4-80C0-4A29-B683-46E065B426F4} - System32\Tasks\{57ACB3F0-954D-4A2E-9606-A4CE734602A4} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {9406EA8E-39CB-4BB4-9B42-CAD9AF7C2714} - System32\Tasks\{294AB378-C5FD-429E-A9FF-7DD8D0AA91C2} => D:\setup.exe
Task: {94E95233-18B7-496E-8893-045CBFD5262B} - System32\Tasks\{E182CDFF-4964-4DC8-BD14-05B176FE3868} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {9593A06E-FD82-4711-8FE2-92FA5BC331CC} - System32\Tasks\{C084B372-F407-4694-9773-EFD6B3B3F6AC} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {983DDF7D-4025-468C-8024-43300ED7A9FC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2277837192-3314559870-1521232080-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {9A27DA51-F43D-4A6C-A656-EDD62295E66B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {9AFA8A42-2AC5-4063-8CC6-CA9203BDB2E8} - System32\Tasks\{EEC2EF4F-973A-46EC-A966-0A3B4482A488} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {9BEAA9F8-2AC5-4A8C-AA85-5BDF3E53953F} - System32\Tasks\{C8DCE670-0B24-4978-8D92-CA9EE30067E7} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {9D6BB918-77E7-493B-87E4-37E9BBF11272} - System32\Tasks\{10604811-C952-4D03-8357-41E0E97068A6} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {9E013F2E-80A6-4FE1-BFB9-4D636EA5CE21} - System32\Tasks\{D0C158AD-F633-4F05-BE4E-0B2FD3588077} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A09D9F4A-CDA4-4007-B3FA-14F72A11A41E} - System32\Tasks\{7347A2CD-3244-4703-B0F1-C521CAA9A419} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {A2FA1E4C-232D-421F-8691-0E5E30F4C637} - System32\Tasks\{49259A8D-A90E-4389-BA15-ED13BFAA833F} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A44F7A17-D77D-48DD-8401-57308D97288D} - System32\Tasks\{5481DAA6-4893-49F8-A6CD-D8FB244BC1D8} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A4D4F176-7160-4F77-846F-0E826B891837} - System32\Tasks\{87F717FC-2A27-4872-A1CD-9F83D4FCFABF} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A83FADC1-D817-41CF-AACD-0A87D806FE42} - System32\Tasks\{6878B70A-795E-4631-81F5-2910D293F0F9} => C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhoebeLE.exe
Task: {A8AD8297-010E-4DB6-B35B-A89CF1529F22} - System32\Tasks\{90526D78-5033-4FE8-8544-7229BF3D764F} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A8F60E9E-D628-4947-B932-FAF9E0313959} - System32\Tasks\{9762F19D-446E-4CB6-8E1B-21FEC0558B26} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {A9AA2C3D-6103-4433-A9D6-B6EE1C1196C0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B14D46B4-FAAC-4F72-A2EC-4693CFF7DED4} - System32\Tasks\{AEE6A6C1-EC37-4B12-8D91-074EC8043D45} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {B2D3B2D8-3E31-40F5-B0FE-D6AA343A03DC} - System32\Tasks\{BEB12C1E-530E-4BAF-8D5E-FAA93E585E0D} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {B40FC59D-48FD-4FA5-936B-95B10FC23B3E} - System32\Tasks\{FC481840-62E6-4E3C-9E6B-62FA11911B36} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {B5B48C68-08F4-4180-85B8-E7F4C52E5F9C} - System32\Tasks\{99A66D17-4E3C-43F8-99FB-313CCC71CB32} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {B611BD3D-D835-4702-9EC8-DF788B1CEE2E} - System32\Tasks\{1E804F43-2A63-44FD-A629-419F82EF31AE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {B6BACE00-3ADA-457B-A13D-2B6EDB93E5CA} - System32\Tasks\{A0CB14EF-D21A-4310-BF28-006D82B661E9} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {B6FB31DB-33D4-4437-993F-6C73E5566A12} - System32\Tasks\{7EC73277-E567-4D95-A72A-9A76BAF69B6C} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {B747116E-BA84-4BF8-ACF5-2201475833B3} - System32\Tasks\{3E198803-08E0-4B4F-90DC-EF7F7AF61ECE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {B77C71DD-829C-4830-BBDA-20FC59E76D61} - System32\Tasks\{FB84AF87-79F5-42F9-B952-D43488761BEB} => C:\Users\Stuart\Downloads\Games\plunder\plunder\instfiles\SETUP.EXE
Task: {BA896949-FF56-4D38-AAF1-59CE4EA4A863} - System32\Tasks\{F93D7CD5-7688-4D6E-87E4-2E1A5011E5F3} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {BBAD1AFA-07DC-4B3A-AFBF-3F95CD3F1DDA} - System32\Tasks\{83784BDB-CF65-4B6D-837E-D196ABD541C1} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {BD58441F-1EE1-45B4-B148-962FF2C8A3B3} - System32\Tasks\{58BA8BAD-41A0-491C-8758-C22335724092} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
Task: {C020B7DE-D92C-417A-A35D-60F57CF79A81} - System32\Tasks\{824066BE-DF56-4F5E-836A-4BEF3A023FD4} => C:\Windows\system32\pcalua.exe -a "E:\Games\Half Life 2\IGG-HalLife2\IGG-HalLife2\Install Half-Life 2.exe" -d "E:\Games\Half Life 2\IGG-HalLife2\IGG-HalLife2"
Task: {C1EC2C18-FC10-4A11-B87A-DB3DCE1F794A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {C221DC87-38EF-419B-BC40-5EE250C2C662} - System32\Tasks\{1615FBFB-8C8C-4560-A0C0-7A402616CF3F} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {C27F8F4A-79D0-44C5-92FE-F4BACCFB51DA} - System32\Tasks\{38D74D79-40D5-4117-BBCA-123D552F5037} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {C2DA2DC0-C21E-4BEE-A46E-3A43F2AEAB33} - System32\Tasks\{EE275381-E684-4B7A-8D3B-4B29989ADD17} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {C3640946-E278-4B34-BFA0-698311C82A38} - System32\Tasks\{D87B2CAE-B4FA-4EBC-98F3-7F3165FB0931} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {C51F69BD-D459-4D63-A8D4-65D741E413D9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {C799221E-512E-4592-80DE-26210F25209C} - System32\Tasks\{0EADAD98-2C2D-4FF7-B886-345B2F1A6A42} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {CB4E3A1F-DE55-4C89-A626-FBA99579D678} - System32\Tasks\{D7F7156C-64D4-435A-9EEC-2B316AA02D2C} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {CD4F82B8-09E9-4BEF-902E-320D3150FB54} - System32\Tasks\{C21A8559-659F-462B-9539-D33C7B5CA721} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {CD7F03AA-F3B2-4937-8EB6-650583508B52} - System32\Tasks\{A1B2F8AB-3218-4EE0-ABEA-28C828F5E268} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CEF90D05-9893-47C0-A49D-5CEC679D3D28} - System32\Tasks\{EE7AE490-82E5-4643-BA19-0FB6679BC807} => C:\Program Files (x86)\FP-FS\Bin\FPFS.exe
Task: {CFB67808-4BBD-4955-BD9F-DCC2D6B819F4} - System32\Tasks\{CE36E44A-E3C3-4510-BF26-3BAFCAECF91F} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {D22C6886-D164-4FA9-9AE7-43C0F037B20C} - System32\Tasks\{59974506-B305-4B79-AB0A-8C1EDAF446E9} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {D3CD1307-23A3-482A-95F3-16160BCA9C62} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {D46C4244-8B50-4E07-84A3-BA056FDE7A42} - System32\Tasks\{718B760F-0045-4D11-A1BB-7002C53FD9B9} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {D8835266-387F-4F01-9B94-06B24BDDF111} - System32\Tasks\{F7EF86FB-401B-4E6E-9419-A880C20EF11B} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {D8A85356-7281-4403-B37C-C9E7E26A31AF} - System32\Tasks\{1A301A52-C968-44E0-839E-F07E20ADBCC1} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {DAA94DBC-BBC0-4D41-9629-0A398C13014C} - System32\Tasks\{38F5B2B8-3F32-4B68-8F56-401A3D104B3D} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {DABE5EED-6A76-4475-B25A-8819D9AAB47F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-15] (Adobe Systems Incorporated)
Task: {DC545D5F-F8D7-40C3-BB0D-7FBC898EAD12} - System32\Tasks\{661367AC-F473-4109-936D-01C579D8F8D4} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {E0BEE408-E037-499D-A2F2-DA449C9F1225} - System32\Tasks\{CDC9481F-AFE4-4120-98A8-A1350C8A6D1E} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {E2C6C332-5269-428E-94B7-5D2AB8AD6789} - System32\Tasks\{81CDB7A9-120A-4829-8B09-11CDF6DEA5EA} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {E5066EC1-B58D-4DFC-BF1B-1A0107D76570} - System32\Tasks\{E1908999-1147-4E12-BE43-33264325C910} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {E5DE5E0A-D294-4B29-9DDF-1CFC714D5302} - System32\Tasks\{95FC4DB8-E46F-41CC-BE01-2E6E779828FE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {E6B6CD7E-ED63-47B5-AF5E-29C077AE2BBF} - System32\Tasks\{840FFEA0-FC10-40F6-9009-58B99BCB66F3} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {E6FF8A68-D680-4B36-AEA4-7673DEA92690} - System32\Tasks\{D14D5772-0B1A-4F4E-BAD3-625E3552CDA0} => C:\Windows\system32\pcalua.exe -a C:\UnrealGold\System\Setup.exe -c uninstall "Unreal Gold"
Task: {E9009585-20E4-4331-B499-6CA9A4D6969B} - System32\Tasks\{D7408F4B-CB6D-4A4B-BE2B-A8DDE7C8556C} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {EF2D39B9-CAF0-4E88-8FD6-AB5D64C75382} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {F0D8CE23-D821-4AC4-B874-482038911893} - System32\Tasks\{6EAD9CDF-6C06-4ED6-947A-837F8AE0D76B} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
Task: {F635E4F6-B484-40AC-B9B3-A1561A0E8C46} - System32\Tasks\{90F8AD4C-CAD9-4A9D-910B-6F28F112C8B4} => C:\Users\Stuart\Downloads\Games\plunder\plunder\instfiles\SETUP.EXE
Task: {F674F56D-5E18-42B2-A277-8CB84C484BFE} - System32\Tasks\{3AB95CCB-D68B-4949-885A-1691404756D2} => C:\Users\Stuart\Downloads\crystal-caves-3\cc3.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FE205898-0FAE-4C31-9DD5-9D64AA3E876F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {FEA2C93A-8B06-4330-8C7E-529D7F85FAFF} - System32\Tasks\{50813A3B-56D2-437F-A259-89C73DC1DC11} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Task: {FF6AFC35-EDD0-4D58-8331-17E6536B9797} - System32\Tasks\{AEE8FA67-524A-4ADA-93E2-7A06FE1F9817} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2015-01-24 10:35 - 2012-12-06 14:52 - 000136704 _____ () C:\Windows\System32\zlhp2600.dll
2013-12-04 18:47 - 2012-10-29 15:48 - 000927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2017-01-14 19:35 - 2018-03-14 14:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-11-04 16:20 - 2015-11-04 16:20 - 000033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2017-09-23 22:49 - 2017-11-01 09:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-02-24 17:21 - 2016-02-24 17:21 - 000720112 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2018-08-31 08:16 - 2018-10-10 05:17 - 001056032 _____ () E:\Games\Wolf\bin\cef\cef.win7x64\SDL2.dll
2018-08-31 08:16 - 2018-09-23 01:00 - 102804768 _____ () E:\Games\Wolf\bin\cef\cef.win7x64\libcef.dll
2018-08-31 08:16 - 2018-09-23 01:00 - 004866336 _____ () E:\Games\Wolf\bin\cef\cef.win7x64\libglesv2.dll
2018-08-31 08:16 - 2018-09-23 01:00 - 000116000 _____ () E:\Games\Wolf\bin\cef\cef.win7x64\libegl.dll
2013-12-04 18:47 - 2018-10-15 17:18 - 000026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-12-04 18:47 - 2012-05-08 00:04 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-11-04 16:20 - 2015-11-04 16:20 - 000037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 16:19 - 2015-11-04 16:19 - 000039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 16:20 - 2015-11-04 16:20 - 000037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-12-23 11:28 - 2018-10-10 05:17 - 000878880 _____ () E:\Games\Wolf\SDL2.dll
2016-08-31 18:02 - 2016-09-01 02:02 - 004969248 _____ () E:\Games\Wolf\v8.dll
2016-08-31 18:02 - 2016-09-01 02:02 - 001563936 _____ () E:\Games\Wolf\icui18n.dll
2016-08-31 18:02 - 2016-09-01 02:02 - 001195296 _____ () E:\Games\Wolf\icuuc.dll
2017-01-18 18:30 - 2018-10-13 02:59 - 002647840 _____ () E:\Games\Wolf\video.dll
2017-12-16 10:35 - 2017-12-20 02:43 - 005137696 _____ () E:\Games\Wolf\libavcodec-57.dll
2017-12-16 10:35 - 2017-12-20 02:43 - 000847136 _____ () E:\Games\Wolf\libavutil-55.dll
2017-12-16 10:35 - 2017-12-20 02:43 - 000695584 _____ () E:\Games\Wolf\libavformat-57.dll
2017-12-16 10:35 - 2017-12-20 02:43 - 000351520 _____ () E:\Games\Wolf\libavresample-3.dll
2017-12-16 10:35 - 2017-12-20 02:43 - 000783648 _____ () E:\Games\Wolf\libswscale-4.dll
2017-03-07 20:05 - 2018-10-13 02:59 - 001023776 _____ () E:\Games\Wolf\bin\chromehtml.DLL
2016-07-04 15:17 - 2016-07-04 23:17 - 000266560 _____ () E:\Games\Wolf\openvr_api.dll
2015-12-05 23:33 - 2015-12-05 23:33 - 000089360 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2015-12-05 23:33 - 2015-12-05 23:33 - 000022312 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-12-05 23:33 - 2015-12-05 23:33 - 001520936 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-12-05 23:33 - 2015-12-05 23:33 - 004274984 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-12-05 23:33 - 2015-12-05 23:33 - 000322856 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll
2015-11-04 14:20 - 2015-11-04 14:20 - 001382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-12-05 23:32 - 2015-12-05 23:32 - 000653608 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2277837192-3314559870-1521232080-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0D3ABEB4-716D-4AD6-A70C-666EBD78DC9B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{69AF123F-2FC3-4B21-9C56-70B9E7E08CB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{983BE3F3-C17F-43E8-881E-FA9AD298153B}C:\downloadedprogs\dosgames\the.duke.nukem.3d.high.resolution.version-nogrp_guzzs_usinavirtual.com.rar\eduke32.exe] => (Block) C:\downloadedprogs\dosgames\the.duke.nukem.3d.high.resolution.version-nogrp_guzzs_usinavirtual.com.rar\eduke32.exe
FirewallRules: [UDP Query User{2D58684F-A6A9-44BA-AFB7-683EA97FE0DA}C:\downloadedprogs\dosgames\the.duke.nukem.3d.high.resolution.version-nogrp_guzzs_usinavirtual.com.rar\eduke32.exe] => (Block) C:\downloadedprogs\dosgames\the.duke.nukem.3d.high.resolution.version-nogrp_guzzs_usinavirtual.com.rar\eduke32.exe
FirewallRules: [TCP Query User{E1406AB4-5918-4A14-BF0B-BAA502426411}C:\downloadedprogs\dosgames\halflife\hl.exe] => (Block) C:\downloadedprogs\dosgames\halflife\hl.exe
FirewallRules: [UDP Query User{3FADCEAA-3E72-47CD-8BBD-44D4345B6ACC}C:\downloadedprogs\dosgames\halflife\hl.exe] => (Block) C:\downloadedprogs\dosgames\halflife\hl.exe
FirewallRules: [{D3E2C514-AC63-4AEC-A202-46125243660F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFA778E6-E5BE-4271-80E6-7DFBEDA14BBB}] => (Allow) LPort=2869
FirewallRules: [{D9F2C0B3-A42A-41B2-98F8-94AA6FB44B45}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{B9061CDC-7CFC-4C7B-BA1F-61421C1BE044}C:\program files (x86)\infogrames\x-com enforcer\system\xcom.exe] => (Allow) C:\program files (x86)\infogrames\x-com enforcer\system\xcom.exe
FirewallRules: [UDP Query User{6DF5579C-9DD9-4F37-B001-72C8318D0B80}C:\program files (x86)\infogrames\x-com enforcer\system\xcom.exe] => (Allow) C:\program files (x86)\infogrames\x-com enforcer\system\xcom.exe
FirewallRules: [{DF5925CB-68ED-4AFB-93A7-8C9487CDA6CA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{C761F716-DE4D-46F2-9DB4-9B99EE916401}C:\windows\temp\navbrowser.exe] => (Allow) C:\windows\temp\navbrowser.exe
FirewallRules: [UDP Query User{7EBED4AC-54C3-4627-8B8C-BAF86748AB12}C:\windows\temp\navbrowser.exe] => (Allow) C:\windows\temp\navbrowser.exe
FirewallRules: [TCP Query User{89224CA2-181E-4F2C-88A2-2F3D27680B23}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Block) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{FE62AD95-6707-472E-9503-54C6A002E3D8}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Block) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [TCP Query User{08EDE34C-17B5-4498-B13B-C7A3FA06427A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D0275C24-0F3B-49A2-B473-8B6346251741}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{F915AEDF-94A3-4C3D-9366-426B46159A46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7D599F66-C907-4FE9-AB57-9B37236A3CBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6DF76907-3AC4-4A4C-9807-5578539300CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1EAAE175-98C0-442C-8703-6AE9CBA2BBEA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{19A80708-1C42-446C-9624-49D15EF7863B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BE7E3DE7-938F-47E8-B4EE-327F37B813B7}] => (Allow) E:\Games\Wolf\Steam.exe
FirewallRules: [{11A4EF6C-4A88-4119-BD05-A6BBB1192CE4}] => (Allow) E:\Games\Wolf\Steam.exe
FirewallRules: [{B86BC696-5A1C-41B3-A07B-B6848C50014D}] => (Allow) E:\Games\Wolf\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{38566FB1-5F99-4375-9573-EC1749CA6F57}] => (Allow) E:\Games\Wolf\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{B6214A7F-4252-4500-8E1C-5FAEE3F4C374}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{81AD8DD8-5BCE-4FAA-BA84-6DCBCD900B16}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{451CB4B6-C967-4DA6-A502-45199EFB5352}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{1584276C-6596-472A-99F6-3602FF10A302}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{03C2D299-2ED7-432C-9F0C-3B7D2F6CBA28}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{9F253518-FFBF-4400-9811-426895BD65D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{19042949-F07B-4F63-BBDC-04069A01BCE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E36207AE-F528-46B8-A798-1D53FF6630CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3D788C85-9E02-455D-B56D-77592AA5303D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F3769EF9-5B62-405F-ACB7-A5F3ECD2443B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C65ACB4A-EA44-440A-BFF7-949AE58A5A3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25651811-29AC-486D-9B49-4204C8E72D0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{6AFDD276-C48E-44F7-AE00-7BFF1C1966EF}E:\games\doom\doom\doom\doom\doom\doomx64.exe] => (Block) E:\games\doom\doom\doom\doom\doom\doomx64.exe
FirewallRules: [UDP Query User{206B9CC8-2045-4476-A7F5-34A989E76797}E:\games\doom\doom\doom\doom\doom\doomx64.exe] => (Block) E:\games\doom\doom\doom\doom\doom\doomx64.exe
FirewallRules: [TCP Query User{70337D1C-A684-494F-9432-B105F903B490}C:\program files\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\program files\rise of the triad\binaries\win64\rott.exe
FirewallRules: [UDP Query User{70E767C3-2931-4FF1-B90D-5A5E239F0A25}C:\program files\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\program files\rise of the triad\binaries\win64\rott.exe
FirewallRules: [TCP Query User{16107450-58B5-456D-B8AD-579C740ED411}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe
FirewallRules: [UDP Query User{C16A2827-58B7-44E4-8099-5C0D99BA2E0F}C:\program files (x86)\enemy front proper\bin32\enemyfront.exe] => (Allow) C:\program files (x86)\enemy front proper\bin32\enemyfront.exe
FirewallRules: [{65EBB961-CCE3-4949-A154-FE52529CB85D}] => (Allow) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{65A1EB6B-36EA-4705-AFDA-09B2F061D4EE}] => (Allow) E:\Games\Wolf\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{A3234356-528A-4209-A54B-D6789C3EE46D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-09-2018 18:17:03 Scheduled Checkpoint
01-10-2018 18:44:50 Installed Rapport
09-10-2018 11:16:33 Scheduled Checkpoint
12-10-2018 19:51:46 Windows Update
13-10-2018 11:33:33 Windows Update
==================== Faulty Device Manager Devices =============
Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2018 05:16:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).
Error: (10/15/2018 05:10:18 PM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/15/2018 05:10:18 PM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/14/2018 10:01:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005).
Error: (10/14/2018 09:56:46 AM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/14/2018 09:56:46 AM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/13/2018 02:39:41 PM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/13/2018 02:39:41 PM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (10/15/2018 05:18:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
Error: (10/15/2018 05:18:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealTimes Desktop Service service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 17%
Total physical RAM: 16322.39 MB
Available physical RAM: 13542.77 MB
Total Virtual: 20416.54 MB
Available Virtual: 17479.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:20.68 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:481.03 GB) NTFS
\\?\Volume{656c20c4-5ce8-11e3-9c64-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2F3AE3AF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 16071CD5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
blenkinsop is offline  
Old 10-16-2018, 03:12 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, blenkinsop.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {8B948751-7741-46D5-B61A-821E5FFC67C7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {A9AA2C3D-6103-4433-A9D6-B6EE1C1196C0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
    S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-16-2018, 12:52 PM   #7
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



Be away now until 19th. no access to this computer until then. Thanks for help so far. Fixlist below


Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Stuart (16-10-2018 20:41:56) Run:1
Running from C:\Users\Stuart\Desktop\tech
Loaded Profiles: Stuart (Available Profiles: Stuart & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {8B948751-7741-46D5-B61A-821E5FFC67C7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {A9AA2C3D-6103-4433-A9D6-B6EE1C1196C0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X]
EmptyTemp:
end
*****************
Restore point was successfully created.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B948751-7741-46D5-B61A-821E5FFC67C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B948751-7741-46D5-B61A-821E5FFC67C7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9AA2C3D-6103-4433-A9D6-B6EE1C1196C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AA2C3D-6103-4433-A9D6-B6EE1C1196C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins @microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz136 => removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\npf => removed successfully
npf => service removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22345867 B
Java, Flash, Steam htmlcache => 145548201 B
Windows/system/drivers => 67652 B
Edge => 0 B
Chrome => 10254287 B
Firefox => 19621669 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 68996 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Stuart => 21703011 B
Administrator => 2467561 B
RecycleBin => 0 B
EmptyTemp: => 223.8 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 20:42:32 ====
blenkinsop is offline  
Old 10-16-2018, 12:53 PM   #8
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



Of course I meant fixlog
blenkinsop is offline  
Old 10-17-2018, 02:00 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, blenkinsop. You're very welcome. How is the machine behaving? Any improvement so far?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
    • If you are prompted to download the latest version of MBAM, please do so.
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • NOTE: If you select the Premium features, MBAM will be running as a full-fledged, real-time antivirus application.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to quarantine what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-20-2018, 03:56 AM   #10
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



the popup appeared again following my last reply from a link when on a film site.








2 logfiles:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 10/20/18
Scan Time: 9:55 AM
Log File: dabb67db-d445-11e8-8cd3-bcee7b86d392.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.7441
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stuart-PC\Stuart
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284755
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 8 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)


C:\DownloadedProgs\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\ccsetup515.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
blenkinsop is offline  
Old 10-20-2018, 11:07 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, blenkinsop. Unfortunately nothng is showing in your logs. Can you post a screenshot or pic of the popup?

Does the popup only occur when on a particular site like the film site, or does it occur randomly on any site?

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-23-2018, 12:20 PM   #12
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



Hi again


2 screenshots & combofix


ComboFix 18-08-08.01 - Stuart 23/10/2018 19:26:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16322.13532 [GMT 1:00]
Running from: c:\users\Stuart\Desktop\ComboFix.exe
AV: ESET Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stuart\AppData\Local\assembly\tmp
c:\users\Stuart\AppData\Local\Microsoft\bass.dll
c:\users\Stuart\AppData\Local\Microsoft\bass_fx.dll
c:\users\Stuart\AppData\Local\Microsoft\bass_vst.dll
c:\users\Stuart\AppData\Local\Microsoft\basscd.dll
c:\users\Stuart\AppData\Local\Microsoft\bassenc.dll
c:\users\Stuart\AppData\Local\Microsoft\bassflac.dll
c:\users\Stuart\AppData\Local\Microsoft\bassmidi.dll
c:\users\Stuart\AppData\Local\Microsoft\bassmix.dll
c:\users\Stuart\AppData\Local\Microsoft\basswasapi.dll
c:\users\Stuart\AppData\Local\Microsoft\basswma.dll
c:\users\Stuart\AppData\Local\Microsoft\engine_vx.dll
c:\users\Stuart\GoToAssistDownloadHelper.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET5A8A.tmp
c:\windows\SysWow64\SET6805.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2018-09-23 to 2018-10-23 )))))))))))))))))))))))))))))))
.
.
2018-10-23 18:34 . 2018-10-23 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-10-23 18:34 . 2018-10-23 18:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2018-10-21 17:41 . 2018-10-21 18:37 -------- d-----w- c:\users\Stuart\AppData\Local\SKIDROW
2018-10-15 16:21 . 2018-10-16 19:43 -------- d-----w- C:\FRST
2018-10-15 16:15 . 2018-10-15 16:18 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-10-12 18:52 . 2013-10-08 00:36 136745976 -c--a-w- c:\windows\system32\MRT.exe
2018-09-29 07:22 . 2018-01-05 22:20 253880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-09-15 20:06 . 2018-04-12 15:26 109864 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-09-15 20:06 . 2015-07-13 06:14 188824 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-09-15 20:06 . 2015-07-13 06:14 141512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-09-15 07:28 . 2013-12-07 22:15 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-15 07:28 . 2013-12-07 22:15 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-06 05:22 . 2017-12-23 09:08 339920 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2018-09-06 05:22 . 2017-02-19 22:27 604752 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2018-08-31 15:08 . 2018-09-14 19:53 340480 ----a-w- c:\windows\SysWow64\msexcl40.dll
2018-08-31 15:08 . 2018-09-14 19:53 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll
2018-08-30 01:47 . 2018-09-14 19:53 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2018-08-30 01:10 . 2018-09-14 19:53 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2018-08-28 05:50 . 2018-09-14 19:53 243200 ----a-w- c:\windows\system32\drivers\ks.sys
2018-08-24 19:47 . 2018-09-14 19:53 398424 ----a-w- c:\windows\system32\iedkcs32.dll
2018-08-23 23:05 . 2018-09-14 19:53 25736704 ----a-w- c:\windows\system32\mshtml.dll
2018-08-23 22:56 . 2018-09-14 19:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2018-08-23 22:56 . 2018-09-14 19:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2018-08-23 22:45 . 2018-09-14 19:53 2902016 ----a-w- c:\windows\system32\iertutil.dll
2018-08-23 22:44 . 2018-09-14 19:53 66560 ----a-w- c:\windows\system32\iesetup.dll
2018-08-23 22:43 . 2018-09-14 19:53 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2018-08-23 22:43 . 2018-09-14 19:53 576512 ----a-w- c:\windows\system32\vbscript.dll
2018-08-23 22:43 . 2018-09-14 19:53 417280 ----a-w- c:\windows\system32\html.iec
2018-08-23 22:43 . 2018-09-14 19:53 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2018-08-23 22:37 . 2018-09-14 19:53 54784 ----a-w- c:\windows\system32\jsproxy.dll
2018-08-23 22:36 . 2018-09-14 19:53 34304 ----a-w- c:\windows\system32\iernonce.dll
2018-08-23 22:34 . 2018-09-14 19:53 5779456 ----a-w- c:\windows\system32\jscript9.dll
2018-08-23 22:34 . 2018-09-14 19:53 615936 ----a-w- c:\windows\system32\ieui.dll
2018-08-23 22:33 . 2018-09-14 19:53 116224 ----a-w- c:\windows\system32\ieetwcollector.exe
2018-08-23 22:33 . 2018-09-14 19:53 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2018-08-23 22:33 . 2018-09-14 19:53 794624 ----a-w- c:\windows\system32\jscript.dll
2018-08-23 22:33 . 2018-09-14 19:53 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2018-08-23 22:27 . 2018-09-14 19:53 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2018-08-23 22:24 . 2018-09-14 19:53 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2018-08-23 22:19 . 2018-09-14 19:53 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2018-08-23 22:18 . 2018-09-14 19:53 87552 ----a-w- c:\windows\system32\tdc.ocx
2018-08-23 22:17 . 2018-09-14 19:53 107520 ----a-w- c:\windows\system32\inseng.dll
2018-08-23 22:15 . 2018-09-14 19:53 199680 ----a-w- c:\windows\system32\msrating.dll
2018-08-23 22:15 . 2018-09-14 19:53 92160 ----a-w- c:\windows\system32\mshtmled.dll
2018-08-23 22:13 . 2018-09-14 19:53 315392 ----a-w- c:\windows\system32\dxtrans.dll
2018-08-23 22:12 . 2018-09-14 19:53 152064 ----a-w- c:\windows\system32\occache.dll
2018-08-23 22:03 . 2018-09-14 19:53 262144 ----a-w- c:\windows\system32\webcheck.dll
2018-08-23 22:01 . 2018-09-14 19:53 728064 ----a-w- c:\windows\system32\ie4uinit.exe
2018-08-23 22:01 . 2018-09-14 19:53 809472 ----a-w- c:\windows\system32\msfeeds.dll
2018-08-23 22:00 . 2018-09-14 19:53 15283712 ----a-w- c:\windows\system32\ieframe.dll
2018-08-23 21:59 . 2018-09-14 19:53 2136064 ----a-w- c:\windows\system32\inetcpl.cpl
2018-08-23 21:59 . 2018-09-14 19:53 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2018-08-23 21:52 . 2018-09-14 19:53 4510720 ----a-w- c:\windows\system32\wininet.dll
2018-08-23 21:40 . 2018-09-14 19:53 1555456 ----a-w- c:\windows\system32\urlmon.dll
2018-08-23 21:28 . 2018-09-14 19:53 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2018-08-23 21:25 . 2018-09-14 19:53 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2018-08-23 21:15 . 2018-09-14 19:53 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2018-08-23 21:14 . 2018-09-14 19:53 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2018-08-23 21:14 . 2018-09-14 19:53 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2018-08-23 21:14 . 2018-09-14 19:53 341504 ----a-w- c:\windows\SysWow64\html.iec
2018-08-23 21:13 . 2018-09-14 19:53 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2018-08-23 21:06 . 2018-09-14 19:53 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2018-08-23 21:06 . 2018-09-14 19:53 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2018-08-23 20:56 . 2018-09-14 19:53 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2018-08-23 20:56 . 2018-09-14 19:53 73216 ----a-w- c:\windows\SysWow64\tdc.ocx
2018-08-23 20:51 . 2018-09-14 19:53 4494848 ----a-w- c:\windows\SysWow64\jscript9.dll
2018-08-23 20:44 . 2018-09-14 19:53 2059776 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2018-08-23 20:44 . 2018-09-14 19:53 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2018-08-23 20:30 . 2018-09-14 19:53 4037632 ----a-w- c:\windows\SysWow64\wininet.dll
2018-08-13 15:54 . 2018-09-14 19:53 14183936 ----a-w- c:\windows\system32\shell32.dll
2018-08-13 15:54 . 2018-09-14 19:53 2004480 ----a-w- c:\windows\system32\msxml6.dll
2018-08-13 15:54 . 2018-09-14 19:53 1888768 ----a-w- c:\windows\system32\msxml3.dll
2018-08-13 15:54 . 2018-09-14 19:53 2048 ----a-w- c:\windows\system32\msxml6r.dll
2018-08-13 15:54 . 2018-09-14 19:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2018-08-13 15:54 . 2018-09-14 19:53 8192 ----a-w- c:\windows\system32\msimg32.dll
2018-08-13 15:54 . 2018-09-14 19:53 56832 ----a-w- c:\windows\system32\mf3216.dll
2018-08-13 15:53 . 2018-09-14 19:53 405504 ----a-w- c:\windows\system32\gdi32.dll
2018-08-13 15:53 . 2018-09-14 19:53 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2018-08-13 15:41 . 2018-09-14 19:53 313344 ----a-w- c:\windows\SysWow64\gdi32.dll
2018-08-13 15:40 . 2018-09-14 19:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2018-08-13 15:40 . 2018-09-14 19:53 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2018-08-13 15:40 . 2018-09-14 19:53 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2018-08-13 15:40 . 2018-09-14 19:53 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2018-08-13 15:40 . 2018-09-14 19:53 4608 ----a-w- c:\windows\SysWow64\msimg32.dll
2018-08-13 15:40 . 2018-09-14 19:53 43008 ----a-w- c:\windows\SysWow64\mf3216.dll
2018-08-13 15:40 . 2018-09-14 19:53 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2018-08-12 20:32 . 2018-09-14 19:53 378464 ----a-w- c:\windows\system32\drivers\netio.sys
2018-08-12 20:31 . 2018-09-14 19:53 1894496 ----a-w- c:\windows\system32\drivers\tcpip.sys
2018-08-12 20:31 . 2018-09-14 19:53 289376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2018-08-12 20:28 . 2018-09-14 19:53 18944 ----a-w- c:\windows\system32\netevent.dll
2018-08-12 20:14 . 2018-09-14 19:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2018-08-10 15:59 . 2018-09-14 19:53 154800 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2018-08-10 15:59 . 2018-09-14 19:53 5552816 ----a-w- c:\windows\system32\ntoskrnl.exe
2018-08-10 15:58 . 2018-09-14 19:53 263776 ----a-w- c:\windows\system32\hal.dll
2018-08-10 15:58 . 2018-09-14 19:53 96864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2018-08-10 15:58 . 2018-09-14 19:53 385120 ----a-w- c:\windows\system32\atmfd.dll
2018-08-10 15:57 . 2018-09-14 19:53 631624 ----a-w- c:\windows\system32\winresume.efi
2018-08-10 15:57 . 2018-09-14 19:53 708272 ----a-w- c:\windows\system32\winload.efi
2018-08-10 15:56 . 2018-09-14 19:53 1664296 ----a-w- c:\windows\system32\ntdll.dll
2018-08-10 15:55 . 2018-09-14 19:53 361984 ----a-w- c:\windows\system32\wow64win.dll
2018-08-10 15:55 . 2018-09-14 19:53 243712 ----a-w- c:\windows\system32\wow64.dll
2018-08-10 15:55 . 2018-09-14 19:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2018-08-10 15:55 . 2018-09-14 19:53 215552 ----a-w- c:\windows\system32\winsrv.dll
2018-08-10 15:55 . 2018-09-14 19:53 22528 ----a-w- c:\windows\system32\wfapigp.dll
2018-08-10 15:55 . 2018-09-14 19:53 210432 ----a-w- c:\windows\system32\wdigest.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"Steam"="e:\games\Wolf\Steam.exe" [2018-10-13 3208992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"NBKeyScan"="c:\program files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2015-12-05 286992]
"RealDownloader"="c:\program files (x86)\RealNetworks\RealDownloader\downloader2.exe" [2016-02-24 720112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealTimes.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2015-12-5 1196328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys;c:\windows\SYSNATIVE\DRIVERS\dc21x4vm.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 RapportAegle64;RapportAegle64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [x]
S1 RapportCerberus_1930074;RapportCerberus_1930074;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 RealTimes Desktop Service;RealTimes Desktop Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe;c:\program files (x86)\ShadowExplorer\sesvc.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2018-09-20 06:32 327664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 07:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-04 7204568]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\ecmds.exe" [2018-09-15 177928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - c:\program files (x86)\Broadcom\WirelessBCM MIMO\Utility\Wlan11ag.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-MagicDisc 2.7.106 - c:\progra~2\MAGICD~1\UNWISE.EXE
AddRemove-Plus98 - c:\progra~2\Plus!\Setup!98\setup.exe
AddRemove-RealPlayer 18.1 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-Unreal Gold - c:\unrealgold\System\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_31_0_0_108_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.31"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_31_0_0_108.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2018-10-23 19:42:31 - machine was rebooted
ComboFix-quarantined-files.txt 2018-10-23 18:42
.
Pre-Run: 33,491,017,728 bytes free
Post-Run: 32,662,048,768 bytes free
.
- - End Of File - - 7F6D6905CCD78E8BFA94ED8443CA10BC
A36C5E4F47E84449FF07ED3517B43A31





blenkinsop is offline  
Old 10-23-2018, 07:25 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, blenkinsop. Not seeing the screenshots in your last post.

Let me know if you still get a popup.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-29-2018, 01:16 PM   #14
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:




blenkinsop is offline  
Old 10-29-2018, 07:08 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, blenkinsop. Your last post is blank. Can you attach the pic(s) to your next reply as you did the attachments in your initial post?

Are you still getting popups?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-30-2018, 12:07 PM   #16
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



I'll have to find another way to send the pic as I've tried with a word doc and a jpeg and neither has worked. Even when I copy, they won't paste into the reply. They seem to at first but then nothing.
I'm away for a few days and will work on it over the w/e.
blenkinsop is offline  
Old 10-30-2018, 08:09 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Don't copy/paste. Attach the pic(s) like you did the first time you attached the dds.txt and attach.txt logs.

You still aren't answering my questions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-03-2018, 01:53 AM   #18
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:



Pop up still happens at random.


Attachment
Attached Thumbnails
Click image for larger version

Name:	Erx03..jpg
Views:	113
Size:	50.0 KB
ID:	322086  
blenkinsop is offline  
Old 11-03-2018, 05:33 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Thanks for the pic, except it's so small I can't read it. Click on it and you will see what I can see. See if you can attach a bigger pic.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-06-2018, 01:56 PM   #20
Registered Member
 
Join Date: Mar 2018
Posts: 18
OS:




blenkinsop is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Win 7 Homegroup - Settings Problem
I bought a new laptop, running Win 7 Home Premium, and I set up a Homegroup with another laptop, running Win 7 Pro. I took the Win 7 Pro laptop on a trip, and reconnected to the Homegroup when I returned. The Win 7 Pro laptop had no screen saver set up. The Win 7 Home Premium laptop was set up...
DocPit Windows 7 , Windows Vista Support 0 04-24-2011 07:35 PM
[SOLVED] Dual booting WinXP and Win 7
Hello all.Hope I am posting in the right spot.My apologies if not.I am looking for some help dual booting win xp and win 7.I was running win 7 ultimate 64 bit but was having some issues with games not having 64 bit support,so wanted to install XP 32 bit with Win 7 on dual boot,I created the...
CrazedCanadian Windows XP Support 2 03-07-2011 03:46 AM
win 7 ult to win 7 pro share issues
Having trouble share files on win 7 ultimate machine with win 7 pro machine. I have a gigabit network with a uverse router (2wire) to the internet, followed by a linksys 610 router to give me gigabit. There are 2 switches in different places before the computers. Off one swicth I have a win7...
dalehamilton File and Application Sharing 7 02-14-2011 12:25 PM
win xp -win 7 networking issues
I've had a friend develop an Access db for my business that I want to access from 6 pcs that are a mix of xp pro sp3 and win 7 ult. The box where the backend resides is one of the win 7 ult with 2- 1Tb hd with virtual drive partitions. it is a peer to peer network. I've installed the front end...
metalcaster Networking Support 5 01-05-2011 09:10 AM
How do install both win 7 and server 2003 OS in sony notebook ?
Hi Friends, I bought new Sony 64bit with win7 notebook recently (which I can back up the OS ). Now I need to install server 2003 as additional OS. When I do partition and installing 2003, not able to open win 7, itís missing. Hope as per my understanding, bootable files are overweighting with...
sri_01 Windows 7 , Windows Vista Support 1 01-02-2011 11:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:32 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts