Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan - Nymaim.K


  • Please log in to reply

#1
SJ Danny

SJ Danny

    Member

  • Member
  • PipPip
  • 80 posts
Long Story Short: Someone Opened an Email from a known person. It required "an Older Version of Microsoft Word" to open. Nothing was there. Windows Defender started saying I Had a Torjan Nymaim.K tried deleting but it keeps appearing.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Gilbert-PC (administrator) on GILBERT (13-11-2017 19:53:27)
Running from C:\Users\Gilbert-PC\Downloads
Loaded Profiles: Gilbert-PC &  (Available Profiles: Gilbert-PC)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-21] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-01-28] (Siber Systems)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [Fences] => "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [wedge-83] => C:\Users\Gilbert-PC\AppData\Local\wedge-22\wedge-02.exe [509952 2017-09-26] ()
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Winlogon: [Shell] C:\ProgramData\centroid-57\centroid-90.exe -a1,explorer.exe <==== ATTENTION
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-01-28] (Siber Systems)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [Fences] => "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [wedge-83] => C:\Users\Gilbert-PC\AppData\Local\wedge-22\wedge-02.exe [509952 2017-09-26] ()
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Policies\Explorer: [] 
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Winlogon: [Shell] C:\ProgramData\centroid-57\centroid-90.exe -a1,explorer.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-11-01]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-11-01]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-11-01]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gsm900-7.lnk [2017-11-13]
ShortcutTarget: gsm900-7.lnk -> C:\Users\Gilbert-PC\AppData\Local\gsm900-1\gsm900-68.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60CC048A-F861-4750-8B18-93CBF3663661}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E683A96B-3BBB-4D94-A770-107ECE9EFE12}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-07] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-28] (Siber Systems Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-28] (Siber Systems Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-28] (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
DPF: HKLM-x32 {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} hxxp://50.184.27.98/HiDvrOcx.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-10-16] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Slides) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Docs) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-27]
CHR Extension: (YouTube) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Sheets) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-27]
CHR HKU\S-1-5-21-3397947757-2202323943-316364792-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-23] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32976 2017-10-17] (Corsair Components, Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [333280 2016-12-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-10-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-21] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-21] (Intuit Inc.) [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 vmms; C:\Windows\system32\vmms.exe [13814784 2017-08-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpuz139; C:\Windows\TEMP\cpuz139\cpuz139_x64.sys [43328 2017-10-27] (CPUID)
R3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2017-11-13] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [564216 2017-04-25] (Intel Corporation)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2016-11-11] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-11-13] (Malwarebytes)
R1 MpKsl39fa6c96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B408A034-2F6C-461C-AB3F-5F9A0541F615}\MpKsl39fa6c96.sys [58120 2017-11-13] (Microsoft Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2016-11-11] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [28160 2017-01-12] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2016-11-11] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2017-03-31] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 19:53 - 2017-11-13 19:53 - 000019074 _____ C:\Users\Gilbert-PC\Downloads\FRST.txt
2017-11-13 19:53 - 2017-11-13 19:53 - 000000000 ____D C:\FRST
2017-11-13 19:52 - 2017-11-13 19:52 - 002392576 _____ (Farbar) C:\Users\Gilbert-PC\Downloads\FRST64.exe
2017-11-13 19:36 - 2017-11-13 19:36 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-13 19:36 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-13 05:54 - 2017-11-13 05:54 - 000016970 _____ C:\Users\Gilbert-PC\Desktop\Daily planer Noviembre2017.xlsx
2017-11-13 05:50 - 2017-11-13 19:27 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Roaming\api--1-0
2017-11-04 06:22 - 2017-11-04 06:22 - 000426202 _____ C:\Users\Gilbert-PC\Downloads\Sentinella Instructions 2 (1).pdf
2017-11-04 05:15 - 2017-11-04 05:15 - 000308602 _____ C:\Users\Gilbert-PC\Downloads\homes-direct-Golden Exclusive 441A.pdf
2017-11-04 05:10 - 2017-11-04 05:55 - 000000000 ____D C:\Users\Gilbert-PC\Desktop\Victor
2017-11-02 14:04 - 2017-11-02 14:04 - 000128361 _____ C:\Users\Gilbert-PC\Documents\CelLink- 24 led FBX24LL40-unv.pdf
2017-11-02 13:18 - 2017-11-02 13:18 - 000426202 _____ C:\Users\Gilbert-PC\Downloads\Sentinella Instructions 2.pdf
2017-11-02 12:17 - 2017-11-02 12:17 - 000182241 _____ C:\Users\Gilbert-PC\Documents\1000 CelLink-Single Line.pdf
2017-11-02 11:47 - 2017-11-02 11:47 - 000096801 _____ C:\Users\Gilbert-PC\Downloads\CLLNK A Panels (1).pptx
2017-11-02 11:46 - 2017-11-02 11:46 - 000096801 _____ C:\Users\Gilbert-PC\Downloads\CLLNK A Panels.pptx
2017-11-02 04:36 - 2017-11-02 04:36 - 000198298 _____ C:\Users\Gilbert-PC\Downloads\SCCK Copier17110113090 (1).pdf
2017-11-02 04:24 - 2017-11-02 04:24 - 000198298 _____ C:\Users\Gilbert-PC\Downloads\SCCK Copier17110113090.pdf
2017-11-01 04:56 - 2017-11-01 04:56 - 000917012 _____ C:\Users\Gilbert-PC\Downloads\divalite-lhb-specs.pdf
2017-10-31 12:25 - 2017-11-08 16:03 - 000016050 _____ C:\Users\Gilbert-PC\Documents\Daily planer Noviembre2017.xlsx
2017-10-31 10:06 - 2017-10-31 10:06 - 000205758 _____ C:\Users\Gilbert-PC\Downloads\M4381031X7K1-0000-1-M-QuickPrint_800AMP_PANEL_[E].pdf
2017-10-30 20:37 - 2017-10-30 20:37 - 000000162 _____ C:\Users\Gilbert-PC\Downloads\Unconfirmed 705958.crdownload
2017-10-30 14:52 - 2017-10-30 14:52 - 000825418 _____ C:\Users\Gilbert-PC\Downloads\reindependencesolaroutage.zip
2017-10-30 07:23 - 2017-10-30 07:23 - 000402618 _____ C:\Users\Gilbert-PC\Downloads\209044E-2IND (1).pdf
2017-10-27 13:52 - 2017-10-27 13:52 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-27 13:51 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-10-27 13:51 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-10-27 13:51 - 2017-09-14 11:30 - 007439704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-27 13:51 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-27 13:51 - 2017-09-14 11:29 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-27 13:51 - 2017-09-13 17:18 - 001384216 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-27 13:51 - 2017-09-13 17:14 - 001124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-27 13:51 - 2017-09-13 05:32 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-27 13:51 - 2017-09-13 05:31 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-27 13:51 - 2017-09-13 05:27 - 000384000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-27 13:51 - 2017-09-09 10:53 - 022361864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-27 13:51 - 2017-09-09 09:55 - 019790760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-27 13:51 - 2017-09-09 09:38 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-10-27 13:51 - 2017-09-09 08:10 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-27 13:51 - 2017-09-09 07:49 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-27 13:51 - 2017-09-09 07:47 - 014466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-10-27 13:51 - 2017-09-09 07:21 - 012879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-27 13:51 - 2017-09-08 19:50 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-27 13:51 - 2017-09-08 19:50 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-27 13:51 - 2017-09-08 10:21 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-27 13:51 - 2017-09-08 10:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-27 13:51 - 2017-09-08 09:39 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-27 13:51 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-10-27 13:51 - 2017-09-08 08:57 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-27 13:51 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-10-27 13:51 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-27 13:51 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-27 13:51 - 2017-09-07 13:33 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-27 13:51 - 2017-09-07 13:33 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-27 13:51 - 2017-09-07 13:32 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-27 13:51 - 2017-09-07 13:32 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-27 13:51 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-10-27 13:51 - 2017-09-07 13:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-27 13:51 - 2017-09-07 13:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-27 13:51 - 2017-09-07 13:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-27 13:51 - 2017-09-07 13:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-27 13:51 - 2017-09-07 13:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-27 13:51 - 2017-09-07 12:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-27 13:51 - 2017-09-07 12:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-27 13:51 - 2017-09-07 12:31 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-10-27 13:51 - 2017-09-07 12:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-27 13:51 - 2017-09-07 12:21 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-10-27 13:51 - 2017-09-07 12:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-27 13:51 - 2017-09-07 12:11 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-27 13:51 - 2017-09-07 12:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-27 13:51 - 2017-09-07 12:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-27 13:51 - 2017-09-07 12:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-27 13:51 - 2017-09-07 12:08 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-10-27 13:51 - 2017-09-07 11:54 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-10-27 13:51 - 2017-09-07 11:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-27 13:51 - 2017-09-07 11:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-27 13:51 - 2017-09-07 11:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-27 13:51 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-10-27 13:51 - 2017-09-07 11:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-27 13:51 - 2017-09-07 11:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-27 13:51 - 2017-09-07 11:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-27 13:51 - 2017-09-07 11:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-27 13:51 - 2017-09-07 11:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-27 13:51 - 2017-09-07 10:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-27 13:51 - 2017-09-07 10:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-27 13:51 - 2017-09-07 10:38 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-10-27 13:51 - 2017-09-07 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-27 13:51 - 2017-09-07 10:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-10-27 13:51 - 2017-09-07 10:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-27 13:51 - 2017-09-07 10:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-27 13:51 - 2017-09-07 10:27 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-27 13:51 - 2017-09-07 10:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-27 13:51 - 2017-09-07 10:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-27 13:51 - 2017-09-07 10:24 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-10-27 13:51 - 2017-09-07 10:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-27 13:51 - 2017-09-07 10:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-27 13:51 - 2017-09-07 09:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-27 13:51 - 2017-09-07 09:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-27 13:51 - 2017-09-07 09:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-10-27 13:51 - 2017-09-07 09:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-10-27 13:51 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-27 13:51 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-10-27 13:51 - 2017-09-06 15:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-10-27 13:51 - 2017-09-06 13:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-10-27 13:51 - 2017-09-06 13:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-10-27 13:51 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-10-27 13:51 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-10-27 13:51 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-10-27 13:49 - 2017-10-27 13:49 - 000003174 _____ C:\Windows\System32\Tasks\Start CorsairLink4
2017-10-27 13:49 - 2017-10-27 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair LINK 4
2017-10-27 13:49 - 2017-10-27 13:49 - 000000000 ____D C:\Program Files (x86)\CorsairLink4
2017-10-27 13:47 - 2017-10-27 13:47 - 779635176 _____ C:\Windows\MEMORY.DMP
2017-10-27 13:47 - 2017-10-27 13:47 - 000619568 _____ C:\Windows\Minidump\102717-3859-01.dmp
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\Windows\Minidump
2017-10-25 15:56 - 2017-10-25 15:56 - 001207296 _____ C:\Users\Gilbert-PC\Downloads\Environnment+Rating+Scales+-Holly (1).ppt
2017-10-25 15:38 - 2017-10-25 15:38 - 001209344 _____ C:\Users\Gilbert-PC\Downloads\Environnment+Rating+Scales+-Holly.ppt
2017-10-18 10:59 - 2017-10-18 10:59 - 000000000 ____D C:\Users\Gilbert-PC\Documents\AutoCAD Sheet Sets
2017-10-17 04:59 - 2017-10-17 04:59 - 000059212 _____ C:\Users\Gilbert-PC\Downloads\1622.5-TO CONSULTANT.PDF
2017-10-17 04:58 - 2017-10-17 04:58 - 000061588 _____ C:\Users\Gilbert-PC\Downloads\1622.4-TOCONSULT-FP (1).PDF
2017-10-17 04:55 - 2017-10-17 04:55 - 000299159 _____ C:\Users\Gilbert-PC\Downloads\1622.4-E-FP.dwg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 19:51 - 2016-10-27 05:57 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\ClassicShell
2017-11-13 19:41 - 2016-10-27 05:38 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3397947757-2202323943-316364792-1001
2017-11-13 19:39 - 2016-10-27 05:37 - 000865112 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-13 19:39 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf
2017-11-13 19:36 - 2017-04-05 15:06 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-13 19:36 - 2016-10-27 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 19:36 - 2016-10-27 05:51 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-13 19:34 - 2016-10-27 05:46 - 000000000 __SHD C:\Users\Gilbert-PC\IntelGraphicsProfiles
2017-11-13 19:33 - 2016-11-11 18:38 - 027715584 _____ C:\Windows\system32\vmguest.iso
2017-11-13 19:33 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-13 19:31 - 2014-04-12 20:55 - 000000000 ____D C:\ProgramData\ti
2017-11-13 19:27 - 2013-08-22 05:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-11-13 16:20 - 2016-10-27 05:47 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 16:15 - 2017-07-14 22:42 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\gsm900-1
2017-11-13 16:00 - 2015-07-16 17:47 - 000000000 ____D C:\ProgramData\centroid-57
2017-11-13 14:51 - 2017-01-08 08:08 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\wedge-22
2017-11-13 05:58 - 2013-08-22 07:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-13 05:57 - 2016-10-27 05:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-13 05:49 - 2016-11-01 13:35 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2017-11-13 05:43 - 2016-10-27 05:32 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\Packages
2017-11-10 14:20 - 2016-10-27 06:12 - 000000000 ____D C:\ProgramData\CLink4
2017-11-08 10:01 - 2016-10-27 06:10 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-11-06 22:57 - 2017-07-26 17:25 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3397947757-2202323943-316364792-1001
2017-11-06 22:57 - 2016-11-01 08:58 - 000002313 _____ C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-10-28 01:56 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache
2017-10-27 13:58 - 2013-08-22 06:44 - 000561824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-27 13:57 - 2013-08-22 07:36 - 000000000 ___RD C:\Windows\ToastData
2017-10-27 13:56 - 2016-10-27 05:32 - 000000000 ____D C:\Users\Gilbert-PC
2017-10-27 13:54 - 2013-08-22 07:20 - 000000000 ____D C:\Windows\CbsTemp
2017-10-27 13:53 - 2016-10-26 15:25 - 000000000 ____D C:\Windows\system32\MRT
2017-10-27 13:52 - 2016-10-26 15:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-27 13:49 - 2016-10-27 06:12 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2017-01-28 16:06 - 2017-01-28 16:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-25 15:58 - 2017-05-31 07:03 - 000000028 _____ () C:\ProgramData\IpAndPort.fig
2016-11-01 09:38 - 2016-11-01 09:38 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-01-25 15:58 - 2017-05-31 07:03 - 000000236 _____ () C:\ProgramData\RmUserCfg.ini
 
Some files in TEMP:
====================
2017-11-13 05:56 - 2017-11-13 05:56 - 001232896 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\1439947031.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000226672 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\Abspdf.exe
2016-11-01 09:39 - 2015-01-26 06:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\Gilbert-PC\AppData\Local\Temp\AcDeltree.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000749715 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfu.dll
2016-11-01 13:37 - 2012-01-05 11:43 - 000947200 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfuamd64.dll
2016-11-01 13:37 - 2012-01-05 11:43 - 000407269 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfui.dll
2016-11-01 13:37 - 2006-07-12 14:11 - 001093632 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfuia64.dll
2016-11-01 13:37 - 2012-01-05 11:43 - 000430592 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfuiamd64.dll
2016-11-01 13:37 - 2006-07-12 14:11 - 000346112 _____ (AMYUNI Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\acfpdfuiia64.dll
2016-11-01 13:37 - 2012-01-05 11:43 - 004218880 _____ (Amyuni Technologies
http://www.amyuni.com)C:\Users\Gilbert-PC\AppData\Local\Temp\cdintf.dll
2006-11-01 22:22 - 2006-11-01 22:22 - 000930272 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\DPInstx64.exe
2006-11-01 22:22 - 2006-11-01 22:22 - 000795104 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\DPInstx86.exe
2010-01-13 01:38 - 2010-01-13 01:38 - 000075600 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\DPInst_Monx64.exe
2010-01-13 01:39 - 2010-01-13 01:39 - 000075088 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\DPInst_Monx86.exe
2010-01-13 04:59 - 2010-01-13 04:59 - 000075080 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\OS_Detect.exe
2016-11-01 13:37 - 2011-07-20 08:18 - 000042264 _____ (Tri-Sector, Inc.) C:\Users\Gilbert-PC\AppData\Local\Temp\PDFPRT400.exe
2017-01-28 16:05 - 2017-05-07 20:32 - 021387040 _____ (Siber Systems) C:\Users\Gilbert-PC\AppData\Local\Temp\RoboForm-Setup.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000121856 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\xmllite.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-11 03:41
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Gilbert-PC (13-11-2017 19:53:55)
Running from C:\Users\Gilbert-PC\Downloads
Windows 8.1 Pro (Update) (X64) (2016-10-27 13:32:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3397947757-2202323943-316364792-500 - Administrator - Disabled)
Gilbert-PC (S-1-5-21-3397947757-2202323943-316364792-1001 - Administrator - Enabled) => C:\Users\Gilbert-PC
Guest (S-1-5-21-3397947757-2202323943-316364792-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Blue Iris 4 (HKLM-x32\...\{24DBFE51-243F-4538-BB28-2FD7EC8E7F16}) (Version: 4.4.9.0 - Perspective Software)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Corsair LINK 4 (HKLM-x32\...\{3f9cac6a-22c5-4169-aa67-3710a1ac6fe1}) (Version: 4.9.1.23 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{5F5A99B2-0273-41BF-876F-0F2B9D7BA200}) (Version: 4.9.1.23 - Corsair Components, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4565 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Night Owl HD CMS version 1.1.72 (HKLM-x32\...\{DDC5185C-7C8A-420B-B831-BCE5AAB1F449}_is1) (Version: 1.1.72 - Night Owl SP,LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4012.2607 - Intuit Inc.) Hidden
QuickBooks Premier: Contractor Edition 2016 (HKLM-x32\...\{46D4E594-38FE-48F9-8C3A-02315281A4B5}) (Version: 26.0.4012.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RoboForm 7-9-26-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-26-6 - Siber Systems)
Roland 2.5D DRIVER [EGX-30A] (HKLM-x32\...\{FCF6FB65-55C6-434B-8DE5-FE32033214CC}) (Version: 1.20.0000 - Roland DG Corporation)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TriPoint 9.7 - Demo (HKLM-x32\...\ST4UNST #1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-05] (Autodesk)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-14] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08164B2E-7179-4C3A-9917-FE7CA3A0BB57} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {1A88ABE2-CF09-4E9E-A080-196BC9E02ED0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-01-28] (Siber Systems)
Task: {2A027848-A0E6-4BA3-B5C2-E053C460DB20} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {30C5E2EB-861F-4AA6-A0B1-CBB449A64A5E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {333FB949-E371-438D-B202-75D858C671EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {45C2F912-46A1-43D3-8209-0C9411DF04F0} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMOJLJJJJMKJOMJMIMCNGMKMIMLMCNLMMJOJNJCNNJLMPMNJCNGMHMOJKMMMJJIMLJKMPMIMPMJNJICMIMCNGMCNNMJMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMJMHMHMJNHICMOMNMKJPMOMJNBJCMILGJDJNJKJNILICNPKMLJNKJCMJNNICMJNDJCMKJBJ (the data entry has 55 more characters).
Task: {55D9623C-77E6-4944-847D-C4D86FB15244} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-25] ()
Task: {84CC91BC-C9AE-4A5E-9C3B-A19C1AF2ABC0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-25] ()
Task: {8AE9831C-E519-4B31-9B9D-716E67B51729} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {8D2F3711-8D01-42FD-B60F-A203EE3189FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {8EB53C1D-9837-4BD3-BD7B-37A5281DB6F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {9566C91B-1012-44F8-BC34-AF3E5B670978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {9EB8CB7F-1F32-431E-97CD-F0155CCF9059} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {AC68994B-1639-4D9F-90C8-7BD91DD2903D} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-10-17] (Corsair Components, Inc.)
Task: {B1E20775-B57E-450C-A0F2-7E6489F37545} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {D018520A-A607-44FE-8A25-C73D7CC3DE3A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-22 02:17 - 2017-11-07 06:11 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-27 05:51 - 2012-01-20 13:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-11-09 11:32 - 2016-06-08 18:07 - 000458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-11-09 11:32 - 2016-06-08 18:18 - 000709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-11-09 11:32 - 2016-06-08 18:12 - 000416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-11-09 11:32 - 2016-06-08 18:15 - 000130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-11-09 11:32 - 2016-06-08 18:15 - 000032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2017-11-13 16:20 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 16:20 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-11-01 09:39 - 2016-02-23 20:48 - 000062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-11-01 09:39 - 2016-02-23 20:47 - 000110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8645B7B2-36C9-4DBE-9673-0D749FCDC67C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FB9A886F-3EBA-4ADD-A635-D77659563A7D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{87D0A89E-E5BF-4A4E-8020-D03C776DB6AD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{BB353273-FF86-4A9C-A082-66D86DABEEA4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A61D83EB-7AA0-43A9-B571-8B65CB44DE21}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EDBBC826-5AF2-4D45-B984-AEF2EB84D026}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D6E8F01B-ADED-4A89-A1E8-647B880B8745}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE3B0DA1-1EAD-4CBD-BF7F-8BA627434D17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{24EDF94E-FFB9-4743-8A11-7107F4AE304E}] => (Allow) C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{AAAED5A3-25D1-4D84-A3DC-92DB2236971B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D6654D45-5298-4049-B2C9-D517F69D3150}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{1ADCC700-8EB5-452C-B479-538917A45934}] => (Allow) LPort=50248
FirewallRules: [{4AD8E002-B853-4DDC-B239-920F7BE62360}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A13BE620-8EE2-4511-9A94-D49605AE4114}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CB32E7A1-9C77-47E6-95D9-1867E50E4B85}] => (Allow) LPort=1688
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{0A808AE3-6916-452E-A879-586E6B880800}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [UDP Query User{4E6ABDBC-409B-46D8-884F-6847C147E672}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [{35B2C0F6-AFA7-4BFA-935D-6E611EC3AD19}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{05E6D02A-6125-4F6B-AA15-133B874174F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{AF280138-1772-4989-B0DD-4DF5B9313C5F}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [UDP Query User{79D9E665-DA59-4E29-8266-A4EA7FC64B6D}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [{4C89BF8D-69EB-4D11-9653-FB62B4332443}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D0681BB8-3E64-473B-95BE-BE0917C4BA3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-10-2017 13:49:14 Corsair LINK 4
04-11-2017 01:53:21 Scheduled Checkpoint
11-11-2017 03:42:24 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2017 07:36:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.742, time stamp: 0x599eabe2
Exception code: 0xc0000005
Fault offset: 0x0000000000006704
Faulting process id: 0xae4
Faulting application start time: 0x01d35cf9c56145ec
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Report Id: 0484230e-c8ed-11e7-8276-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 05:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 62.0.3202.89, time stamp: 0x59fe811c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18821, time stamp: 0x59ba86db
Exception code: 0xc0000135
Fault offset: 0x00000000000ece70
Faulting process id: 0xc30
Faulting application start time: 0x01d35ce95dd9a2d0
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: KERNELBASE.dll
Report Id: 9b862ebe-c8dc-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 04:48:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 62.0.3202.89, time stamp: 0x59fe811c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18821, time stamp: 0x59ba86db
Exception code: 0xc0000135
Fault offset: 0x00000000000ece70
Faulting process id: 0xec4
Faulting application start time: 0x01d35ce24c612910
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: KERNELBASE.dll
Report Id: 8a14dbf3-c8d5-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: efm8load.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x1408
Faulting application start time: 0x01d35ccf1cb2b879
Faulting application path: C:\Program Files (x86)\CorsairLink4\efm8load.exe
Faulting module path: unknown
Report Id: 5a6ff4be-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ImagingDevices.exe, version: 6.3.9600.17415, time stamp: 0x54504432
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0xe98
Faulting application start time: 0x01d35ccf18ccdceb
Faulting application path: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Faulting module path: unknown
Report Id: 568a194b-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x9c8
Faulting application start time: 0x01d35ccf1524a371
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Faulting module path: unknown
Report Id: 52e1dfc2-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpshare.exe, version: 12.0.9600.17415, time stamp: 0x545047f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x19b4
Faulting application start time: 0x01d35ccf117f5f71
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmpshare.exe
Faulting module path: unknown
Report Id: 4f3c9bc4-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wabmig.exe, version: 6.3.9600.17415, time stamp: 0x545040c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x136c
Faulting application start time: 0x01d35ccf0dd7f047
Faulting application path: C:\Program Files (x86)\Windows Mail\wabmig.exe
Faulting module path: unknown
Report Id: 4b93e941-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.9600.17415, time stamp: 0x54504530
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0xc14
Faulting application start time: 0x01d35ccf0a32bbd9
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmprph.exe
Faulting module path: unknown
Report Id: 47eff83e-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2017 02:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wab.exe, version: 6.3.9600.17415, time stamp: 0x54504361
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x1164
Faulting application start time: 0x01d35ccf068c9144
Faulting application path: C:\Program Files (x86)\Windows Mail\wab.exe
Faulting module path: unknown
Report Id: 444a2e6e-c8c2-11e7-8273-704d7b26d933
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/13/2017 07:36:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Malwarebytes Service service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/13/2017 07:36:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/13/2017 07:34:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2017 07:33:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ESRV_SVC_WILLAMETTE service.
 
Error: (11/13/2017 07:30:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2017 07:28:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2017 05:57:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2017 03:47:21 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (11/13/2017 03:46:51 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (11/12/2017 04:06:06 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16267.8 MB
Available physical RAM: 11907.83 MB
Total Virtual: 32651.8 MB
Available Virtual: 28148.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.37 GB) (Free:144.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

Sorry but we can't work on pirated software and yours has KMSpico v9.1.3 which is used to activate Windows without a valid license.  If you uninstall KMSpico v9.1.3 and do a new FRST  scan with Addition.txt checked and post the new logs I can help you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP