Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I got hacked many times continuesly - Help me


  • Please log in to reply

#1
rajeevrrs

rajeevrrs

    New Member

  • Member
  • Pip
  • 1 posts

Hi,

This happening to me from past 2 months. I am managing 20 sites and every site getting hacked. I have shifted 6 different server & hosting provider but result same.

My site are hosted in wordpress and I use some plugin. I'm not sure how they are hacking. They have injected my PC or the plugin of the wordpress is injected.

Kaspersky and Malwarebyte installed in my PC and both are licensed.

Plugin that i use :

1. wordpress.org/plugins/comment-link-remove/
2. wordpress.org/plugins/my-html-post-widgets/
3. wordpress.org/plugins/insert-headers-and-footers/
4. WP-automatic ( Download Link : www46.zippyshare.com/v/6qp7GUqy/file.html ) (VirusTota; : virustotal.com/#/file/406a435eb83f77e26c6c99e3a4bf765854069d6c48395e2e1447f5288f2e970d/detection ) Downloaded from Online forum

Themes

5. SocialViral Themes ( Download link : www112.zippyshare.com/v/7Cqm4LpA/file.html ) (VirusTotal : virustotal.com/#/file/50062f86108ab68f33a97b1a4b216d473055b99ffc994a1684aa33ba1df6cb33/detection

 
These 4 Plugin are common that i use in all my site.
---------------------------

My PC Scan :

WEEDIAGNOSE created by JoshuTee : pastebin.com/g4iFNeHK
AdwCleaner  : pastebin.com/9dFMt1H2
aswMBR : pastebin.com/g0F0Sxhq
FRST : pastebin.com/WYFnKaLY
FRST Additional : pastebin.com/aCSGg1QW

Please Help me to fix the issues. Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by RRS-KING (administrator) on RRS (20-01-2018 01:28:07)
Running from C:\Users\RRS-KING\Downloads\Programs
Loaded Profiles: RRS-KING & UpdatusUser (Available Profiles: RRS-KING & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spiritsoft) C:\Users\RRS-KING\Desktop\IPTS\ipts.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\RRS-KING\Desktop\CNM\CryptoNoteMiner.exe
() C:\Users\RRS-KING\Desktop\CNM\binaries\cpuminer\64bit\minerd.exe
() C:\Users\RRS-KING\Desktop\CNM\CryptoNoteMiner.exe
() C:\Users\RRS-KING\Desktop\CNM\binaries\cpuminer\64bit\minerd.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Spiritsoft) C:\Users\RRS-KING\Desktop\IPTS\ipts.exe
(Spiritsoft) C:\Users\RRS-KING\Desktop\IPTS\ipts.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [EaseUS Cleanup] => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [uTorrent] => C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [ipjingling] => C:\Users\RRS-KING\Desktop\ipjingling\ipjingling.exe -h
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [ipts] => C:\Users\RRS-KING\Desktop\IPTS\ipts.exe [1079296 2017-09-15] (Spiritsoft)
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4105328 2018-01-11] (Tonec Inc.)
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Run: [MinerGateGui] => C:\Program Files\MinerGate\minergate.exe [19579904 2018-01-13] ()
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [uTorrent] => C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.)
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [ipts] => C:\Users\UpdatusUser\Desktop\IPTS\ipts.exe -h
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [SandboxieControl] => "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [ipjingling] => C:\Users\UpdatusUser\Desktop\ipjingling\ipjingling.exe -h
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2017-02-14]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{6B36BFFD-9D00-48C5-87B2-02E81A32B5E1}: [DhcpNameServer] 203.145.184.32 203.145.184.13 8.8.8.8
Tcpip\..\Interfaces\{EF5F657A-0E1E-4595-BB42-A8EFF2EA2C85}: [DhcpNameServer] 203.145.184.32 203.145.184.13 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2766568034-3981997856-901821736-1001 -> {3D3BBE9B-D7BF-41CF-8504-FB2BAEE8F615} URL = hxxps://in.search.yahoo.com/search?p={searchTerms}&intl=in&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-19] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-19] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-19] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-19] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8p52cjpc.default-1486823914556-1511353007250
FF ProfilePath: C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User [2018-01-17]
FF Homepage: Mozilla\Firefox\Profiles\uw5o9rq9.Default User -> about:home
FF Extension: (TubeBuddy for YouTube) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\[email protected] [2017-08-13] [Legacy]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\[email protected] [2017-08-13] [Legacy]
FF Extension: (VTzilla) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\[email protected] [2017-08-13] [Legacy]
FF Extension: (Honey) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\[email protected] [2017-08-13]
FF Extension: (LastPass: Free Password Manager) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\[email protected] [2017-08-13] [Legacy]
FF Extension: (Popup Blocker Ultimate) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-08-13] [Legacy]
FF Extension: (Tamper Data) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-08-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\uw5o9rq9.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-13] [Legacy]
FF ProfilePath: C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\pg3b67go.dev-edition-default [2018-01-20]
FF ProfilePath: C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\7rvkak6w.developer-1503258124432 [2018-01-17]
FF ProfilePath: C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250 [2018-01-20]
FF Homepage: Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250 -> about:home
FF Extension: (Cookies Export/import) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected] [2017-11-22] [Legacy]
FF Extension: (TubeBuddy for YouTube) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected] [2018-01-12]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected] [2017-11-22] [Legacy]
FF Extension: (VTzilla) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected] [2017-11-22] [Legacy]
FF Extension: (Honey) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected] [2018-01-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\[email protected]lastpass.com.xpi [2017-12-05]
FF Extension: (Blockchain DNS) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\{2f2fe5d7-7ec3-4cb9-8b3e-796272c47383}.xpi [2017-12-17]
FF Extension: (Popup Blocker Ultimate) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-11-22]
FF Extension: (Tamper Data) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-11-22] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\RRS-KING\AppData\Roaming\Mozilla\Firefox\Profiles\8p52cjpc.default-1486823914556-1511353007250\features\{d9548f8a-40dc-4fc6-ae58-8443523f473c}\[email protected] [2018-01-06] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-12-29]
FF HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\RRS-KING\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\RRS-KING\AppData\Roaming\IDM\idmmzcc5 [2017-10-09] [Legacy] [not signed]
FF HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-19]
CHR Extension: (Slides) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-30]
CHR Extension: (Docs) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-30]
CHR Extension: (YouTube) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-30]
CHR Extension: (Sheets) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-30]
CHR Extension: (Kaspersky Protection) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-11-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-30]
CHR Extension: (IDM Integration Module) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-18]
CHR Extension: (Yahoo Partner) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\njpedbdniajflhgfoipnjkednnlkngbj [2017-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-30]
CHR Extension: (Gmail) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-28]
CHR Profile: C:\Users\RRS-KING\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-19]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-01-11]
CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2018-01-02] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S3 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [271128 2017-06-09] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 OpenVpnService; C:\Program Files (x86)\Ivacy\bin\openvpnserv2.exe [15872 2016-11-24] ( ) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197344 2017-10-13] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [592088 2017-10-13] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021656 2017-10-13] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-19] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-13] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-01-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-01-20] (Malwarebytes)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\neo_vpn.sys [27600 2017-01-03] (Ivacy)
S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-10-18] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3421040 2014-04-30] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-20] ()
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\RRS-KING\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\RRS-KING\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-20 01:26 - 2018-01-20 01:26 - 000002805 _____ C:\Users\RRS-KING\Desktop\aswMBR.txt
2018-01-20 01:26 - 2018-01-20 01:26 - 000000512 _____ C:\Users\RRS-KING\Desktop\MBR.dat
2018-01-20 01:20 - 2018-01-20 01:20 - 000000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-20 01:20 - 2018-01-20 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-20 01:15 - 2018-01-20 01:15 - 000004267 _____ C:\Users\RRS-KING\Desktop\output_27875.txt.cab
2018-01-20 01:14 - 2018-01-20 01:15 - 000018233 _____ C:\Users\RRS-KING\Desktop\output_27875.txt
2018-01-20 01:14 - 2018-01-20 01:14 - 000003436 _____ C:\Users\RRS-KING\Desktop\weediagnose__v0.6.0.bat
2018-01-20 01:12 - 2018-01-20 01:16 - 000000000 ____D C:\AdwCleaner
2018-01-19 19:29 - 2018-01-19 19:31 - 000000000 ____D C:\Users\RRS-KING\Desktop\OOTY temp
2018-01-19 18:32 - 2018-01-19 18:32 - 000069759 _____ C:\Users\RRS-KING\Desktop\Native Calling.zip
2018-01-19 17:29 - 2018-01-19 17:30 - 000003755 _____ C:\Users\RRS-KING\Desktop\paypal.txt
2018-01-19 16:02 - 2016-03-23 15:27 - 000054004 _____ C:\Users\RRS-KING\Desktop\app.inc
2018-01-18 05:21 - 2018-01-18 05:21 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-17 11:17 - 2018-01-17 11:17 - 000683691 _____ C:\Users\RRS-KING\Downloads\MEW.pdf
2018-01-13 22:52 - 2018-01-18 07:49 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\minergate
2018-01-13 22:26 - 2018-01-13 22:26 - 000000617 _____ C:\Users\Public\Desktop\MinerGate.lnk
2018-01-13 22:26 - 2018-01-13 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinerGate
2018-01-13 22:25 - 2018-01-13 22:50 - 000000000 ____D C:\Program Files\MinerGate
2018-01-13 13:38 - 2018-01-13 13:38 - 000001870 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-01-13 12:11 - 2018-01-13 12:11 - 007906720 _____ (Tim Kosse) C:\Users\RRS-KING\Downloads\FileZilla_3.30.0_win64-setup.exe
2018-01-12 22:47 - 2018-01-13 17:25 - 000000000 ____D C:\Users\RRS-KING\Desktop\article
2018-01-12 20:52 - 2018-01-12 20:52 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\VertcoinOneClickMiner
2018-01-12 20:50 - 2018-01-12 20:50 - 000003105 _____ C:\Users\RRS-KING\Desktop\Vertcoin One-Click Miner.lnk
2018-01-12 20:50 - 2018-01-12 20:50 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vertcoin 'One-Click' Miner
2018-01-12 20:50 - 2018-01-12 20:50 - 000000000 ____D C:\Program Files (x86)\Vertcoin One-Click Miner
2018-01-11 18:41 - 2018-01-11 18:41 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\electroneum
2018-01-11 18:18 - 2018-01-20 01:25 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-11 18:18 - 2018-01-18 05:21 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-11 18:18 - 2018-01-11 19:06 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-11 18:18 - 2018-01-11 18:18 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-11 05:49 - 2017-12-29 07:17 - 000226024 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2018-01-10 19:30 - 2018-01-10 19:30 - 000000494 _____ C:\Users\RRS-KING\Downloads\README BeagleBone Black OR Raspberry PI.txt
2018-01-10 19:19 - 2018-01-10 19:21 - 000000000 ____D C:\ProgramData\electroneum
2018-01-10 19:00 - 2018-01-10 19:01 - 000000000 ____D C:\Users\RRS-KING\Desktop\CNM
2018-01-10 18:09 - 2018-01-10 18:09 - 000832453 _____ C:\Users\RRS-KING\Downloads\Electroneum_Offline_Wallet.pdf
2018-01-10 14:59 - 2018-01-10 14:59 - 000012547 _____ C:\Users\RRS-KING\Downloads\product10.php
2018-01-09 17:52 - 2018-01-02 13:30 - 000590680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-09 17:52 - 2018-01-02 13:30 - 000242520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-09 17:52 - 2018-01-02 13:30 - 000214392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-09 17:52 - 2018-01-02 13:26 - 002530400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-09 17:52 - 2018-01-02 13:26 - 000567656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-09 17:52 - 2018-01-02 13:26 - 000397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2018-01-09 17:52 - 2018-01-02 13:26 - 000136536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-09 17:52 - 2018-01-02 12:09 - 022374248 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-09 17:52 - 2018-01-02 12:09 - 007408984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-09 17:52 - 2018-01-02 12:09 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-09 17:52 - 2018-01-02 12:09 - 000418648 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-09 17:52 - 2018-01-02 12:09 - 000354648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-09 17:52 - 2018-01-02 12:08 - 002176064 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-01-09 17:52 - 2018-01-02 12:08 - 001662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-09 17:52 - 2018-01-02 12:08 - 001063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-01-09 17:52 - 2018-01-02 12:07 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-09 17:52 - 2018-01-02 12:07 - 001676056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-09 17:52 - 2018-01-02 12:07 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-09 17:52 - 2018-01-02 12:07 - 001500432 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-09 17:52 - 2018-01-02 12:07 - 001371352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-09 17:52 - 2018-01-02 12:07 - 001135280 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-09 17:52 - 2018-01-02 12:07 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-09 17:52 - 2018-01-02 12:05 - 001307840 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-09 17:52 - 2018-01-02 12:05 - 000989528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-09 17:52 - 2018-01-02 11:35 - 000164296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-09 17:52 - 2018-01-02 11:33 - 025739264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-09 17:52 - 2018-01-02 11:33 - 000341384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-01-09 17:52 - 2018-01-02 11:31 - 001902328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-09 17:52 - 2018-01-02 11:30 - 019790760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-09 17:52 - 2018-01-02 11:29 - 001565520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-01-09 17:52 - 2018-01-02 11:29 - 001213784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-09 17:52 - 2018-01-02 11:28 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-09 17:52 - 2018-01-02 11:18 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-09 17:52 - 2018-01-02 11:10 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-09 17:52 - 2018-01-02 11:09 - 000686080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-09 17:52 - 2018-01-02 11:09 - 000402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-09 17:52 - 2018-01-02 11:09 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2018-01-09 17:52 - 2018-01-02 11:09 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-09 17:52 - 2018-01-02 11:09 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-09 17:52 - 2018-01-02 11:08 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2018-01-09 17:52 - 2018-01-02 11:07 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-09 17:52 - 2018-01-02 11:07 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-09 17:52 - 2018-01-02 11:04 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-09 17:52 - 2018-01-02 11:01 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-09 17:52 - 2018-01-02 11:00 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-09 17:52 - 2018-01-02 10:58 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-09 17:52 - 2018-01-02 10:58 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-09 17:52 - 2018-01-02 10:58 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-09 17:52 - 2018-01-02 10:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-01-09 17:52 - 2018-01-02 10:50 - 020275200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-09 17:52 - 2018-01-02 10:49 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-09 17:52 - 2018-01-02 10:48 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-09 17:52 - 2018-01-02 10:47 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-09 17:52 - 2018-01-02 10:47 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-09 17:52 - 2018-01-02 10:46 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-09 17:52 - 2018-01-02 10:39 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-09 17:52 - 2018-01-02 10:36 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-09 17:52 - 2018-01-02 10:32 - 000862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-09 17:52 - 2018-01-02 10:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-09 17:52 - 2018-01-02 10:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-09 17:52 - 2018-01-02 10:26 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-09 17:52 - 2018-01-02 10:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-09 17:52 - 2018-01-02 10:22 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-09 17:52 - 2018-01-02 10:21 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-09 17:52 - 2018-01-02 10:19 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-09 17:52 - 2018-01-02 10:18 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-09 17:52 - 2018-01-02 10:15 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-09 17:52 - 2018-01-02 10:14 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-09 17:52 - 2018-01-02 10:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-09 17:52 - 2018-01-02 10:13 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-09 17:52 - 2018-01-02 10:12 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-09 17:52 - 2018-01-02 10:11 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-09 17:52 - 2018-01-02 10:10 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-09 17:52 - 2018-01-02 10:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-09 17:52 - 2018-01-02 10:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-09 17:52 - 2018-01-02 10:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-09 17:52 - 2018-01-02 10:07 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-09 17:52 - 2018-01-02 10:04 - 001217536 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-09 17:52 - 2018-01-02 10:04 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-09 17:52 - 2018-01-02 10:04 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-09 17:52 - 2018-01-02 10:03 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-09 17:52 - 2018-01-02 10:03 - 000845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-09 17:52 - 2018-01-02 10:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-09 17:52 - 2018-01-02 10:02 - 000571392 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-09 17:52 - 2018-01-02 09:59 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-09 17:52 - 2018-01-02 09:57 - 001696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-09 17:52 - 2018-01-02 09:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-09 17:52 - 2018-01-02 09:56 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-09 17:52 - 2018-01-02 09:55 - 000795648 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-09 17:52 - 2018-01-02 09:55 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-09 17:52 - 2018-01-02 09:53 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-09 17:52 - 2018-01-02 09:53 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-09 17:52 - 2018-01-02 09:52 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-09 17:52 - 2018-01-02 09:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-09 17:52 - 2018-01-02 09:51 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-09 17:52 - 2018-01-02 09:50 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-09 17:52 - 2018-01-02 09:48 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-09 17:52 - 2018-01-02 09:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-09 17:52 - 2018-01-02 09:47 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-09 17:52 - 2018-01-02 09:47 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-09 17:52 - 2018-01-02 09:47 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-09 17:52 - 2018-01-02 09:47 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-09 17:52 - 2018-01-02 09:46 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-09 17:52 - 2018-01-02 09:46 - 000881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-09 17:52 - 2018-01-02 09:46 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-09 17:52 - 2018-01-02 09:46 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-09 17:52 - 2018-01-02 09:45 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-09 17:52 - 2018-01-02 09:43 - 002252800 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-09 17:52 - 2018-01-02 09:43 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-09 17:52 - 2018-01-02 09:42 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2018-01-09 17:52 - 2018-01-02 09:41 - 000185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-09 17:52 - 2018-01-02 09:41 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-09 17:52 - 2018-01-02 09:39 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-09 17:52 - 2018-01-02 09:39 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-09 17:52 - 2018-01-02 09:39 - 000543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-09 17:52 - 2018-01-02 09:37 - 001265664 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-09 17:52 - 2018-01-02 09:37 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-09 17:52 - 2018-01-02 09:36 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-09 17:52 - 2018-01-02 09:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-09 17:52 - 2018-01-02 09:29 - 000177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-09 17:52 - 2018-01-02 09:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-09 17:52 - 2018-01-02 09:27 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-09 17:52 - 2018-01-02 09:26 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-09 17:52 - 2018-01-02 09:25 - 003548160 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-01-09 17:52 - 2018-01-02 09:24 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-09 17:52 - 2018-01-02 09:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-09 17:52 - 2017-12-29 13:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-09 17:52 - 2017-12-15 04:56 - 000374096 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-09 17:52 - 2017-12-15 03:09 - 000315736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-09 17:52 - 2017-12-14 15:49 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-09 17:52 - 2017-12-13 11:09 - 000093008 _____ (Microsoft Corporation) C:\Windows\system32\KeyboardFilterSvc.dll
2018-01-09 17:52 - 2017-12-10 19:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-09 17:52 - 2017-12-10 19:16 - 007079424 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2018-01-09 17:52 - 2017-12-10 18:54 - 005275136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2018-01-09 17:52 - 2017-12-10 18:36 - 007797760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-09 17:52 - 2017-12-10 18:29 - 005270528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-09 17:52 - 2017-12-06 10:12 - 002452816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-09 17:52 - 2017-12-05 22:28 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-09 17:52 - 2014-11-08 09:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-09 17:51 - 2018-01-02 10:58 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-09 17:51 - 2018-01-02 10:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-09 17:51 - 2018-01-02 10:24 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-09 17:51 - 2018-01-02 10:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-09 17:51 - 2018-01-02 09:59 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-09 17:51 - 2018-01-02 09:55 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-09 17:51 - 2018-01-02 09:38 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-09 17:51 - 2018-01-02 09:35 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-09 17:51 - 2017-12-14 15:47 - 000044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-09 17:51 - 2017-12-10 19:28 - 000035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-09 17:51 - 2014-11-08 09:26 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-09 17:51 - 2014-11-08 09:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-09 17:51 - 2014-11-08 09:26 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-09 17:51 - 2014-11-08 08:54 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-09 17:51 - 2014-11-08 08:43 - 000039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-09 17:51 - 2014-11-08 08:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-09 17:51 - 2014-11-08 08:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-09 17:51 - 2014-11-08 08:18 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-09 17:51 - 2014-11-04 11:57 - 000128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2018-01-09 16:58 - 2018-01-09 16:58 - 000162020 _____ C:\Users\RRS-KING\Downloads\dq(1).txt
2018-01-09 16:57 - 2018-01-09 16:57 - 000002650 _____ C:\Users\RRS-KING\Downloads\b374k.txt
2018-01-09 16:56 - 2018-01-09 16:56 - 000162020 _____ C:\Users\RRS-KING\Downloads\dq.txt
2018-01-09 16:47 - 2018-01-09 16:47 - 000657194 _____ C:\Users\RRS-KING\Downloads\c99priv.txt
2018-01-09 16:45 - 2018-01-09 16:46 - 000440658 _____ C:\Users\RRS-KING\Downloads\r57priv.txt
2018-01-09 16:37 - 2018-01-09 16:37 - 000162853 _____ C:\Users\RRS-KING\Downloads\c99.txt
2018-01-06 16:36 - 2018-01-06 16:36 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-06 16:36 - 2018-01-06 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-06 16:36 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-06 16:01 - 2018-01-06 16:01 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-06 11:58 - 2018-01-06 11:58 - 007916104 _____ (Tim Kosse) C:\Users\RRS-KING\Downloads\FileZilla_3.29.0_win64-setup.exe
2018-01-04 18:14 - 2018-01-04 18:17 - 000000000 ____D C:\Users\RRS-KING\Desktop\Kachara
2018-01-04 06:29 - 2018-01-04 06:29 - 000000000 ____D C:\Users\Public\Documents\CrashDump
2018-01-04 06:28 - 2018-01-04 06:28 - 000000000 ____D C:\Users\RRS-KING\Documents\Samsung
2018-01-04 06:28 - 2018-01-04 06:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2018-01-04 06:27 - 2018-01-04 06:28 - 000000000 ____D C:\ProgramData\Samsung
2018-01-04 06:26 - 2018-01-11 19:17 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\Samsung
2018-01-04 06:26 - 2018-01-11 19:12 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-01-04 06:26 - 2016-12-08 19:04 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2018-01-04 05:04 - 2018-01-04 05:04 - 006352735 _____ C:\Users\RRS-KING\Downloads\SuperSU v2.82 SR3.apk
2018-01-03 21:30 - 2018-01-03 21:30 - 000220675 _____ C:\Users\RRS-KING\Downloads\kali-linux-2017.3-amd64.torrent
2018-01-03 17:27 - 2018-01-03 17:28 - 000019524 _____ C:\Users\RRS-KING\Downloads\www.TamilRockers.com - X-Men Complete 720p BD-Rips Tamil + Hindi + Telugu + Eng.torrent
2018-01-03 17:14 - 2018-01-18 20:50 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\dvdcss
2018-01-02 21:35 - 2018-01-02 21:35 - 000011891 _____ C:\Users\RRS-KING\Downloads\www.TamilRockers.ro - The Foreigner (2017)1080p - BDRip Original Auds - Tamil + Telugu + Hindi + Eng DD 5.1 - x264 - 2.1GB - ESubs.mkv.torrent
2018-01-02 21:34 - 2018-01-02 21:34 - 000021919 _____ C:\Users\RRS-KING\Downloads\www.TamilRockers.ro - The Foreigner (2017)DVD5 UNTOUCHED DD 5.1 - Tamil + Telugu + Hindi + Eng - x264 - 4GB - ESubs.torrent
2018-01-02 19:53 - 2018-01-02 19:53 - 000011483 _____ C:\Users\RRS-KING\Downloads\www.TamilRockers.ro - The Foreigner (2017)720p - BDRip Original Auds - Tamil + Telugu + Hindi + Eng - x264 - 1GB - ESubs.mkv.torrent
2017-12-31 13:30 - 2017-12-31 13:30 - 000012478 _____ C:\Users\RRS-KING\Downloads\www.TamilRockers.tv - Justice League (2017)720p - HC HDRip - Line Auds Tamil + Hindi + Eng.mkv.torrent
2017-12-28 02:01 - 2017-12-28 02:02 - 007318216 _____ (Tonec Inc.) C:\Users\RRS-KING\Downloads\idman630build2.exe
2017-12-26 18:51 - 2017-12-26 18:51 - 000015606 _____ C:\Users\RRS-KING\Downloads\B7DF675767E5DC2D3FF4213181B3B0598A406982.torrent
2017-12-24 14:04 - 2017-12-24 14:04 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2017-12-24 14:04 - 2017-12-24 14:04 - 000001043 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-20 01:29 - 2017-01-19 01:30 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766568034-3981997856-901821736-1001
2018-01-20 01:28 - 2017-05-26 06:50 - 000000000 ____D C:\FRST
2018-01-20 01:25 - 2017-01-19 19:18 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\CrashDumps
2018-01-20 01:23 - 2017-01-19 01:34 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D3FA187-DC22-4085-A54E-2AA99B21B254}
2018-01-20 01:22 - 2017-01-19 15:59 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\Skype
2018-01-20 01:21 - 2017-05-27 05:39 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-20 01:20 - 2017-05-27 05:39 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-20 01:12 - 2017-10-09 13:02 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\IDM
2018-01-20 00:50 - 2017-01-20 14:10 - 000000402 _____ C:\Windows\Tasks\update-sys.job
2018-01-20 00:47 - 2017-01-19 19:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-01-19 23:00 - 2017-01-19 02:10 - 000000000 ____D C:\Users\RRS-KING\AppData\LocalLow\Mozilla
2018-01-19 22:13 - 2017-01-20 14:10 - 000000402 _____ C:\Windows\Tasks\update-S-1-5-21-2766568034-3981997856-901821736-1001.job
2018-01-19 19:31 - 2017-01-19 17:44 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\WhatsApp
2018-01-19 19:05 - 2017-01-19 17:31 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\TeamViewer
2018-01-19 15:55 - 2017-05-24 06:17 - 000000000 ____D C:\Users\RRS-KING\Desktop\Desktop Files
2018-01-19 15:55 - 2016-03-16 20:56 - 000000000 ____D C:\Users\RRS-KING\Desktop\V301-Update-Files
2018-01-19 15:54 - 2017-01-19 17:23 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\uTorrent
2018-01-19 15:53 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2018-01-19 14:33 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2018-01-19 13:45 - 2017-10-12 17:54 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\vlc
2018-01-18 14:07 - 2017-10-09 13:02 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\DMCache
2018-01-18 05:37 - 2017-01-19 19:21 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-01-18 05:33 - 2017-01-19 01:25 - 000000000 ____D C:\Users\RRS-KING
2018-01-18 05:23 - 2017-01-19 16:41 - 000000000 ____D C:\Users\UpdatusUser
2018-01-18 05:20 - 2017-02-03 11:44 - 000000000 ____D C:\ProgramData\VMware
2018-01-18 05:19 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-18 05:17 - 2017-01-19 02:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-17 21:20 - 2017-01-31 20:36 - 000000600 _____ C:\Users\RRS-KING\AppData\Local\PUTTY.RND
2018-01-17 21:17 - 2017-09-01 22:02 - 000002926 _____ C:\Users\RRS-KING\Desktop\Server Details.txt
2018-01-17 15:41 - 2017-08-21 01:16 - 000002168 _____ C:\Users\RRS-KING\Desktop\new research.txt
2018-01-17 10:23 - 2017-01-21 02:00 - 000000000 ____D C:\Users\RRS-KING\Desktop\proof
2018-01-16 18:02 - 2017-08-21 01:10 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2018-01-16 18:02 - 2017-08-21 01:10 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2018-01-16 16:16 - 2017-01-19 16:01 - 000000000 ____D C:\Users\RRS-KING\Downloads\Compressed
2018-01-16 09:35 - 2013-08-22 21:06 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-16 09:32 - 2017-01-19 22:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-14 21:11 - 2017-01-23 18:51 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\FileZilla
2018-01-14 20:14 - 2017-12-11 23:27 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\WhatsApp
2018-01-14 20:14 - 2017-01-19 17:44 - 000002244 _____ C:\Users\RRS-KING\Desktop\WhatsApp.lnk
2018-01-14 20:14 - 2017-01-19 17:44 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-01-14 20:14 - 2017-01-19 17:44 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\SquirrelTemp
2018-01-14 19:57 - 2017-03-27 22:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-13 13:38 - 2017-01-23 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-01-13 13:38 - 2017-01-23 18:51 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-01-13 00:51 - 2017-01-23 18:51 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\FileZilla
2018-01-12 23:36 - 2017-01-21 02:00 - 000000000 ____D C:\Users\RRS-KING\Desktop\rar
2018-01-11 19:21 - 2017-09-24 00:44 - 000000000 ____D C:\Users\RRS-KING\AppData\Local\Kontent Machine 3
2018-01-11 19:17 - 2017-01-19 16:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-11 18:57 - 2013-08-22 21:06 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-11 18:24 - 2014-11-22 06:30 - 000869216 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-11 18:16 - 2013-08-22 20:14 - 000492624 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-11 18:11 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-01-11 18:07 - 2017-03-12 01:23 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 18:07 - 2013-08-22 21:06 - 000000000 ___RD C:\Windows\ToastData
2018-01-11 18:03 - 2017-10-13 00:40 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 18:03 - 2017-03-12 01:23 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 14:11 - 2017-01-19 16:54 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-11 10:18 - 2017-01-19 16:01 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-01-09 21:22 - 2017-11-02 12:23 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 21:22 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 21:22 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-06 16:36 - 2017-01-19 18:47 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-06 12:21 - 2017-01-19 15:51 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 12:21 - 2017-01-19 15:51 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-06 07:23 - 2017-01-19 02:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-06 07:22 - 2017-01-19 02:10 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-02 21:30 - 2017-01-19 16:01 - 000000000 ____D C:\Users\RRS-KING\Downloads\Video
2017-12-31 13:10 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
2017-12-30 20:28 - 2017-11-06 19:04 - 000000000 ____D C:\Users\RRS-KING\Downloads\torrent
2017-12-28 02:03 - 2017-10-09 13:02 - 000000000 ____D C:\Users\RRS-KING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-12-26 12:00 - 2017-09-13 01:57 - 000001878 _____ C:\Users\RRS-KING\Documents\paypal.txt
2017-12-21 05:26 - 2017-12-16 20:56 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-21 05:26 - 2017-12-16 20:56 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-01-31 20:36 - 2018-01-17 21:20 - 000000600 _____ () C:\Users\RRS-KING\AppData\Local\PUTTY.RND
2017-04-28 22:53 - 2017-04-28 22:53 - 000000552 _____ () C:\Users\RRS-KING\AppData\Local\TroubleshooterConfig.json
2017-01-20 14:10 - 2017-01-20 14:10 - 000000003 _____ () C:\Users\RRS-KING\AppData\Local\updater.log
2017-01-20 14:10 - 2017-05-07 02:54 - 000000425 _____ () C:\Users\RRS-KING\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-01-20 01:21 - 2018-01-02 12:07 - 001737600 _____ (Microsoft Corporation) C:\Users\RRS-KING\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\kl1.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klbackupdisk.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klbackupflt.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\kldisk.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klelam.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klflt.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klhk.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klif.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klim6.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klkbdflt.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klmouflt.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klpd.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klwfp.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\klwtp.sys -> Access Denied <======= ATTENTION
C:\Windows\system32\drivers\kneps.sys -> Access Denied <======= ATTENTION

LastRegBack: 2017-01-19 01:20

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by RRS-KING (20-01-2018 01:30:59)
Running from C:\Users\RRS-KING\Downloads\Programs
Windows 8.1 Pro (Update) (X64) (2017-01-18 19:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2766568034-3981997856-901821736-500 - Administrator - Disabled)
Guest (S-1-5-21-2766568034-3981997856-901821736-501 - Limited - Disabled)
RRS-KING (S-1-5-21-2766568034-3981997856-901821736-1001 - Administrator - Enabled) => C:\Users\RRS-KING
UpdatusUser (S-1-5-21-2766568034-3981997856-901821736-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Camtasia 9 (HKLM\...\{D8A1F37A-B11B-4451-830D-6A243ADE2591}) (Version: 9.0.1.1422 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{48cb006a-7b5b-4a48-98fd-fbd7af456b0d}) (Version: 9.0.1.1422 - TechSmith Corporation)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D61C8E6E-A4F3-4CD8-8568-51CEB5660C89}) (Version: 63.0.3239.32 - Google Inc.)
FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
Firefox Developer Edition 58.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HotForex MetaTrader (HKLM-x32\...\HotForex MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
Ivacy (HKLM-x32\...\Ivacy_is1) (Version: 5.0.2.0 - Ivacy)
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Lenovo Solution Center (HKLM\...\{06913C0C-88EB-42AF-9D94-3E9136CEE9BC}) (Version: 3.6.002.003 - Lenovo)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8730.2175 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MinerGate (HKLM-x32\...\MinerGate) (Version: 7.2 - Minergate Inc)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0a1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA Graphics Driver 332.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29072 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7250 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Remote Desktop Manager (HKLM-x32\...\{2CCC20A8-80F2-4A10-8E18-1FA2E0F2F282}) (Version: 12.5.6.0 - Devolutions inc.)
RogueKiller version 12.12.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.0.0 - Adlice Software)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Telegram Desktop version 1.1.15 (HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.15 - Telegram Messenger LLP)
Vertcoin One-Click Miner (HKLM-x32\...\{9C23EA00-1309-412B-8FD3-8CA8D7304CA8}) (Version: 1.1.78 - Vertcoin Development Team)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
WhatsApp (HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\WhatsApp) (Version: 0.2.8000 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.28-1 - Bitnami)
XM MT4 (HKLM-x32\...\XM MT4) (Version: 4.00 - MetaQuotes Software Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\RRS-KING\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\RRS-KING\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\RRS-KING\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\RRS-KING\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2766568034-3981997856-901821736-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\RRS-KING\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-11-11] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-03-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001923A2-7822-4F8E-8003-CA288A3640D0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-06-09] (Lenovo)
Task: {15564945-B10E-47CA-A807-4C67966FB381} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {27E91B2E-C3FB-404C-B9BE-D389DDE59B63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-16] (Microsoft Corporation)
Task: {3740E1C0-DA33-44B3-B702-738272063790} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {3B63A25F-309C-4B97-8F6B-F74BF28A44F8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] (Microsoft Corporation)
Task: {47D37634-BD65-4D9E-AB7F-7A9860B7A0AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {58F999E9-9F14-4806-9E83-17DB9ECE91FA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-06-09] ()
Task: {69CD64D1-E003-4101-ACC5-C06C08BD02ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {75C72A74-A474-4F71-9BC9-7EF14402FFA0} - System32\Tasks\{045DB4A9-FC44-46B0-9765-46F8EB6BB1AA} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.31.80.104/en/go/help.faq.installer?LastError=1618
Task: {8E10837D-C360-45E1-8A61-20B11C13CCDA} - System32\Tasks\{3A5EE5A1-8E65-4F87-9661-25CD7C80C5C8} => C:\Windows\system32\pcalua.exe -a C:\Users\RRS-KING\AppData\Local\Apps\2.0\4R22CY97.TYV\AJLLNM5G.VW9\lsb...tion_2d7b41b05b24775e_0001.0006_4ad0cc2df341434a\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=2d7b41b05b24775e, processorArchitecture=msil"
Task: {8E54BB31-ECB4-4A1E-BDA8-13F796720017} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-06-09] (Lenovo)
Task: {971E619E-988A-4524-9209-A59283A64C75} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-16] (Microsoft Corporation)
Task: {97B79ED3-A461-49D6-B1D8-A6A13DDFFD69} - System32\Tasks\LaunchChromeTask111 => C:\Program Files\FileZilla FTP Client\FileZilla.exe [2018-01-08] (FileZilla Project)
Task: {9824A94B-A18B-4890-8C87-0556DE65E073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {B3C482CE-3DA7-4928-B7A0-C0E8A13D3F17} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {C5290C35-210B-4353-8A92-CD9ED092617C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-16] (Microsoft Corporation)
Task: {C5D78675-FF71-4F0D-9CB3-CAD49C51E2E7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {D09C665D-ECCF-47EF-A9AF-23BF7BF59FA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {E66CECAA-5C57-4BAD-9B91-C347F43299CA} - System32\Tasks\{805E3FBB-6357-4551-AF9B-72A4E42E456A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.31.80.104/en/abandoninstall?page=tsProgressBar
Task: {E71F3D5E-EE65-46DB-A5DD-FB0698751468} - System32\Tasks\update-S-1-5-21-2766568034-3981997856-901821736-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {EB555428-2369-4A9F-8C57-B27A4A5A7ADF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F68C619C-6820-40A6-9D18-554F29E154F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2766568034-3981997856-901821736-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\RRS-KING\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

ShortcutWithArgument: C:\Users\RRS-KING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\RRS-KING\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\RRS-KING\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Suprakash - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-01-19 16:41 - 2014-03-27 20:18 - 000116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-01-06 16:36 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-06 16:36 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-17 01:33 - 2016-12-17 01:33 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2018-01-10 19:01 - 2014-05-24 21:27 - 000018944 _____ () C:\Users\RRS-KING\Desktop\CNM\CryptoNoteMiner.exe
2018-01-11 18:41 - 2018-01-11 18:41 - 001185271 _____ () C:\Users\RRS-KING\Desktop\CNM\binaries\cpuminer\64bit\minerd.exe
2018-01-10 19:01 - 2014-05-17 20:03 - 000089600 _____ () C:\Users\RRS-KING\Desktop\CNM\binaries\cpuminer\64bit\zlib1.dll
2017-01-19 22:12 - 2017-12-19 05:43 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-01-01 06:37 - 2018-01-01 06:37 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-01-08 18:30 - 2018-01-08 18:30 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-01-19 22:12 - 2017-12-19 05:42 - 008934568 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-01-24 22:11 - 2016-07-12 07:46 - 001632256 _____ () C:\Users\RRS-KING\Desktop\IPTS\blink\libglesv2.dll
2017-01-24 22:11 - 2016-07-12 07:47 - 000079360 _____ () C:\Users\RRS-KING\Desktop\IPTS\blink\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-07-18 14:40 - 000000824 ____R C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2766568034-3981997856-901821736-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RRS-KING\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 203.145.184.32 - 203.145.184.13
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 3
MSCONFIG\Services: LSC.Services.SystemService => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ShareItSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "odrive.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Canon LBP2900 Status Window.lnk"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP DeskJet 2130 series.lnk"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "ipjingling"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2766568034-3981997856-901821736-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP DeskJet 2130 series.lnk"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "ipts"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "ipjingling"
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2EE8318F-473A-4F28-BE7D-ACDD56EC6A8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDED7106-B869-45C2-A855-F16D421ACCA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3663F426-8F69-4700-BE67-1EACD84E53AD}C:\users\rrs-king\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rrs-king\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{560E3E93-B1E5-47E4-9793-AA7E3BD2A8C2}C:\users\rrs-king\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rrs-king\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{6B6345F6-D081-4B55-9B90-689AC79954FC}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9B59A098-241D-4B2B-BAAD-508AF569F235}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ECF60D16-EEAF-42BB-A7C8-6DBAD0E416A7}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C3B4747-FA0F-4D72-B397-60E91ED67F81}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{129FC767-7FB5-4CC4-BE36-C6740631AB46}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3DB34D0-DB96-4624-91D5-B9015F76FF01}] => (Allow) C:\Users\RRS-KING\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E42B9F9-46BA-4647-ACAD-3045190D7599}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CF4662A9-EDD1-465A-92C8-A464FCAD591C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CEE67C6F-9371-452C-A080-0C3CD20B4F19}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{0BB70B64-961C-447A-AF8B-C6F251BF29E5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FAE4A712-3A01-4152-9F84-B0BCFA3D25D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7B780098-41B9-473A-A416-3DF49B8F8296}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{7EEE55C0-6477-49BC-BA2E-4793EFB943A4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F2CCF690-BDF6-41F6-B044-DB24B361EF16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{22DB152B-2420-453C-B6CE-AC71F2A75E0F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{93507CFB-9795-47DF-BBB8-DDC95AEF9546}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{571A276B-A50C-4844-B0D9-DC8894EDEA69}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{9BA88B3E-0138-4F4E-AAAC-7A41F5D73453}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{534BA4D9-DE5A-41BB-A2F4-2645920B38B7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{9F4B41AF-4E61-46AA-8AD8-D44332908134}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{06D7EF12-1FFA-4198-84AB-DADA0D566839}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{397B630A-1906-42E4-A8EF-113DFBF5513C}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{DAC38A21-9525-4380-91D0-BF5EB79AF959}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{DA5EBF41-2767-4165-81E9-1EE78AB1192B}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{24C1FDD7-FF31-4BCC-9BBC-A2BD145C14ED}] => (Allow) C:\Windows\System32\CNAB4RPD.EXE
FirewallRules: [{DCCC6C14-4AD3-402D-A4E1-30416D867F4C}] => (Allow) C:\Windows\System32\CNAB4RPD.EXE
FirewallRules: [{D0077507-2B89-4CD3-918D-5A767972B77D}] => (Allow) C:\Program Files (x86)\Ivacy\vpnclient.exe
FirewallRules: [{C744CBF6-F8D8-485C-885B-66C028157F69}] => (Block) C:\Program Files (x86)\Devolutions\Remote Desktop Manager\RemoteDesktopManager.exe
FirewallRules: [{158F2760-B01E-44A7-83FF-E45C426191A8}] => (Block) C:\Program Files (x86)\Devolutions\Remote Desktop Manager\RemoteDesktopManager.exe
FirewallRules: [{E5A9459E-0E26-49BD-8219-E3C8EE612E3B}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{545DDA1A-B90E-4343-8F9F-37A87746A634}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5A38B204-9684-41C7-8D35-154E62F5C208}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS0B55\HPDiagnosticCoreUI.exe
FirewallRules: [{CF81784A-F900-4EE3-9146-17B7599C83E1}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS0B55\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{87265852-E142-499F-8B96-AE22AD58363E}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{74518BDA-63B9-4C4E-BC15-DB1782C76190}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{7F0C5E4A-0F0C-4DA6-83DA-1276E8AF285D}C:\users\rrs-king\downloads\programs\anydesk.exe] => (Allow) C:\users\rrs-king\downloads\programs\anydesk.exe
FirewallRules: [UDP Query User{254972E4-EB34-4F42-B64A-266A15AB67DB}C:\users\rrs-king\downloads\programs\anydesk.exe] => (Allow) C:\users\rrs-king\downloads\programs\anydesk.exe
FirewallRules: [{EFED6256-CBE7-42F9-BA1A-CD81B0D13276}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{5388DFAF-43DD-4865-A311-E6906D91FE35}C:\program files\java\jdk1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{D7703800-397E-4619-9B43-0940A2957CD0}C:\program files\java\jdk1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_144\bin\javaw.exe
FirewallRules: [{2B48352E-C17A-4FE1-ABF6-A24068E264C4}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{13B0ED13-A282-4B3A-B161-A9449D8DC73E}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{31DFDFD5-8D65-44B8-B928-08428FBF12AF}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{30AD5403-F3D0-4EB2-BE55-14D9CCE78F29}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{E311B545-DE71-4108-AD47-58367E5FBE76}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0401CF60-C847-4EC3-B695-52257D472B4A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FB19F72D-9AC9-4C01-A65A-A6947F0A6AC5}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS106E\HPDiagnosticCoreUI.exe
FirewallRules: [{81E9D9E4-B64D-45C6-8C05-34BCE03BE3FB}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS106E\HPDiagnosticCoreUI.exe
FirewallRules: [{278FF27D-FAC8-41C0-89F7-57F97F47F60D}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS10F7\HPDiagnosticCoreUI.exe
FirewallRules: [{1DBB18C7-55DA-4267-8337-A004BA5FED91}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS10F7\HPDiagnosticCoreUI.exe
FirewallRules: [{821EBE6F-5C74-41A8-AF3C-73A49F036AC4}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS1169\HPDiagnosticCoreUI.exe
FirewallRules: [{AC955DDB-F939-4B9C-83FC-B117A38CF433}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS1169\HPDiagnosticCoreUI.exe
FirewallRules: [{7A60E3EA-916B-4344-B4DE-7F25ED08187C}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS1533\HPDiagnosticCoreUI.exe
FirewallRules: [{7CBB243E-6E0E-415D-BBFB-E64ED56AF471}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS1533\HPDiagnosticCoreUI.exe
FirewallRules: [{28DBDFBC-3AFF-48B6-8BA5-CA3005B35EB8}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS797C\HPDiagnosticCoreUI.exe
FirewallRules: [{9C46647C-63C8-45C0-9E3C-736FDB431C2A}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS797C\HPDiagnosticCoreUI.exe
FirewallRules: [{3BE3D11D-2D9D-462E-975C-7A19469EC002}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS0094\HPDiagnosticCoreUI.exe
FirewallRules: [{7EC5261B-09A6-40B2-9408-42A50AF363C4}] => (Allow) C:\Users\RRS-KING\AppData\Local\Temp\7zS0094\HPDiagnosticCoreUI.exe
FirewallRules: [{86E39034-5887-49BB-B2BC-839A98A06CF9}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
FirewallRules: [{0C522B17-C691-41F0-B2C9-82891A3CFF9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0F124299-F700-4BFC-A2EF-C2724FCBF3CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3C1605E1-B697-41FD-9DA9-E21AE24301F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BDE0B10F-95AB-4AA6-8739-9381CF6C5D99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{271362A2-F952-4A91-BA4F-FFF37960F3EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{C90DDF0A-7DA1-4EE1-B4EF-C389171D88DF}C:\users\rrs-king\appdata\local\temp\rar$exa0.144\electroneumd.exe] => (Allow) C:\users\rrs-king\appdata\local\temp\rar$exa0.144\electroneumd.exe
FirewallRules: [UDP Query User{95F468DD-ACBB-45FC-BC71-485F809EDD39}C:\users\rrs-king\appdata\local\temp\rar$exa0.144\electroneumd.exe] => (Allow) C:\users\rrs-king\appdata\local\temp\rar$exa0.144\electroneumd.exe
FirewallRules: [TCP Query User{7BDAEFCD-7001-49A6-99D4-916A1757DC1E}C:\users\rrs-king\appdata\local\temp\rar$exa0.854\electroneumd.exe] => (Allow) C:\users\rrs-king\appdata\local\temp\rar$exa0.854\electroneumd.exe
FirewallRules: [UDP Query User{F8D190BE-4CB1-4E0C-87F7-AEB87E7DBFE5}C:\users\rrs-king\appdata\local\temp\rar$exa0.854\electroneumd.exe] => (Allow) C:\users\rrs-king\appdata\local\temp\rar$exa0.854\electroneumd.exe

==================== Restore Points =========================

11-01-2018 14:10:30 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
11-01-2018 14:11:01 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123
12-01-2018 20:49:28 Installed Vertcoin One-Click Miner
19-01-2018 14:26:30 Windows Update
20-01-2018 01:22:22 Removed Java SE Development Kit 8 Update 144 (64-bit)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2018 01:33:47 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:03:46Z. Error Code: 0x80041318.

Error: (01/20/2018 01:33:16 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:03:16Z. Error Code: 0x80041318.

Error: (01/20/2018 01:32:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/20/2018 01:32:46 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:02:46Z. Error Code: 0x80041318.

Error: (01/20/2018 01:32:16 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:02:16Z. Error Code: 0x80041318.

Error: (01/20/2018 01:31:46 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:01:46Z. Error Code: 0x80041318.

Error: (01/20/2018 01:31:16 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:01:16Z. Error Code: 0x80041318.

Error: (01/20/2018 01:30:46 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:00:46Z. Error Code: 0x80041318.

Error: (01/20/2018 01:30:16 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T20:00:16Z. Error Code: 0x80041318.

Error: (01/20/2018 01:29:46 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2117-12-26T19:59:46Z. Error Code: 0x80041318.


System errors:
=============
Error: (01/18/2018 08:44:03 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/18/2018 08:38:19 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/18/2018 05:23:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/18/2018 05:23:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749126

Error: (01/18/2018 05:19:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 04:54:28 on ‎18-‎01-‎2018 was unexpected.

Error: (01/15/2018 11:07:12 PM) (Source: DCOM) (EventID: 10010) (User: RRS)
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.

Error: (01/13/2018 11:41:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service did not respond on starting.

Error: (01/13/2018 11:32:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16389

Error: (01/11/2018 07:10:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service did not respond on starting.

Error: (01/11/2018 06:03:01 PM) (Source: DCOM) (EventID: 10010) (User: RRS)
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2018-01-18 05:19:18.149
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-13 23:34:35.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-11 19:04:21.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-11 18:16:18.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-10 09:40:09.744
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-09 12:29:46.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-06 16:32:08.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 21:44:06.789
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-23 20:41:41.399
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-22 12:40:59.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4460T CPU @ 1.90GHz
Percentage of memory in use: 82%
Total physical RAM: 8110.7 MB
Available physical RAM: 1431.64 MB
Total Virtual: 10000.56 MB
Available Virtual: 3980.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:429.69 GB) (Free:222.64 GB) NTFS
Drive e: () (Fixed) (Total:194.8 GB) (Free:20.93 GB) NTFS
Drive f: () (Fixed) (Total:292.97 GB) (Free:37.58 GB) NTFS
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1593.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 09D283A4)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: C070F92F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



 


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP