Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Unable to remove HKU\S-1-5-21

  1. #1
    Junior Member
    Join Date
    Nov 2017
    Posts
    11

    Thumbs down Unable to remove HKU\S-1-5-21

    Hi everyone

    When I run Spybot it picks up HKU\S-1-5-21 and I can't get rid of it. When I do fix selected and re-run Spybot it's still there. Similarly if I go into Regedit and delete it there it comes back.
    Spybot Search results:
    Spybot Screenshot HKUS.PNG

    Can you please advise/assist me in getting rid of it permanently. If you need more information please let me know.

    Farbar Recovery Scan Logs:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
    Ran by Zuko (administrator) on DESKTOP-4UM6KOQ (11-11-2017 07:28:45)
    Running from E:\Zuko\Documents
    Loaded Profiles: Zuko & (Available Profiles: Zuko)
    Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (LULU Software) E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (IObit) E:\Program Files (x86)\Advanced SystemCare\Monitor.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Apple Inc.) E:\Program Files\Itunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (CyberLink Corp.) E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5857\Agent.exe
    (Blizzard Entertainment) E:\Program Files\Battle.net\Battle.net.9526\Battle.net.exe
    () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
    () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (HYBRIDWEB.de ) C:\Program Files (x86)\FLV-Media-Player\FLV-Media-Player.exe
    (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384352 2017-11-09] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-25] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-14] (AVAST Software)
    HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
    HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
    HKLM\...\Run: [iTunesHelper] => E:\Program Files\Itunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
    HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => E:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    Startup: C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-21]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
    Tcpip\..\Interfaces\{402a644d-d5d7-400c-8b2b-9b5321fad6b3}: [DhcpNameServer] 10.0.0.138

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arrowcomputers.com.au/
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-08] (Microsoft Corporation)
    DPF: HKLM-x32 {FD49A633-89F6-451C-9ADD-8160F8E5AA2B} hxxps://www.onesourcelogin.com.au/GFRCheckBrowser.dll
    Handler: gopher - No CLSID Value
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2017-09-29] (Microsoft Corporation)
    Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2017-09-29] (Microsoft Corporation)
    Filter: deflate - No CLSID Value
    Filter: gzip - No CLSID Value
    Filter: lzdhtml - No CLSID Value

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi
    FF Extension: (Soda PDF Desktop Creator) - E:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv@sodapdf.com.xpi [2017-06-20]
    FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_conv_x86_component@sodapdf.com] - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi
    FF Extension: (Soda PDF Desktop Creator) - C:\Program Files (x86)\Soda PDF Desktop\resources\sodapdfdesktopfirefoxextension\soda_pdf_desktop_conv_x86_component@sodapdf.com.xpi [2017-06-20]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
    CHR Extension: (Slides) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
    CHR Extension: (Docs) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
    CHR Extension: (YouTube) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
    CHR Extension: (Google Search) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
    CHR Extension: (Avast Online Security (BETA)) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-04]
    CHR Extension: (Adobe Acrobat) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
    CHR Extension: (Avast SafePrice) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
    CHR Extension: (Sheets) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Gmail) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
    CHR Extension: (Chrome Media Router) - C:\Users\Zuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
    CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-14] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-14] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
    S3 CLKMSVC10_F47B619C; E:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-25] (NVIDIA Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-28] (NVIDIA Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-25] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-25] (NVIDIA Corporation)
    S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
    S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S3 Soda PDF Desktop; E:\Program Files (x86)\Soda PDF Desktop\ws.exe [2711288 2017-06-20] (LULU Software)
    R2 Soda PDF Desktop Creator; E:\Program Files (x86)\Soda PDF Desktop\creator-ws.exe [757504 2017-06-20] (LULU Software)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-14] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-14] (AVAST Software s.r.o.)
    R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-14] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-14] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-14] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-14] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-14] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-14] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-14] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-14] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-14] (AVAST Software)
    R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [167592 2017-07-12] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-14] (AVAST Software)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-02] (ELAN Microelectronic Corp.)
    R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-30] (REALiX(tm))
    R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-14] (Malwarebytes)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f936d37e592b25aa\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-25] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-09] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-09] (Realtek )
    R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
    R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-11 07:28 - 2017-11-11 07:28 - 000000000 ____D C:\FRST
    2017-11-11 07:12 - 2017-11-11 07:12 - 000003030 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Zuko)
    2017-11-10 21:13 - 2017-11-10 21:13 - 000000000 ____D C:\ProgramData\SWCUTemp
    2017-11-09 22:36 - 2017-11-09 22:36 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-11-09 21:37 - 2017-11-09 21:37 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-11-09 21:37 - 2017-11-09 21:37 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-09 21:32 - 2017-11-09 21:32 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
    2017-11-09 21:32 - 2017-11-09 21:32 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
    2017-11-09 21:32 - 2017-11-09 21:32 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
    2017-11-09 21:32 - 2017-11-09 21:32 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
    2017-11-09 21:32 - 2017-11-09 21:32 - 000000000 ____D C:\Program Files (x86)\OpenAL
    2017-11-09 21:31 - 2017-11-09 21:31 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
    2017-11-09 21:31 - 2017-11-09 21:31 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2017-11-09 21:31 - 2017-11-09 21:31 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
    2017-11-09 21:30 - 2017-11-09 21:30 - 015213680 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 012935679 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2017-11-09 21:30 - 2017-11-09 21:30 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 005839840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2017-11-09 21:30 - 2017-11-09 21:30 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003509232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 003093328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 002993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 002210272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 002190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000526280 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000378376 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000154352 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
    2017-11-09 21:30 - 2017-11-09 21:30 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2017-11-09 21:30 - 2017-11-09 21:30 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2017-11-09 21:29 - 2017-11-09 21:30 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2017-11-09 21:29 - 2017-11-09 21:29 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2017-11-09 21:29 - 2017-11-09 21:29 - 000205984 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
    2017-10-28 16:15 - 2017-10-28 16:15 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438792.dll
    2017-10-28 16:15 - 2017-10-28 16:15 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438792.dll
    2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
    2017-10-28 16:15 - 2017-10-28 16:15 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
    2017-10-28 16:14 - 2017-10-28 16:14 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2017-10-28 16:14 - 2017-10-28 16:14 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2017-10-28 16:14 - 2017-10-28 16:14 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2017-10-28 15:06 - 2017-11-09 21:33 - 000001102 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
    2017-10-28 15:06 - 2017-10-28 15:06 - 000003384 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
    2017-10-28 15:06 - 2017-10-28 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
    2017-10-14 07:34 - 2017-10-14 07:34 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-10-14 07:34 - 2017-10-14 07:34 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\ProgramData\MB2Migration
    2017-10-14 07:34 - 2017-10-14 07:34 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-10-14 07:34 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-10-12 07:20 - 2017-10-12 07:20 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2017-10-12 07:20 - 2017-10-12 07:20 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-11 07:27 - 2015-12-24 12:59 - 000000000 ____D C:\Users\Zuko\AppData\Local\Battle.net
    2017-11-11 07:10 - 2017-07-12 18:01 - 000000000 ____D C:\Users\Zuko
    2017-11-11 06:55 - 2017-07-12 18:04 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{50A2D60F-92DF-48A9-A2E9-2ABBFC67B73D}
    2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-11-10 23:10 - 2017-07-12 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-11-10 21:03 - 2017-07-12 18:10 - 001022802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-10 20:57 - 2017-07-12 18:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-10 20:57 - 2017-03-18 19:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2017-11-10 20:10 - 2017-10-11 06:45 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-11-10 20:10 - 2016-01-15 23:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-11-10 19:18 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-11-10 19:04 - 2017-05-14 21:16 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
    2017-11-09 22:24 - 2017-03-19 05:01 - 000000000 ____D C:\WINDOWS\INF
    2017-11-09 21:37 - 2017-03-19 04:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX3
    2017-11-09 21:30 - 2017-07-12 18:00 - 000000000 ____D C:\WINDOWS\system32\DAX2
    2017-11-08 06:36 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-11-08 06:36 - 2015-12-23 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-11-07 06:12 - 2017-04-30 20:26 - 000000000 ____D C:\ProgramData\ProductData
    2017-11-04 22:47 - 2015-12-22 14:56 - 000000000 ____D C:\Users\Zuko\AppData\Local\Packages
    2017-10-29 16:29 - 2017-06-24 16:41 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Twitch
    2017-10-28 16:31 - 2016-02-14 12:24 - 000000000 ____D C:\Users\Zuko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
    2017-10-28 16:16 - 2015-08-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
    2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-10-28 16:15 - 2017-07-12 18:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-10-28 00:36 - 2017-07-12 18:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
    2017-10-28 00:12 - 2017-07-12 18:00 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2017-10-28 00:12 - 2017-07-12 18:00 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2017-10-25 18:33 - 2017-07-12 18:00 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin
    2017-10-14 07:34 - 2015-12-29 08:20 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-10-12 18:26 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\rescache
    2017-10-12 18:08 - 2015-08-18 12:06 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-10-12 18:07 - 2017-07-12 18:00 - 000268376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
    2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-10-12 07:20 - 2017-03-19 05:03 - 000000000 ____D C:\WINDOWS\Provisioning

    ==================== Files in the root of some directories =======

    2017-07-12 18:00 - 2017-07-12 18:00 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-11-05 21:16

    ==================== End of FRST.txt ============================

    ******

    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
    Ran by Zuko (11-11-2017 07:29:09)
    Running from E:\Zuko\Documents
    Windows 10 Home Version 1703 15063.674 (X64) (2017-07-12 10:07:23)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3673527687-835348104-2445433957-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3673527687-835348104-2445433957-503 - Limited - Disabled)
    Guest (S-1-5-21-3673527687-835348104-2445433957-501 - Limited - Disabled)
    Zuko (S-1-5-21-3673527687-835348104-2445433957-1001 - Administrator - Enabled) => C:\Users\Zuko

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.5.0 - IObit)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
    Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Call To Power 2 (HKLM-x32\...\GOGPACKCTP2_is1) (Version: 2.0.0.13 - GOG.com)
    Chessmaster 10th Edition (HKLM-x32\...\{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft) Hidden
    CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4715 - CyberLink Corp.)
    CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3708 - CyberLink Corp.)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
    CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.)
    Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
    e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
    FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
    GOG.com Call to Power 2 (HKLM\...\{1d565035-1520-439a-9f68-c928cfc4a27a}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
    iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
    Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0240 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
    Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.1.17.32870 - LULU Software)
    Soda PDF Desktop Asian Fonts Pack (HKLM\...\{D59C90B6-81D4-4FEA-888C-CA917F795F5A}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Convert Module (HKLM\...\{EB936FE6-F9BA-449C-AE26-3046D0C1BF76}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Create Module (HKLM\...\{23651655-BF45-4104-AED1-059C0128B84B}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Edit Module (HKLM\...\{C08B8535-1D2F-4B20-9093-9B49F0951116}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Forms Module (HKLM\...\{13FEEE9E-1FDD-4384-9DF7-7BA709271B22}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Insert Module (HKLM\...\{7CEA93AB-232B-46DF-9D5B-95124EBA21FC}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop OCR Module (HKLM\...\{84741832-801A-469A-B4B0-E763BB8B97D9}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Review Module (HKLM\...\{6E84487A-3F99-481C-8BC4-4D55573FCA3D}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop Secure Module (HKLM\...\{75A428F0-E727-4238-B8D4-71BAFD468882}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Soda PDF Desktop View Module (HKLM\...\{42634740-548D-43E8-B421-21AC081637CE}) (Version: 9.2.7.33937 - LULU Software) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
    StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
    Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
    Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
    Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001\...\Warcraft III) (Version: - )
    Warcraft III: All Products (HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\...\Warcraft III) (Version: - )
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
    Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
    Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
    WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3673527687-835348104-2445433957-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SodaPDFDesktop_ManagerExt] -> {526A2ADD-BD9B-40E5-9D45-75EF6313FCE4} => E:\Program Files (x86)\Soda PDF Desktop\context-menu.dll [2017-06-20] (LULU Software)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
    ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => E:\Program Files (x86)\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-14] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0DA032B1-43DD-413A-BCDE-023C08AA8044} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {30839617-F4A1-4BA0-9310-7824E08ED3A7} - System32\Tasks\Driver Booster Scheduler => E:\Program Files (x86)\Driver Booster\5.0.3\Scheduler.exe [2017-10-16] (IObit)
    Task: {37155674-6E53-4E66-88CF-3D62DFAF2168} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
    Task: {3AC0F121-B0FA-4B88-AB3E-68E61A0A1DFC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-14] (AVAST Software)
    Task: {45357EBC-3A17-46E4-931D-73DCAE65F0D5} - System32\Tasks\ASC10_PerformanceMonitor => E:\Program Files (x86)\Advanced SystemCare\Monitor.exe [2017-07-24] (IObit)
    Task: {4CE54283-114E-4073-BEAB-F02297A407E3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {532EE9AC-C230-4440-866B-2E100F4B2EFF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
    Task: {5A1E17CA-F975-47E7-B4C6-33619632EFE1} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
    Task: {91FBB8BA-DCB3-4B7A-B5DD-DCBB90E5E03E} - System32\Tasks\ASC10_SkipUac_Zuko => E:\Program Files (x86)\Advanced SystemCare\ASC.exe [2017-08-07] (IObit)
    Task: {94313611-3170-4107-8E94-79A8B0068811} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
    Task: {968F7109-99E2-4089-B221-656F9A9C84B4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
    Task: {B0E806C2-9059-4017-94B9-C9EAAE642FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {C44A7BC8-19B9-4128-AC1D-6C615844168C} - System32\Tasks\{44E70D50-1EE9-4B55-9064-0E93EC957AD3} => C:\Windows\system32\pcalua.exe -a D:\autoplay.exe -d D:\
    Task: {CA72E045-9899-4A52-862C-B79C911875BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {CFB534D6-662F-4371-BC11-6634B628B6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {D8AF4534-70AE-4448-922F-9E16637B1A3B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
    Task: {DC713506-1FF5-44BA-BCDD-605AA37A8E30} - System32\Tasks\Driver Booster SkipUAC (Zuko) => E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe [2017-10-19] (IObit)
    Task: {DDDCC9E4-73F4-49D9-A4E1-7C572F8B207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
    Task: {E5B24C58-9BA4-4F18-998C-47A188A05D8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
    Task: {F55F6B87-0D07-4188-BA8C-EC9475BACB02} - System32\Tasks\SafeZone scheduled Autoupdate 1466942979 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-10-14 07:34 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-07-12 18:00 - 2017-10-28 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-03-19 04:59 - 2017-03-20 11:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-11-08 06:15 - 2017-11-08 06:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-11-08 06:15 - 2017-11-08 06:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-11-08 06:15 - 2017-11-08 06:18 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-11-08 06:15 - 2017-11-08 06:18 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () E:\Program Files\Itunes\zlib1.dll
    2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () E:\Program Files\Itunes\libxml2.dll
    2017-10-28 14:23 - 2017-10-28 14:23 - 002354152 _____ () E:\Program Files\Battle.net\Battle.net.9526\Battle.net Helper.exe
    2017-09-27 06:12 - 2017-09-21 15:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
    2017-09-27 06:12 - 2017-09-21 15:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
    2016-03-20 20:50 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-03-20 20:50 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-03-20 20:50 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-03-20 20:50 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-03-20 20:50 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-12-22 14:25 - 2015-11-25 07:07 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2017-08-13 21:15 - 2016-08-18 18:43 - 000442144 _____ () E:\Program Files (x86)\Advanced SystemCare\madExcept_.bpl
    2017-08-13 21:15 - 2016-08-18 18:43 - 000210720 _____ () E:\Program Files (x86)\Advanced SystemCare\madBasic_.bpl
    2017-08-13 21:15 - 2016-08-18 18:43 - 000059680 _____ () E:\Program Files (x86)\Advanced SystemCare\madDisAsm_.bpl
    2017-08-13 21:15 - 2016-11-01 10:11 - 000078624 _____ () E:\Program Files (x86)\Advanced SystemCare\GetProcessDLL.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 067717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-05-14 21:00 - 2017-05-14 21:00 - 000684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2009-11-02 14:20 - 2009-11-02 14:20 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-02 14:23 - 2009-11-02 14:23 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2017-10-28 14:33 - 2017-10-28 14:33 - 055782888 _____ () E:\Program Files\Battle.net\Battle.net.9526\libcef.dll
    2017-10-28 14:34 - 2017-10-28 14:34 - 000540336 _____ () E:\Program Files\Battle.net\Battle.net.9526\ortp.dll
    2017-10-28 14:33 - 2017-10-28 14:33 - 000133632 _____ () E:\Program Files\Battle.net\Battle.net.9526\libEGL.dll
    2017-10-28 14:33 - 2017-10-28 14:33 - 003384832 _____ () E:\Program Files\Battle.net\Battle.net.9526\libGLESv2.dll
    2016-03-20 20:50 - 2014-04-25 14:11 - 002972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
    2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\0.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 000196608 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\1.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 000135168 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\2.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 000974848 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\3.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 002031616 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\4.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 000086016 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\5.mdd
    2017-11-11 07:20 - 2017-11-11 07:20 - 000253952 _____ () C:\Users\Zuko\AppData\Local\Temp\wrd-2a94-8a8-23ae385.~lk\7.mdd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 19:04 - 2015-07-10 19:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804555\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804571\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    HKU\S-1-5-21-3673527687-835348104-2445433957-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102017205804587\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    DNS Servers: 10.0.0.138
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: Razer Game Scanner Service => 3
    MSCONFIG\Services: RichVideo => 3
    MSCONFIG\Services: WinZip Smart Monitor Service => 2

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0184D916-05D5-4C9E-8486-456460E0D63D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
    FirewallRules: [{F68CA902-76AF-4802-9731-826F377B740E}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}] => (Allow) E:\Program Files (x86)\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
    FirewallRules: [{6507DC33-117E-4B93-8CC7-881361A87F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{24AC8878-78F8-4914-A481-D1C24516F15D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C0AD81F7-3AEC-486F-B7E4-B10FDAFB3F3C}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
    FirewallRules: [{70E138F2-8B02-4DB7-885F-651B2AA50D67}] => (Allow) E:\Program Files\StarCraft\StarCraft.exe
    FirewallRules: [{3C1B180E-8C17-46B0-A448-3B4B9B557F9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
    FirewallRules: [{3E93A4A2-1452-426A-8DEE-B4105097498F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base5\dosbox.exe
    FirewallRules: [{67585C16-8E73-432D-9AD1-7D51CA08C047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
    FirewallRules: [{B080FED9-297C-483B-8F30-E74E1C730128}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base4\dosbox.exe
    FirewallRules: [{9297C53E-6F62-4CAA-92B0-349BE06D9638}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
    FirewallRules: [{15BB7462-84C8-4DE6-9FD7-C3E0CFEFDAE9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base3\dosbox.exe
    FirewallRules: [{2A6BC491-9D45-4AB8-BFD6-25060BB4921B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
    FirewallRules: [{F4F9985A-1AE2-4572-987F-3FB12BAC78B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base2\dosbox.exe
    FirewallRules: [{FD309353-C922-4D57-A008-F4912BDFC7EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
    FirewallRules: [{564F9A6F-C0C5-4BCE-9F74-D968D81BF7A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Commander Keen\base1\dosbox.exe
    FirewallRules: [{6CD62FD2-D6AF-4DEF-A454-937EB451026D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{EF481B9F-281C-473B-A70C-B701E786432D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{740A1AB0-1606-40C7-9C88-C480C8E1EA9E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
    FirewallRules: [{E2500EC5-AA7E-48E0-A302-F80C258E9601}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe
    FirewallRules: [{336B470F-6682-48FC-BD9D-481C1E316206}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
    FirewallRules: [{C883B59D-794F-4FC6-B9D8-40DC0A06F92B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe
    FirewallRules: [{D4995F9B-7C5C-4AA3-8C73-274E8EC8A134}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
    FirewallRules: [{E52DD69C-1B33-466E-BFAE-67EC1D13BCCD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pinball FX2\Pinball FX2.exe
    FirewallRules: [{D6C761BE-ACF9-49EB-B77B-E6CB052256AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{52346251-236E-4C8B-8AA8-BA179C1D7F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C4BEE121-7BAE-47DE-9751-19632BDD1392}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{79C79B4E-92D3-46EB-A504-5FA470345DE3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{F25E32FB-C164-4904-A35E-2BB9CD16DB84}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{E291EBF8-5778-444F-B4C5-BA0B07AC6111}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{D5B8A10A-BF3D-4FAA-9C46-85049E36E20C}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{2476B4B5-E635-49F6-B8CD-992A201B996A}] => (Allow) E:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{02134A10-DCB6-408D-8D9F-8601FD6DDDF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
    FirewallRules: [{DECDAF89-D350-4884-BD97-0B9E143C5FA7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bio Menace\Bio Menace\Dosbox\dosbox.exe
    FirewallRules: [{2E4B6D9A-D978-4EAA-9EE1-446C80DAF384}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [{2EC3BDDB-01A7-40AA-AECA-73420961EBEE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [{E78EEB8A-CAB4-4BED-B48C-41465D743BB7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1D3AECF5-A346-4164-9309-E323F11FC63B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{82CB6E2A-0691-409A-8A71-DB3623692F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{02A6BEA3-B3B0-4ECD-8877-D41199325716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{DCAB232E-81E0-4D36-9261-D171BE7BBBD4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{3479B8BC-0152-483A-A813-4B7B9469B9BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{BDF9C83C-61EB-4385-BCEC-FAAA9E488483}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{6228E417-A1B3-4C7B-9E93-9C0A74ACA4CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{B1397376-26D4-4F54-8191-B6171CD40002}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{F2809A47-2ADB-4B20-9673-C238B75FDCDA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{D764D8C1-83AF-4F8C-9148-E246708CF3A9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{43FB0E2F-57F1-4DC2-B5E2-5B523D98DA05}] => (Allow) E:\Program Files\Itunes\iTunes.exe
    FirewallRules: [{F16C63F6-8FFD-46FF-B174-7BBE3DE2CC46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
    FirewallRules: [{DD94FE7C-3AA4-46C5-B489-A5EE7E2346B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
    FirewallRules: [TCP Query User{2B0A5364-60AC-4E6D-B81C-EA65DA484AE8}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
    FirewallRules: [UDP Query User{4D1A6AE4-D59D-4EF4-9926-8DF228C5A555}E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe
    FirewallRules: [TCP Query User{40EDFE11-8506-4C4F-9CC1-4E804DBFE522}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{538306F5-9147-4E70-8591-0E598A4DDC1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [TCP Query User{D1DC0E4C-FDFE-4F86-A902-FB694535C8E8}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
    FirewallRules: [UDP Query User{109C07AF-361D-4A80-80C6-90756F5A3133}E:\program files\battle.net\battle.net.9397\battle.net.exe] => (Allow) E:\program files\battle.net\battle.net.9397\battle.net.exe
    FirewallRules: [{F2487EA2-A169-4555-8C7C-92DF3DD78098}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{5527EC93-D4F8-4E5C-81E1-AE17648961C7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
    FirewallRules: [{0629D2CC-E770-4E19-A709-1B3CA8A12E42}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DriverBooster.exe
    FirewallRules: [{5DFCD4C0-C7C6-4D03-88E8-B632137146A7}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
    FirewallRules: [{A7711AE0-F51D-41DD-8422-3FD415E7131B}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\DBDownloader.exe
    FirewallRules: [{682775CD-10F9-43C9-BD3C-DDF3B10A579F}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
    FirewallRules: [{4EFB9968-BC7C-49C3-B2A8-324514A831CE}] => (Allow) E:\Program Files (x86)\Driver Booster\5.0.3\AutoUpdate.exe
    FirewallRules: [TCP Query User{B4A43478-50D2-4833-AC8D-D63B189B61D3}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
    FirewallRules: [UDP Query User{FFD861C6-77CF-4603-A221-A3DBF74C849C}E:\program files\starcraft ii\versions\base58400\sc2_x64.exe] => (Allow) E:\program files\starcraft ii\versions\base58400\sc2_x64.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    28-10-2017 14:36:12 Windows Update
    28-10-2017 16:13:42 Driver Booster : NVIDIA GeForce GT 730
    06-11-2017 18:30:54 Scheduled Checkpoint
    09-11-2017 21:27:52 Driver Booster : NVIDIA GeForce GT 730

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/11/2017 06:56:24 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.

    Error: (11/10/2017 06:05:08 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.

    Error: (11/09/2017 06:02:22 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.

    Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 104) (User: )
    Description: qmgr.dll (13648) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).



    Internal Timing Sequence:
    [1] 0.000002 +J(0)
    [2] 0.000010 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
    [3] 0.000001 +J(0)
    [4] 0.000002 +J(0)
    [5] 0.0 +J(0)
    [6] 0.000347 +J(0) +M(C:0K, Fs:4, WS:-16K # 0K, PF:-32K # 0K, P:-32K)
    [7] -
    [8] 0.000007 +J(0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K)
    [9] 0.001733 +J(0) +M(C:0K, Fs:5, WS:-16K # 0K, PF:-40K # 0K, P:-40K)
    [10] -
    [11] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
    [12] -
    [13] 0.000028 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
    [14] 0.000140 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-8K # 0K, P:-8K)
    [15] 0.000005 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
    [16] 0.000001 +J(0).

    Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 471) (User: )
    Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

    Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 492) (User: )
    Description: qmgr.dll (13648) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

    Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: qmgr.dll (13648) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/08/2017 09:05:24 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: qmgr.dll (13648) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

    Error: (11/08/2017 05:54:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4UM6KOQ)
    Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/08/2017 06:14:38 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
    The manifest file root element must be assembly.


    System errors:
    =============
    Error: (11/10/2017 11:10:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4UM6KOQ)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2017 08:57:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4UM6KOQ)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
    and APPID
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
    to the user DESKTOP-4UM6KOQ\Zuko SID (S-1-5-21-3673527687-835348104-2445433957-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2017-11-11 07:28:52.872
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:28:52.870
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:28:52.857
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:28:52.855
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:23:11.972
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:23:11.970
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:07:54.846
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:07:54.844
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:07:54.842
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-11 07:07:54.840
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 48%
    Total physical RAM: 8130.39 MB
    Available physical RAM: 4202.59 MB
    Total Virtual: 9602.39 MB
    Available Virtual: 4743.75 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:441.76 GB) (Free:388.62 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Data) (Fixed) (Total:1863.01 GB) (Free:1656.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7FA9BBEA)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=441.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=4.9 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3DF62CC5)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    *************

    aswmbr
    (when I ticked Trace Disk IO Calls it would always crash my computer with DRIVER_IQRL_NOT_LESS_OR_EQUAL) so I unticked that:


    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-11-11 07:50:02
    -----------------------------
    07:50:02.108 OS Version: Windows x64 6.2.9200
    07:50:02.108 Number of processors: 8 586 0x3C03
    07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
    07:50:02.326 Initialize success
    07:50:02.326 VM: initialized successfully
    07:50:02.326 VM: Intel CPU supported virtualized
    07:50:03.619 VM: disk I/O iaStorA.sys
    07:50:11.460 AVAST engine defs: 17111000
    07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"


    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-11-11 07:50:02
    -----------------------------
    07:50:02.108 OS Version: Windows x64 6.2.9200
    07:50:02.108 Number of processors: 8 586 0x3C03
    07:50:02.108 ComputerName: DESKTOP-4UM6KOQ UserName: Zuko
    07:50:02.326 Initialize success
    07:50:02.326 VM: initialized successfully
    07:50:02.326 VM: Intel CPU supported virtualized
    07:50:03.619 VM: disk I/O iaStorA.sys
    07:50:11.460 AVAST engine defs: 17111000
    07:50:12.210 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"
    07:50:35.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
    07:50:35.145 Disk 0 Vendor: SanDisk_SDSSDHII480G X31200RL Size: 457862MB BusType: 11
    07:50:35.145 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000029
    07:50:35.145 Disk 1 Vendor: WDC_WD20EZRZ-00Z5HB0 80.00A80 Size: 1907729MB BusType: 11
    07:50:35.145 Disk 0 MBR read successfully
    07:50:35.161 Disk 0 MBR scan
    07:50:35.161 Disk 0 Windows 7 default MBR code
    07:50:35.161 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
    07:50:35.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452360 MB offset 1026048
    07:50:35.177 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 5000 MB offset 927459328
    07:50:35.192 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:50:37.661 Service scanning
    07:50:42.740 Modules scanning
    07:50:42.943 AVAST engine scan C:\WINDOWS
    07:50:43.240 AVAST engine scan C:\WINDOWS\system32
    07:51:25.713 AVAST engine scan C:\WINDOWS\system32\drivers
    07:51:29.744 AVAST engine scan C:\Users\Zuko
    07:52:04.670 AVAST engine scan C:\ProgramData
    07:53:05.113 Disk 0 statistics 5140351/0/0 @ 29.60 MB/s
    07:53:05.113 Scan finished successfully
    07:53:18.849 Disk 0 MBR has been saved successfully to "E:\Zuko\Desktop\MBR.dat"
    07:53:18.849 The log file has been saved successfully to "E:\Zuko\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    Hi and welcome

    From what I read the registry entries you have listed are all simply usage tracks, not malware,

    Not much visibly seen to be related as malicious.


    Start Farbar Recovery Scan Tool with Administrator privileges
    or Right click on the FRST icon and select Run as administrator

    Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::



    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



    ******

    AdwCleaner
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    created by Aura

    ~~~~~~~~~~~~~~~~~`

    Zemana AntiMalware - Fix
    • Download and install Zemana AntiMalware
    • Open Zemana AntiMalware, and click on the Scan button
    • Wait for the scan to complete
    • Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button

    • If it asks you to reboot your computer to finish the clean-up, do so
    • After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
    • A log will open in Notepad
    • Copy/paste the content of that log in your next reply

    created by Aura

    ***
    Please post
    Fixlog.txt
    AdwCleaner txt
    Zemana AntiMalware txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Nov 2017
    Posts
    11

    Default

    Hi Juliet
    Thanks for the welcome
    What do you mean when you refer to the HKU\S-1-5-21 on my computer as usage tracks rather than malware? Does this mean all it's doing is tracking my internet usage? I would prefer not to have companies tracking me.

    I haven't downloaded/installed those other programs - will they be able to remove HKU for certain? I can download them if required but I don't think I would fully trust the item to be fully removed. I think I would need to reboot the harddrive to be sure. :/


    Faber recovery scan tool results:


    Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
    Ran by Zuko (11-11-2017 21:44:53) Run:1
    Running from E:\Zuko\Documents
    Loaded Profiles: Zuko (Available Profiles: Zuko)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 6053888 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99589304 B
    Java, Flash, Steam htmlcache => 394624510 B
    Windows/system/drivers => 3239506 B
    Edge => 353338 B
    Chrome => 564664495 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 18042 B
    NetworkService => 3626470 B
    Zuko => 208261743 B

    RecycleBin => 823643 B
    EmptyTemp: => 1.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 21:55:06 ====

  4. #4
    Junior Member
    Join Date
    Nov 2017
    Posts
    11

    Default

    AdwCleaner:

    # AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 12 02:05:03 2017
    # Updated on 2017/27/10 by Malwarebytes
    # Database: 11-10-2017.1
    # Running on Windows 10 Home (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Users\Justin\AppData\LocalLow\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, C:\Users\Justin\AppData\Roaming\IObit\Advanced SystemCare
    PUP.Optional.Legacy, C:\ProgramData\WinZip\WinZip Smart Monitor
    PUP.Optional.Legacy, C:\Users\All Users\WinZip\WinZip Smart Monitor
    PUP.Optional.Legacy, C:\Program Files\WinZip Smart Monitor
    PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
    PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
    PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare


    ***** [ Files ] *****

    PUP.Optional.Legacy, C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
    PUP.Optional.DriverBooster, C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk


    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    PUP.Optional.Legacy, ASC10_PerformanceMonitor
    PUP.Optional.Legacy, Driver Booster Scheduler
    PUP.Adware.Heuristic, ASC10_SkipUac_Justin


    ***** [ Registry ] *****

    PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
    PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | ImageStoreRandomFolder [5sc5v9g]
    PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F68CA902-76AF-4802-9731-826F377B740E}
    PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB43DE6E-43C0-4755-AACD-155E0D2AE3D0}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************



    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

    ***************************

    Zemana: Report 1:


    Zemana AntiMalware 2.74.2.150 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/11/12
    Operating System : Windows 10 64-bit
    Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    BIOS Mode : Legacy
    CUID : 1231994C6FCBBA4B59381E
    Scan Type : System Scan
    Duration : 0m 50s
    Scanned Objects : 90528
    Detected Objects : 1
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Internet Explorer URL
    Status : Scanned
    Object : http://www.arrowcomputers.com.au/
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Internet Explorer URL


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 1
    Reported as safe : 0
    Failed : 0

    ************************************************

    Zemana (Report 2):


    Zemana AntiMalware 2.74.2.150 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/11/12
    Operating System : Windows 10 64-bit
    Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    BIOS Mode : Legacy
    CUID : 1231994C6FCBBA4B59381E
    Scan Type : Custom Scan
    Duration : 22m 19s
    Scanned Objects : 118496
    Detected Objects : 0
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    No threats detected

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    In the screen shot you posted, look at the header title
    Most recent application
    Most recent application ID, then read to the end DirectInput
    DirectInput is a legacy Microsoft API for collecting input from a computer user, via input devices such as the mouse, keyboard, joystick or other game controllers.

    I don't work for, or am I an employee of SpyBot, I am an independent malware tech. When looking at that log that is what the read out appears to be telling me.

    When you ran the AdwCleaner too did you allow it to delete what it found?

    ~~~~~l,

    Since you already have Malwarebytes Anti-Malware on the computer, let's update it and run a scan.

    Open MalwareBytes
    • On the Dashboard click on Update Now
      Once the database update is complete,
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

      Now to get the log file

      Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.

      Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard

    • Paste the content in your next reply


    ~~~~~~~~~~~~~~~~~~

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  6. #6
    Junior Member
    Join Date
    Nov 2017
    Posts
    11

    Default

    Hi Juliet
    Thanks
    I did allow AdwCleaner to delete what it found
    In terms of it being DirectInput from Microsoft, could it be that HKU has infected this? When I google HKU\S-1-5-21 it always says that it's something bad.
    I can try Malwarebytes and RogueKiller when I get home today. Just a question, what if I tried doing a SystemRestore? I can restore back for a while from before I had this, would this get rid of it?

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    could it be that HKU has infected this?
    Yes, it means current user

    HKU\S-1-5-21, is a fragment of an entire line. It can be related to a legitimate registry entry as well.

    what if I tried doing a SystemRestore? I can restore back for a while from before I had this, would this get rid of it?
    It can either help or hurt.
    That I'll have to leave up to you. It's also possible that if you had removed malware , then using system restore, it might be back on the system afterwards.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  8. #8
    Junior Member
    Join Date
    Nov 2017
    Posts
    11

    Default

    Hi Juliet
    Thanks I will hold off the system restore for now.
    Here are the results:

    Malwarebytes:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/13/17
    Scan Time: 8:45 PM
    Log File: 90056722-c870-11e7-ac60-d050997ef636.json
    Administrator: Yes

    -Software Information-
    Version: 3.2.2.2029
    Components Version: 1.0.212
    Update Package Version: 1.0.3243
    License: Free

    -System Information-
    OS: Windows 10 (Build 15063.674)
    CPU: x64
    File System: NTFS
    User: DESKTOP-4UM6KOQ\Zuko

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 392421
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 1 min, 14 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)



    *******************************

    RogueKiller:


    RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.15063) 64 bits version
    Started in : Normal mode
    User : Zuko [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 11/13/2017 21:56:54 (Duration : 00:20:13)

    Processes : 0

    Registry : 0

    Tasks : 0

    Files : 0

    WMI : 0

    Hosts File : 0

    Antirootkit : 0 (Driver: Loaded)

    Web browsers : 0

    MBR Check :
    +++++ PhysicalDrive0: SanDisk SDSSDHII480G +++++
    --- User ---
    [MBR] e58f2b2b08bb82c03f50f9243e08d53a
    [BSP] b9085c17483026a6eddabf0e8b0ff138 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 452360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927459328 | Size: 5000 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD20EZRZ-00Z5HB0 +++++
    --- User ---
    [MBR] 761f67f3f4a144be8387ae0503d453ee
    [BSP] 7d03ced568572ce6a9194d08d2933e91 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    Tell me how the computer is at the moment?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,545

    Default

    Those items found by SpyBot are tracking entries for apps used and program ID.
    I reached out to the SpyBot team.



    To turn off tracking:
    Video: https://www.youtube.com/watch?v=DYmcGwVNNj8

    FAQ:
    https://www.safer-networking.org/faq...cking-cookies/

    Other videos: https://www.youtube.com/channel/UCRP...QflhO6BFyhP-eg[/QUOTE]
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •