Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with Farbar Recovery Scan Tool (first time use) [Closed]

Started by zHugz , Jan 19 2019 03:46 AM
#Malware #Adware

  • This topic is locked This topic is locked

#1
zHugz
Posted 19 January 2019 - 03:46 AM

zHugz

    New Member

  • Member
  • Pip
  • 1 posts
I have problem the malware auto blocking (suspend) anti-malware apps and anti-malware website on normal boot. And it will open an ad on my web browser every 4 or 5 minutes
 
Sorry for bothering but i don't know how to find errors and create fix file. Can some one help me please
 
Here is my FRST.txt (edited)
 
Thanks alot
 
 
----------------
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by Minh Hung Nguyen (administrator) on MINHHUNGNGUYEN (20-01-2019 12:15:44)
Running from C:\Users\Minh Hung Nguyen\Desktop
Loaded Profiles: Minh Hung Nguyen (Available Profiles: Minh Hung Nguyen & SQLTELEMETRY$MINHHUNGNGUYEN & SSISScaleOutWorker140 & SSISTELEMETRY140 & MSSQL$MINHHUNGNGUYEN & SSISScaleOutMaster140 & MsDtsServer140 & SQLAgent$MINHHUNGNGUYEN & MSSQLFDLauncher$MINHHUNGNGUYEN & MSSQLLaunchpad$MINHHUNGNGUYEN & MSOLAP$MINHHUNGNGUYEN & SSASTELEMETRY$MINHHUNGNGUYEN)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-02] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-02] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [10752 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3952696 2016-08-06] (Tonec Inc.)
HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [reWASD Tray Agent] => "E:\Legacy of Kain Defiance\Gia lap Xbox\Launcher.exe" -autoremap -runtray
HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\Run: [Steam] => E:\Steam\steam.exe [3208992 2018-10-13] (Valve Corporation)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-19] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{4DA7114C-DE47-43BF-A644-62876DCC2A72}] -> C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDCREDPROV.DLL [2012-05-17] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-07-19]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAT 9 Charge Indicator.lnk [2017-07-18]
ShortcutTarget: RAT 9 Charge Indicator.lnk -> C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Installer\{E351A4AC-5D5D-4748-A2FE-310EC70F3E05}\_CD6D2B41032FC8A5BF211A.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 183.91.0.70 192.168.0.1
Tcpip\..\Interfaces\{980e9ff6-8760-49ec-8f7a-ba15e933f254}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{980e9ff6-8760-49ec-8f7a-ba15e933f254}: [DhcpNameServer] 8.8.8.8 183.91.0.70 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/amiracleteam
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: No Name -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 0ryaw7co.default
FF ProfilePath: C:\Users\Minh Hung Nguyen\AppData\Roaming\Zotero\Zotero\Profiles\0ryaw7co.default [2018-03-19]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\[email protected] [not found]
FF HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Minh Hung Nguyen\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Minh Hung Nguyen\AppData\Roaming\IDM\idmmzcc5 [2019-01-19] [Legacy] [not signed]
FF HKU\S-1-5-21-3869432078-3112319213-3029022193-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-08-03] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2017-08-09] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-29] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> E:\GarenaBnSVN\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-19] (Google Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default [2019-01-20]
CHR Extension: (Slides) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]
CHR Extension: (YouTube) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]
CHR Extension: (Adblock Plus) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Sheets) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (space debris) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icefnbcfgejfmjnjgjcimkbhgkebdhab [2017-07-19]
CHR Extension: (IDM Integration Module) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Data Saver) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-07-19]
CHR Extension: (Gmail) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\Minh Hung Nguyen\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-08-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1811.2302\gxxsvc.exe [315712 2018-11-23] (Garena Online )
S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-11-02] (Rivet Networks)
S2 MsDtsServer140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\MsDtsSrvr.exe [219824 2017-08-22] (Microsoft Corporation)
S4 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [23040 2016-03-04] () [File not signed]
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S2 MSSQL$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation)
S3 MSSQLFDLauncher$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\fdlauncher.exe [60592 2017-08-22] (Microsoft Corporation)
S2 MSSQLLaunchpad$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\launchpad.exe [1121464 2017-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7744512 2017-05-01] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-12-06] (NVIDIA Corporation)
S2 RedgateClient; C:\Program Files (x86)\Common Files\Red Gate\Shared Client\RedGate.Client.Service.exe [292680 2018-05-22] (Red Gate Software Ltd)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\140\Tools\DReplayClient\DReplayClient.exe [121008 2017-08-22] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\140\Tools\DReplayController\DReplayController.exe [350384 2017-08-22] (Microsoft Corporation)
S3 SQLAgent$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation)
S2 SQLPBDMS$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\Polybase\mpdwsvc.exe [7321784 2017-08-22] (Microsoft Corporation)
S2 SQLPBENGINE$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\Polybase\mpdwsvc.exe [7321784 2017-08-22] (Microsoft Corporation)
S2 SQLTELEMETRY$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSSQL14.MINHHUNGNGUYEN\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
S2 SSASTELEMETRY$MINHHUNGNGUYEN; C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\Bin\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
S2 SSISScaleOutMaster140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\Microsoft.SqlServer.IntegrationServices.MasterServiceHost.exe [47288 2017-08-22] (Microsoft Corporation)
S2 SSISScaleOutWorker140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\Microsoft.SqlServer.IntegrationServices.WorkerAgentServiceHost.exe [45752 2017-08-22] (Microsoft Corporation)
S2 SSISTELEMETRY140; C:\Program Files\Microsoft SQL Server\140\DTS\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)
S2 MSOLAP$MINHHUNGNGUYEN; "C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS14.MINHHUNGNGUYEN\OLAP\Config"
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [38320 2016-12-25] ()
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-20] (Rivet Networks, LLC.)
R0 hidgamemap; C:\WINDOWS\System32\drivers\hidgamemap.sys [150528 2018-10-03] (Disc Soft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Qualcomm Atheros, Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-02-07] (SoftEther Corporation)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9db4450b8107f59a\nvlddmkm.sys [20420352 2018-12-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-02] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-11-30] (NVIDIA Corporation)
S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation)
S3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-10-02] (Saitek)
S3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-10-02] (Saitek)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2018-02-07] (SoftEther Corporation)
S3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R3 _hid_0738_1709; C:\WINDOWS\system32\DRIVERS\_hid_0738_1709.sys [180928 2015-10-02] (Saitek)
S0 3ware; System32\drivers\3ware.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-01-20 12:15 - 2019-01-20 12:16 - 000024028 _____ C:\Users\Minh Hung Nguyen\Desktop\FRST.txt
2019-01-20 11:49 - 2019-01-20 11:49 - 006161408 _____ C:\Users\Minh Hung Nguyen\AppData\Local\dump007.dat
2019-01-20 11:49 - 2019-01-20 11:49 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2C2A6661-5FD3-492E-9D08-0234337D8D00}
2019-01-20 11:49 - 2019-01-20 11:49 - 000003704 _____ C:\WINDOWS\System32\Tasks\nexzjgwq
2019-01-20 11:49 - 2019-01-20 11:49 - 000003504 _____ C:\WINDOWS\System32\Tasks\ocohu
2019-01-20 11:49 - 2019-01-20 11:49 - 000003488 _____ C:\WINDOWS\System32\Tasks\iToolsDaemon
2019-01-20 11:49 - 2019-01-20 11:49 - 000000009 _____ C:\Users\Minh Hung Nguyen\rstr2.ini
2019-01-20 10:48 - 2019-01-19 13:59 - 002427904 _____ (Farbar) C:\Users\Minh Hung Nguyen\Desktop\FRST64.exe
2019-01-20 10:44 - 2019-01-20 12:10 - 000460604 _____ C:\WINDOWS\ntbtlog.txt
2019-01-20 05:04 - 2019-01-20 12:15 - 000000000 ____D C:\FRST
2019-01-19 01:44 - 2019-01-19 01:44 - 014155535 _____ C:\Users\Minh Hung Nguyen\Desktop\Malwarebytes Anti-Rootkit 1.10.3.1001 Portable [hoquangdai.com].rar
2019-01-19 01:13 - 2019-01-19 01:13 - 000000000 ____D C:\WINDOWS\Panther
2019-01-19 01:03 - 2019-01-20 12:10 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-19 01:01 - 2019-01-19 01:01 - 000000000 ____D C:\WINDOWS\pss
2019-01-19 00:50 - 2019-01-19 00:50 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-19 00:50 - 2019-01-19 00:50 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-19 00:30 - 2019-01-19 00:30 - 000000000 ____D C:\Program Files (x86)\AdwCleaner
2019-01-19 00:20 - 2019-01-19 01:06 - 000000000 ____D C:\AdwCleaner
2019-01-18 00:59 - 2019-01-18 00:59 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Skyrim Special Edition
2019-01-17 07:45 - 2019-01-17 09:34 - 000000000 _____ C:\Recovery.txt
2019-01-16 12:40 - 2019-01-16 13:17 - 000000000 ____D C:\WINDOWS\amlog
2019-01-16 12:29 - 2019-01-16 12:41 - 000001560 _____ C:\WINDOWS\ampa.ini
2019-01-16 12:10 - 2019-01-16 12:10 - 000000000 ____D C:\ProgramData\AomeiBR
2019-01-14 23:55 - 2019-01-14 23:55 - 000633233 _____ C:\Users\Minh Hung Nguyen\Desktop\DS Items.xlsx
2019-01-10 10:39 - 2019-01-10 10:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\SmartSteamEmu
2019-01-10 10:37 - 2019-01-10 10:37 - 000001030 _____ C:\Users\Minh Hung Nguyen\Desktop\DARKSOULS Mod.lnk
2019-01-10 10:17 - 2019-01-10 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BANDAI NAMCO Games
2019-01-09 23:46 - 2019-01-18 13:36 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\uTorrent
2019-01-09 15:45 - 2019-01-09 15:45 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\NBGI
2019-01-09 11:43 - 2019-01-09 11:43 - 000000441 _____ C:\Users\Public\Desktop\Sword Art Online.lnk
2019-01-07 18:58 - 2019-01-07 18:58 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Wondershare Dr.Fone for iOS
2019-01-07 18:48 - 2019-01-07 18:48 - 000000000 ____D C:\ProgramData\wsr
2019-01-07 18:30 - 2019-01-19 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-01-07 18:30 - 2019-01-07 18:32 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\Wondershare
2019-01-07 18:30 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2019-01-07 18:29 - 2019-01-07 18:29 - 000000000 ____D C:\Program Files (x86)\Wondershare
2019-01-06 11:28 - 2019-01-11 12:45 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-06 11:25 - 2019-01-06 11:25 - 000000000 ____D C:\ProgramData\Sniper Elite 4 Dedicated Server
2019-01-06 11:20 - 2019-01-06 11:29 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\SniperElite4
2019-01-06 11:16 - 2019-01-06 11:16 - 000000000 ____D C:\ProgramData\Sniper Elite 4
2019-01-06 11:15 - 2019-01-06 11:15 - 000000638 _____ C:\Users\Minh Hung Nguyen\Desktop\Sniper Elite 4.lnk
2019-01-06 01:59 - 2019-01-06 01:59 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\DyingLight
2019-01-06 01:41 - 2019-01-06 01:41 - 000000459 _____ C:\Users\Public\Desktop\Dying Light - The Following.lnk
2019-01-05 23:38 - 2019-01-05 23:38 - 000000437 _____ C:\Users\Public\Desktop\Monster Hunter World.lnk
2019-01-05 23:38 - 2019-01-05 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorePack
2019-01-05 00:29 - 2019-01-05 00:29 - 000000753 _____ C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2019-01-05 00:29 - 2019-01-05 00:29 - 000000743 _____ C:\Users\Public\Desktop\Grand Theft Auto - EFLC.lnk
2019-01-04 14:00 - 2019-01-04 14:00 - 000000000 __SHD C:\ProgramData\SecuROM
2019-01-04 14:00 - 2019-01-04 14:00 - 000000000 ____D C:\ProgramData\XLive
2019-01-03 20:45 - 2019-01-20 11:44 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Assassin's Creed Unity
2019-01-03 20:45 - 2019-01-03 20:45 - 000000000 ____D C:\ProgramData\Orbit
2019-01-03 20:33 - 2019-01-03 20:33 - 000000647 _____ C:\Users\Public\Desktop\Assassin's Creed Unity.lnk
2019-01-03 14:23 - 2019-01-03 14:23 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\LocalLow\Games Farm s_r_o_
2019-01-01 15:44 - 2019-01-01 15:45 - 000001122 _____ C:\Users\Minh Hung Nguyen\Desktop\WatchDogs2.exe.lnk
2019-01-01 15:27 - 2019-01-01 15:31 - 000860872 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2019-01-01 15:27 - 2016-12-27 10:23 - 000395024 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2018-12-24 12:15 - 2018-12-24 12:15 - 000526017 _____ C:\Users\Minh Hung Nguyen\Desktop\Lịch học.pdf
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-01-20 11:52 - 2018-05-15 10:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-20 11:52 - 2018-04-12 04:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-20 11:52 - 2017-07-19 12:30 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\CrashDumps
2019-01-20 11:52 - 2017-07-18 22:33 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-20 11:50 - 2017-07-19 10:50 - 000000000 ____D C:\Program Files\rempl
2019-01-20 11:49 - 2018-05-15 10:13 - 000000000 ____D C:\Users\Minh Hung Nguyen
2019-01-20 11:49 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-20 11:49 - 2017-08-21 10:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-01-20 11:41 - 2018-10-11 21:48 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-01-20 11:39 - 2018-02-13 13:25 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\LocalLow\Temp
2019-01-20 11:39 - 2015-10-30 14:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-01-19 13:56 - 2018-05-15 10:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-19 02:31 - 2017-07-19 11:13 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Roaming\DMCache
2019-01-19 01:28 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-19 00:50 - 2017-07-19 09:36 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-19 00:47 - 2017-12-01 20:14 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Visual Studio 2013
2019-01-18 10:04 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-18 00:59 - 2017-07-27 10:54 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\My Games
2019-01-18 00:06 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-16 13:21 - 2018-05-15 10:06 - 005066712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-16 12:26 - 2018-11-09 15:03 - 000001024 ____H C:\AMTAG.BIN
2019-01-15 00:14 - 2017-07-19 07:09 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Packages
2019-01-09 15:46 - 2018-05-28 00:58 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\NBGI
2019-01-09 15:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-09 15:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-07 18:31 - 2018-04-12 06:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-06 11:28 - 2018-05-16 21:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\D3DSCache
2019-01-05 23:38 - 2018-08-13 11:52 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-01-04 23:55 - 2017-08-09 12:39 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\Rockstar Games
2019-01-04 14:00 - 2017-08-03 10:03 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\Rockstar Games
2019-01-03 14:23 - 2017-07-21 22:12 - 000000000 ____D C:\Users\Minh Hung Nguyen\Documents\FLiNGTrainer
2019-01-03 14:20 - 2017-07-19 09:43 - 000000000 ____D C:\Users\Minh Hung Nguyen\AppData\Local\ElevatedDiagnostics
2018-12-27 14:24 - 2018-12-12 12:55 - 000001268 _____ C:\Users\Minh Hung Nguyen\Desktop\CoreOptimizationNier_LaunchGameWithThis.bat.lnk
2018-12-21 11:35 - 2018-12-19 13:41 - 000000000 ____D C:\ProgramData\SP_FT_Logs
2018-12-21 11:04 - 2018-09-24 00:06 - 000002400 _____ C:\Users\Minh Hung Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-21 11:04 - 2017-07-19 09:31 - 000000000 ___RD C:\Users\Minh Hung Nguyen\OneDrive
 
==================== Files in the root of some directories =======
 
2018-04-12 06:34 - 2018-04-12 06:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\KuEuaUCo.exe
2018-04-12 06:34 - 2018-04-12 06:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Minh Hung Nguyen\AppData\Roaming\UfGUsPi.exe
2018-04-12 06:34 - 2018-04-12 06:34 - 000178688 ____N (Microsoft Corporation) C:\Users\Minh Hung Nguyen\AppData\Roaming\yOLoEArU.exe
2019-01-20 11:49 - 2019-01-20 11:49 - 006161408 _____ () C:\Users\Minh Hung Nguyen\AppData\Local\dump007.dat
 
Some files in TEMP:
====================
2019-01-20 11:49 - 2019-01-20 11:49 - 000000000 ____D () C:\Users\Minh Hung Nguyen\AppData\Local\Temp\JSCore.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-15 10:06
 
==================== End of FRST.txt ============================

Edited by zHugz, 20 January 2019 - 12:20 AM.

  • 0

Advertisements

#2
iMacg3
Posted 28 January 2019 - 10:56 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------

Sorry for the delay. If you still need help, please reply back to this thread.
  • 0

#3
iMacg3
Posted 01 February 2019 - 08:02 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: #Malware #Adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP