PDA

View Full Version : Unable to remove HKU\S-1-5-21



PrinceZuko
2017-11-11, 02:06
Hi everyone

When I run Spybot it picks up HKU\S-1-5-21 and I can't get rid of it. When I do fix selected and re-run Spybot it's still there. Similarly if I go into Regedit and delete it there it comes back.
Spybot Search results:
12968

Can you please advise/assist me in getting rid of it permanently. If you need more information please let me know.

Farbar Recovery Scan Logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Zuko (administrator) on DESKTOP-4UM6KOQ (11-11-2017 07:28:45)
Running from E:\Zuko\Documents
Loaded Profiles: Zuko & (Available Profiles: Zuko)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(LULU Software) E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) E:\Program Files (x86)\Advanced SystemCare\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Apple Inc.) E:\Program Files\Itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5857\Agent.exe
(Blizzard Entertainment) E:\Program Files\Battle.net\Battle.net.9526\Battle.net.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
() E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HYBRIDWEB.de ) C:\Program Files (x86)\FLV-Media-Player\FLV-Media-Player.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\Itunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{402a644d-d5d7-400c-8b2b-9b5321fad6b3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-08] (Microsoft Corporation)
DPF: HKLM-x32 {FD49A633-89F6-451C-9ADD-8160F8E5AA2B} hxxps://www.onesourcelogin.com.au/GFRCheckBrowser.dll
Handler: gopher - No CLSID Value
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2017-09-29] (Microsoft Corporation)
Filter: deflate - No CLSID Value
Filter: gzip - No CLSID Value
Filter: lzdhtml - No CLSID Value

FireFox:
========
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi [2017-06-20]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_conv_x86_component@sodapdf.com] - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi [2017-06-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (Slides) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Avast SafePrice) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
S3 CLKMSVC10_F47B619C; E:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-25] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-25] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Soda PDF Desktop; E:\Program Files (x86)\Soda PDF Desktop\ws.exe [2711288 2017-06-20] (LULU Software)
R2 Soda PDF Desktop Creator; E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe [757504 2017-06-20] (LULU Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [167592 2017-07-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-02] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-30] (REALiX(tm))
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-09] (Realtek )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-11 07:28 - 2017-11-11 07:28 - 000000000 ____D C:\FRST
2017-11-11 07:12 - 2017-11-11 07:12 - 000003030 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zuko)
2017-11-10 21:13 - 2017-11-10 21:13 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-09 22:36 - 2017-11-09 22:36 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-09 21:37 - 2017-11-09 21:37 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-09 21:37 - 2017-11-09 21:37 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-09 21:32 - 2017-11-09 21:32 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-11-09 21:32 - 2017-11-09 21:32 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-11-09 21:31 - 2017-11-09 21:31 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-11-09 21:31 - 2017-11-09 21:31 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 21:31 - 2017-11-09 21:31 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-09 21:30 - 2017-11-09 21:30 - 015213680 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 012935679 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-09 21:30 - 2017-11-09 21:30 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 005839840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003509232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 003093328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002210272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000154352 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-11-09 21:30 - 2017-11-09 21:30 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-09 21:30 - 2017-11-09 21:30 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-09 21:29 - 2017-11-09 21:30 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-09 21:29 - 2017-11-09 21:29 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-09 21:29 - 2017-11-09 21:29 - 000205984 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-10-28 16:15 - 2017-10-28 16:15 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438792.dll
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-10-28 16:14 - 2017-10-28 16:14 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-10-28 16:14 - 2017-10-28 16:14 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-10-28 16:14 - 2017-10-28 16:14 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-10-28 15:06 - 2017-11-09 21:33 - 000001102 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2017-10-28 15:06 - 2017-10-28 15:06 - 000003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-10-28 15:06 - 2017-10-28 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-10-14 07:34 - 2017-10-14 07:34 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-14 07:34 - 2017-10-14 07:34 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-14 07:34 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-12 07:20 - 2017-10-12 07:20 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-12 07:20 - 2017-10-12 07:20 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-11 07:27 - 2015-12-24 12:59 - 000000000 ____D C:\Users\Zuko\AppData\Local\Battle.net
2017-11-11 07:10 - 2017-07-12 18:01 - 000000000 ____D C:\Users\Zuko
2017-11-11 06:55 - 2017-07-12 18:04 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50A2D60F-92DF-48A9-A2E9-2ABBFC67B73D}
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-10 21:03 - 2017-07-12 18:10 - 001022802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 20:57 - 2017-07-12 18:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 20:57 - 2017-03-18 19:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-10 20:10 - 2017-10-11 06:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-10 20:10 - 2016-01-15 23:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-10 19:04 - 2017-05-14 21:16 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2017-11-09 22:24 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-09 21:37 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-08 06:36 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-08 06:36 - 2015-12-23 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-07 06:12 - 2017-04-30 20:26 - 000000000 ____D C:\ProgramData\ProductData
2017-11-04 22:47 - 2015-12-22 14:56 - 000000000 ____D C:\Users\Zuko\AppData\Local\Packages
2017-10-29 16:29 - 2017-06-24 16:41 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Twitch
2017-10-28 16:31 - 2016-02-14 12:24 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-10-28 16:16 - 2015-08-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-28 00:36 - 2017-07-12 18:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-10-28 00:12 - 2017-07-12 18:00 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-10-28 00:12 - 2017-07-12 18:00 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-10-25 18:33 - 2017-07-12 18:00 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-10-14 07:34 - 2015-12-29 08:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-12 18:26 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 18:08 - 2015-08-18 12:06 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 18:07 - 2017-07-12 18:00 - 000268376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories =======

2017-07-12 18:00 - 2017-07-12 18:00 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-05 21:16

==================== End of FRST.txt ============================

******

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Zuko (11-11-2017 07:29:09)
Running from E:\Zuko\Documents
Windows 10 Home Version 1703 15063.674 (X64) (2017-07-12 10:07:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3673527687-835348104-2445433957-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3673527687-835348104-2445433957-503 - Limited - Disabled)
Guest (S-1-5-21-3673527687-835348104-2445433957-501 - Limited - Disabled)
Zuko (S-1-5-21-3673527687-835348104-2445433957-1001 - Administrator - Enabled) => C:\Users\Zuko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call To Power 2 (HKLM-x32\...\GOGPACKCTP2_is1) (Version: 2.0.0.13 - GOG.com)
Chessmaster 10th Edition (HKLM-x32\...\{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft) Hidden
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3708 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
GOG.com Call to Power 2 (HKLM\...\{1d565035-1520-439a-9f68-c928cfc4a27a}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.1.17.32870 - LULU Software)
Soda PDF Desktop Asian Fonts Pack (HKLM\...\{D59C90B6-81D4-4FEA-888C-CA917F795F5A}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Convert Module (HKLM\...\{EB936FE6-F9BA-449C-AE26-3046D0C1BF76}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Create Module (HKLM\...\{23651655-BF45-4104-AED1-059C0128B84B}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Edit Module (HKLM\...\{C08B8535-1D2F-4B20-9093-9B49F0951116}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Forms Module (HKLM\...\{13FEEE9E-1FDD-4384-9DF7-7BA709271B22}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Insert Module (HKLM\...\{7CEA93AB-232B-46DF-9D5B-95124EBA21FC}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop OCR Module (HKLM\...\{84741832-801A-469A-B4B0-E763BB8B97D9}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Review Module (HKLM\...\{6E84487A-3F99-481C-8BC4-4D55573FCA3D}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop Secure Module (HKLM\...\{75A428F0-E727-4238-B8D4-71BAFD468882}) (Version: 9.2.7.33937 - LULU Software) Hidden
Soda PDF Desktop View Module (HKLM\...\{42634740-548D-43E8-B421-21AC081637CE}) (Version: 9.2.7.33937 - LULU Software) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Warcraft III) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3673527687-835348104-2445433957-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SodaPDFDesktop_ManagerExt] -> {526A2ADD-BD9B-40E5-9D45-75EF6313FCE4} => E:\Program Files (x86)\Soda PDF Desktop\context-menu.dll [2017-06-20] (LULU Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DA032B1-43DD-413A-BCDE-023C08AA8044} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {30839617-F4A1-4BA0-9310-7824E08ED3A7} - System32\Tasks\Driver Booster Scheduler => E:\Program Files (x86)\Driver Booster\5.0.3\Scheduler.exe [2017-10-16] (IObit)
Task: {37155674-6E53-4E66-88CF-3D62DFAF2168} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {3AC0F121-B0FA-4B88-AB3E-68E61A0A1DFC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-14] (AVAST Software)
Task: {45357EBC-3A17-46E4-931D-73DCAE65F0D5} - System32\Tasks\ASC10_PerformanceMonitor => E:\Program Files (x86)\Advanced SystemCare\Monitor.exe [2017-07-24] (IObit)
Task: {4CE54283-114E-4073-BEAB-F02297A407E3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {532EE9AC-C230-4440-866B-2E100F4B2EFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {5A1E17CA-F975-47E7-B4C6-33619632EFE1} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {91FBB8BA-DCB3-4B7A-B5DD-DCBB90E5E03E} - System32\Tasks\ASC10_SkipUac_Zuko => E:\Program Files (x86)\Advanced SystemCare\ASC.exe [2017-08-07] (IObit)
Task: {94313611-3170-4107-8E94-79A8B0068811} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {968F7109-99E2-4089-B221-656F9A9C84B4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {B0E806C2-9059-4017-94B9-C9EAAE642FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C44A7BC8-19B9-4128-AC1D-6C615844168C} - System32\Tasks\{44E70D50-1EE9-4B55-9064-0E93EC957AD3} => C:\Windows\system32\pcalua.exe -a D:\autoplay.exe -d D:\
Task: {CA72E045-9899-4A52-862C-B79C911875BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {CFB534D6-662F-4371-BC11-6634B628B6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D8AF4534-70AE-4448-922F-9E16637B1A3B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DC713506-1FF5-44BA-BCDD-605AA37A8E30} - System32\Tasks\Driver Booster SkipUAC (Zuko) => E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe [2017-10-19] (IObit)
Task: {DDDCC9E4-73F4-49D9-A4E1-7C572F8B207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {E5B24C58-9BA4-4F18-998C-47A188A05D8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {F55F6B87-0D07-4188-BA8C-EC9475BACB02} - System32\Tasks\SafeZone scheduled Autoupdate 1466942979 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-14 07:34 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-12 18:00 - 2017-10-28 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 04:59 - 2017-03-20 11:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-08 06:15 - 2017-11-08 06:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-08 06:15 - 2017-11-08 06:18 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () E:\Program Files\Itunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () E:\Program Files\Itunes\libxml2.dll
2017-10-28 14:23 - 2017-10-28 14:23 - 002354152 _____ () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
2017-09-27 06:12 - 2017-09-21 15:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 06:12 - 2017-09-21 15:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-03-20 20:50 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-20 20:50 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-20 20:50 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-20 20:50 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 14:25 - 2015-11-25 07:07 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-13 21:15 - 2016-08-18 18:43 - 000442144 _____ () E:\Program Files (x86)\Advanced SystemCare\madExcept_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000210720 _____ () E:\Program Files (x86)\Advanced SystemCare\madBasic_.bpl
2017-08-13 21:15 - 2016-08-18 18:43 - 000059680 _____ () E:\Program Files (x86)\Advanced SystemCare\madDisAsm_.bpl
2017-08-13 21:15 - 2016-11-01 10:11 - 000078624 _____ () E:\Program Files (x86)\Advanced SystemCare\GetProcessDLL.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 067717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-14 21:00 - 2017-05-14 21:00 - 000684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 055782888 _____ () E:\Program Files\Battle.net\Battle.net.9526\libcef.dll
2017-10-28 14:34 - 2017-10-28 14:34 - 000540336 _____ () E:\Program Files\Battle.net\Battle.net.9526\ortp.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 000133632 _____ () E:\Program Files\Battle.net\Battle.net.9526\libEGL.dll
2017-10-28 14:33 - 2017-10-28 14:33 - 003384832 _____ () E:\Program Files\Battle.net\Battle.net.9526\libGLESv2.dll
2016-03-20 20:50 - 2014-04-25 14:11 - 002972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\0.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000196608 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\1.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\2.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000974848 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\3.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 002031616 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\4.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000086016 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\5.mdd
2017-11-11 07:20 - 2017-11-11 07:20 - 000253952 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\7.mdd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 19:04 - 2015-07-10 19:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804555\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804571\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Razer Game Scanner Service => 3
MSCONFIG\Services: RichVideo => 3
MSCONFIG\Services: WinZip Smart Monitor Service => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0184D916-05D5-4C9E-8486-456460E0D63D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F68CA902-76AF-4802-9731-826F377B740E}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6507DC33-117E-4B93-8CC7-881361A87F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AC8878-78F8-4914-A481-D1C24516F15D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0AD81F7-3AEC-486F-B7E4-B10FDAFB3F3C}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{70E138F2-8B02-4DB7-885F-651B2AA50D67}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
FirewallRules: [{3C1B180E-8C17-46B0-A448-3B4B9B557F9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{3E93A4A2-1452-426A-8DEE-B4105097498F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
FirewallRules: [{67585C16-8E73-432D-9AD1-7D51CA08C047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{B080FED9-297C-483B-8F30-E74E1C730128}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
FirewallRules: [{9297C53E-6F62-4CAA-92B0-349BE06D9638}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{15BB7462-84C8-4DE6-9FD7-C3E0CFEFDAE9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
FirewallRules: [{2A6BC491-9D45-4AB8-BFD6-25060BB4921B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{F4F9985A-1AE2-4572-987F-3FB12BAC78B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
FirewallRules: [{FD309353-C922-4D57-A008-F4912BDFC7EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{564F9A6F-C0C5-4BCE-9F74-D968D81BF7A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
FirewallRules: [{6CD62FD2-D6AF-4DEF-A454-937EB451026D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF481B9F-281C-473B-A70C-B701E786432D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{740A1AB0-1606-40C7-9C88-C480C8E1EA9E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{E2500EC5-AA7E-48E0-A302-F80C258E9601}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
FirewallRules: [{336B470F-6682-48FC-BD9D-481C1E316206}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{C883B59D-794F-4FC6-B9D8-40DC0A06F92B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
FirewallRules: [{D4995F9B-7C5C-4AA3-8C73-274E8EC8A134}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{E52DD69C-1B33-466E-BFAE-67EC1D13BCCD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{D6C761BE-ACF9-49EB-B77B-E6CB052256AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52346251-236E-4C8B-8AA8-BA179C1D7F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BEE121-7BAE-47DE-9751-19632BDD1392}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{79C79B4E-92D3-46EB-A504-5FA470345DE3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
FirewallRules: [{F25E32FB-C164-4904-A35E-2BB9CD16DB84}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{E291EBF8-5778-444F-B4C5-BA0B07AC6111}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
FirewallRules: [{D5B8A10A-BF3D-4FAA-9C46-85049E36E20C}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2476B4B5-E635-49F6-B8CD-992A201B996A}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{02134A10-DCB6-408D-8D9F-8601FD6DDDF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{DECDAF89-D350-4884-BD97-0B9E143C5FA7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
FirewallRules: [{2E4B6D9A-D978-4EAA-9EE1-446C80DAF384}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{2EC3BDDB-01A7-40AA-AECA-73420961EBEE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E78EEB8A-CAB4-4BED-B48C-41465D743BB7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D3AECF5-A346-4164-9309-E323F11FC63B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82CB6E2A-0691-409A-8A71-DB3623692F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{02A6BEA3-B3B0-4ECD-8877-D41199325716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCAB232E-81E0-4D36-9261-D171BE7BBBD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3479B8BC-0152-483A-A813-4B7B9469B9BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDF9C83C-61EB-4385-BCEC-FAAA9E488483}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6228E417-A1B3-4C7B-9E93-9C0A74ACA4CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{B1397376-26D4-4F54-8191-B6171CD40002}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F2809A47-2ADB-4B20-9673-C238B75FDCDA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{D764D8C1-83AF-4F8C-9148-E246708CF3A9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{43FB0E2F-57F1-4DC2-B5E2-5B523D98DA05}] => (Allow) E:\Program Files\Itunes\iTunes.exe
FirewallRules: [{F16C63F6-8FFD-46FF-B174-7BBE3DE2CC46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{DD94FE7C-3AA4-46C5-B489-A5EE7E2346B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [TCP Query User{2B0A5364-60AC-4E6D-B81C-EA65DA484AE8}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [UDP Query User{4D1A6AE4-D59D-4EF4-9926-8DF228C5A555}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
FirewallRules: [TCP Query User{40EDFE11-8506-4C4F-9CC1-4E804DBFE522}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{538306F5-9147-4E70-8591-0E598A4DDC1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D1DC0E4C-FDFE-4F86-A902-FB694535C8E8}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [UDP Query User{109C07AF-361D-4A80-80C6-90756F5A3133}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
FirewallRules: [{F2487EA2-A169-4555-8C7C-92DF3DD78098}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5527EC93-D4F8-4E5C-81E1-AE17648961C7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{0629D2CC-E770-4E19-A709-1B3CA8A12E42}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{5DFCD4C0-C7C6-4D03-88E8-B632137146A7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{A7711AE0-F51D-41DD-8422-3FD415E7131B}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{682775CD-10F9-43C9-BD3C-DDF3B10A579F}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{4EFB9968-BC7C-49C3-B2A8-324514A831CE}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [TCP Query User{B4A43478-50D2-4833-AC8D-D63B189B61D3}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
FirewallRules: [UDP Query User{FFD861C6-77CF-4603-A221-A3DBF74C849C}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-10-2017 14:36:12 Windows Update
28-10-2017 16:13:42 Driver Booster : NVIDIA GeForce GT 730
06-11-2017 18:30:54 Scheduled Checkpoint
09-11-2017 21:27:52 Driver Booster : NVIDIA GeForce GT 730

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2017 06:56:24 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (11/10/2017 06:05:08 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (11/09/2017 06:02:22 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).



Internal Timing Sequence:
[1] 0.000002 +J(0)
[2] 0.000010 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000001 +J(0)
[4] 0.000002 +J(0)
[5] 0.0 +J(0)
[6] 0.000347 +J(0) +M(C:0K, Fs:4, WS:-16K # 0K, PF:-32K # 0K, P:-32K)
[7] -
[8] 0.000007 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K)
[9] 0.001733 +J(0) +M(C:0K, Fs:5, WS:-16K # 0K, PF:-40K # 0K, P:-40K)
[10] -
[11] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000028 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000140 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-8K # 0K, P:-8K)
[15] 0.000005 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000001 +J(0).

Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: qmgr.dll (13648) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

Error: (11/08/2017 05:54:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UM6KOQ)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/08/2017 06:14:38 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (11/10/2017 11:10:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4UM6KOQ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-11-11 07:28:52.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:28:52.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:28:52.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:28:52.855
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:23:11.972
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:23:11.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:07:54.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:07:54.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:07:54.842
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 07:07:54.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8130.39 MB
Available physical RAM: 4202.59 MB
Total Virtual: 9602.39 MB
Available Virtual: 4743.75 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:441.76 GB) (Free:388.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1863.01 GB) (Free:1656.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7FA9BBEA)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3DF62CC5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

*************
[B]
aswmbr (when I ticked Trace Disk IO Calls it would always crash my computer with DRIVER_IQRL_NOT_LESS_OR_EQUAL) so I unticked that:


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-11-11 07:50:02
-----------------------------
07:50:02.108 OS Version: Windows x64 6.2.9200
07:50:02.108 Number of processors: 8 586 0x3C03
07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
07:50:02.326 Initialize success
07:50:02.326 VM: initialized successfully
07:50:02.326 VM: Intel CPU supported virtualized
07:50:03.619 VM: disk I/O iaStorA.sys
07:50:11.460 AVAST engine defs: 17111000
07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
07:50:35.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
07:50:35.145 Disk 0 Vendor: SanDisk_SDSSDHII480G X31200RL Size: 457862MB BusType: 11
07:50:35.145 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000029
07:50:35.145 Disk 1 Vendor: WDC_WD20EZRZ-00Z5HB0 80.00A80 Size: 1907729MB BusType: 11
07:50:35.145 Disk 0 MBR read successfully
07:50:35.161 Disk 0 MBR scan
07:50:35.161 Disk 0 Windows 7 default MBR code
07:50:35.161 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
07:50:35.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452360 MB offset 1026048
07:50:35.177 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5000 MB offset 927459328
07:50:35.192 Disk 0 scanning C:\WINDOWS\system32\drivers
07:50:37.661 Service scanning
07:50:42.740 Modules scanning
07:50:42.943 AVAST engine scan C:\WINDOWS
07:50:43.240 AVAST engine scan C:\WINDOWS\system32
07:51:25.713 AVAST engine scan C:\WINDOWS\system32\drivers
07:51:29.744 AVAST engine scan C:\Users\Zuko
07:52:04.670 AVAST engine scan C:\ProgramData
07:53:05.113 Disk 0 statistics 5140351/0/0 @ 29.60 MB/s
07:53:05.113 Scan finished successfully
07:53:18.849 Disk 0 MBR has been saved successfully to "E:\Zuko\Desktop\MBR.dat"
07:53:18.849 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"

Juliet
2017-11-11, 13:26
Hi and welcome

From what I read the registry entries you have listed are all simply usage tracks, not malware,

Not much visibly seen to be related as malicious.


Start Farbar Recovery Scan Tool with Administrator privileges
or Right click on the FRST icon and select Run as administrator

Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::



Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



******

AdwCleaner

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
https://i.imgur.com/BOMWOzf.png
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

created by Aura

~~~~~~~~~~~~~~~~~`

http://i.imgur.com/RQKuhw1.pngZemana AntiMalware - Fix

Download and install Zemana AntiMalware (https://www.zemana.com/AntiMalware)
Open Zemana AntiMalware, and click on the Scan button
https://i.imgur.com/9bxAQfh.png
Wait for the scan to complete
https://i.imgur.com/19whQAs.png
Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button
https://i.imgur.com/U4b97Kj.png
https://i.imgur.com/yiHmd7o.png
If it asks you to reboot your computer to finish the clean-up, do so
https://i.imgur.com/fO7GVK0.png
After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
https://i.imgur.com/2AHrjhI.png
A log will open in Notepad
Copy/paste the content of that log in your next reply

created by Aura

***
Please post
Fixlog.txt
AdwCleaner txt
Zemana AntiMalware txt

PrinceZuko
2017-11-11, 16:53
Hi Juliet
Thanks for the welcome
What do you mean when you refer to the HKU\S-1-5-21 on my computer as usage tracks rather than malware? Does this mean all it's doing is tracking my internet usage? I would prefer not to have companies tracking me.

I haven't downloaded/installed those other programs - will they be able to remove HKU for certain? I can download them if required but I don't think I would fully trust the item to be fully removed. I think I would need to reboot the harddrive to be sure. :/


Faber recovery scan tool results:


Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Zuko (11-11-2017 21:44:53) Run:1
Running from E:\Zuko\Documents
Loaded Profiles: Zuko (Available Profiles: Zuko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99589304 B
Java, Flash, Steam htmlcache => 394624510 B
Windows/system/drivers => 3239506 B
Edge => 353338 B
Chrome => 564664495 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18042 B
NetworkService => 3626470 B
Zuko => 208261743 B

RecycleBin => 823643 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:55:06 ====

PrinceZuko
2017-11-12, 04:39
AdwCleaner:

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 12 02:05:03 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-10-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Justin\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Justin\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\ProgramData\WinZip\WinZip Smart Monitor
PUP.Optional.Legacy, C:\Users\All Users\WinZip\WinZip Smart Monitor
PUP.Optional.Legacy, C:\Program Files\WinZip Smart Monitor
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
PUP.Optional.DriverBooster, C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, ASC10_PerformanceMonitor
PUP.Optional.Legacy, Driver Booster Scheduler
PUP.Adware.Heuristic, ASC10_SkipUac_Justin


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | ImageStoreRandomFolder [5sc5v9g]
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F68CA902-76AF-4802-9731-826F377B740E}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

***************************

Zemana: Report 1:

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/11/12
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
BIOS Mode : Legacy
CUID : 1231994C6FCBBA4B59381E
Scan Type : System Scan
Duration : 0m 50s
Scanned Objects : 90528
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer URL
Status : Scanned
Object : http://www.arrowcomputers.com.au/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer URL


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

************************************************

Zemana (Report 2):

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/11/12
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
BIOS Mode : Legacy
CUID : 1231994C6FCBBA4B59381E
Scan Type : Custom Scan
Duration : 22m 19s
Scanned Objects : 118496
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected

Juliet
2017-11-12, 14:21
In the screen shot you posted, look at the header title
Most recent application
Most recent application ID, then read to the end DirectInput
DirectInput is a legacy Microsoft API for collecting input from a computer user, via input devices such as the mouse, keyboard, joystick or other game controllers.

I don't work for, or am I an employee of SpyBot, I am an independent malware tech. When looking at that log that is what the read out appears to be telling me.

When you ran the AdwCleaner too did you allow it to delete what it found?

~~~~~l,

Since you already have Malwarebytes Anti-Malware on the computer, let's update it and run a scan.

Open MalwareBytes

On the Dashboard click on Update Now
Once the database update is complete,
Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Now to get the log file

Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.
http://i.imgur.com/ySPxAut.png
Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard
http://i.imgur.com/gK0lXt3.png
https://i.imgur.com/1CtdZ26.png
Paste the content in your next reply


~~~~~~~~~~~~~~~~~~

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura

PrinceZuko
2017-11-13, 00:54
Hi Juliet
Thanks
I did allow AdwCleaner to delete what it found
In terms of it being DirectInput from Microsoft, could it be that HKU has infected this? When I google HKU\S-1-5-21 it always says that it's something bad.
I can try Malwarebytes and RogueKiller when I get home today. Just a question, what if I tried doing a SystemRestore? I can restore back for a while from before I had this, would this get rid of it?

Juliet
2017-11-13, 12:04
could it be that HKU has infected this?
Yes, it means current user

HKU\S-1-5-21, is a fragment of an entire line. It can be related to a legitimate registry entry as well.


what if I tried doing a SystemRestore? I can restore back for a while from before I had this, would this get rid of it?
It can either help or hurt.
That I'll have to leave up to you. It's also possible that if you had removed malware , then using system restore, it might be back on the system afterwards.

PrinceZuko
2017-11-13, 16:40
Hi Juliet
Thanks :) I will hold off the system restore for now.
Here are the results:

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/13/17
Scan Time: 8:45 PM
Log File: 90056722-c870-11e7-ac60-d050997ef636.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3243
License: Free

-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: DESKTOP-4UM6KOQ\Zuko

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392421
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



*******************************

RogueKiller:

RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Zuko [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/13/2017 21:56:54 (Duration : 00:20:13)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SDSSDHII480G +++++
--- User ---
[MBR] e58f2b2b08bb82c03f50f9243e08d53a
[BSP] b9085c17483026a6eddabf0e8b0ff138 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 452360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927459328 | Size: 5000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EZRZ-00Z5HB0 +++++
--- User ---
[MBR] 761f67f3f4a144be8387ae0503d453ee
[BSP] 7d03ced568572ce6a9194d08d2933e91 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Juliet
2017-11-14, 00:46
Tell me how the computer is at the moment?

Juliet
2017-11-14, 01:41
Those items found by SpyBot are tracking entries for apps used and program ID.
I reached out to the SpyBot team.



To turn off tracking:
Video: https://www.youtube.com/watch?v=DYmcGwVNNj8

FAQ:
https://www.safer-networking.org/faq/disableblock-tracking-cookies/

Other videos: https://www.youtube.com/channel/UCRPMpxjKxQflhO6BFyhP-eg[/QUOTE]

PrinceZuko
2017-11-14, 16:06
Hi Juliet
Thanks for your replies and for reaching out to the Spybot team.

My computer seems to be running fine. I haven't noticed any impaired performance or negative impact.
I don't have tracking/cookies turned on for any browser.
I assume that the entries for HKU\S-1-5-21 are bad because they're picked up by spybot. In the meantime I've sent an email to what I'm guessing is Microsoft's email address to confirm if the entries are valid.

Juliet
2017-11-14, 23:32
I don't see the entries as bad.

If something was hiding or causing some type of problem you would had noticed something significant by now.

Let's remove tools and quarantine folders.

DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

PrinceZuko
2017-11-16, 00:45
hi Juliet
Thanks, I'll look at this tonight (didn't get a chance to last night)

PrinceZuko
2017-11-17, 16:38
Hi Juliet

Thanks, I have downloaded and run that program.
When I run Spybot I still get that HKUS\S-1-5-21 program for Software\Microsoft\DirectInput\MostRecent\Application - should I just ignore it then? Please confirm

Juliet
2017-11-18, 00:46
Hi Juliet

Thanks, I have downloaded and run that program.
When I run Spybot I still get that HKUS\S-1-5-21 program for Software\Microsoft\DirectInput\MostRecent\Application - should I just ignore it then? Please confirm

I don't know if telling you to ignore it is the right thing to do or not.
What I can say is that after scanning out your computer trying to find malware and infections, the machine should be clean.
And, since your computer is running good and the way it's expected to, and still SpyBot finds these same items, I think, if you start a new topic in the SpyBot forum for the tool
https://forums.spybot.info/forumdisplay.php?4-Spybot

Let's allow someone with more knowledge then me take a look at the screen shot and get some type of verification.

PrinceZuko
2017-11-20, 15:19
Hi Juliet
Thanks a lot for your help :). I have posted a thread there.

Juliet
2017-11-21, 00:32
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.