Rifqi26
Posts: 80 +0
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by GL553VD (administrator) on DESKTOP-HHD7U7V (27-08-2017 10:46:06)
Running from C:\Users\GL553VD\Downloads
Loaded Profiles: GL553VD (Available Profiles: defaultuser0 & GL553VD)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
() C:\Windows\opcddemg.exe
() C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
((C) LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\LINE_APP.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [AWiC] => C:\Program Files (x86)\Qualcomm Atheros\AWiCMgr.exe [179840 2014-05-14] (Atheros)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4146744 2016-11-18] (Connectify)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1879152 2017-08-01] (Smadsoft)
HKLM\...\RunOnce: [DESKTOP-HHD7U7V] => C:\WINDOWS\TEMP\gE637.tmp.exe [245760 2017-08-24] () <==== ATTENTION
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id__2Hl'iLnhç.exe] => C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe [173056 2017-08-24] ()
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [uTorrent] => C:\Users\GL553VD\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Google Update] => C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-19] (Google Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Chromium] => c:\users\gl553vd\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Steam] => D:\Games\Program Games\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [QwzVnJGAa9.exe] => C:\Program Files\Microsoft Office\M0R9OHCQHMU6RD\QwzVnJGAa9.exe [361984 2017-08-24] ()
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-890557738-1276667348-2891567123-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-890557738-1276667348-2891567123-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-890557738-1276667348-2891567123-1001] => hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-19] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}: [DhcpNameServer] 192.168.100.1
ManualProxies: 0hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774019071&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774028961&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: lu7sbzli.default
FF ProfilePath: C:\Users\GL553VD\AppData\Roaming\Mozilla\Firefox\Profiles\lu7sbzli.default [2017-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\47480734.js [2017-05-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-08-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\47480734.cfg [2017-05-07] <==== ATTENTION
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-17] (ASUSTek Computer Inc.)
S2 ASUS Rog Aura Core; C:\Program Files (x86)\ASUS\ROG Aura Core\AuraCoreSrv.exe [552600 2016-10-15] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
S3 AWiCSrvc; C:\Program Files (x86)\Qualcomm Atheros\AWiCSrvc.exe [50816 2014-05-14] (Atheros Communications) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-08-15] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-11-18] (Connectify)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 opcddemg; C:\WINDOWS\opcddemg.exe [57344 2004-11-09] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-05-09] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-10-22] (ASUSTeK COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-08] (SolidWorks) [File not signed]
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-01-31] (Code Sector)
U2 TMhardwareHelp; C:\Windows\SysWow64\TMhardwareHelp.dll [461096 2017-08-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
R2 WMPNetworkAcSvc; C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3972074 2017-08-16] () [File not signed] <==== ATTENTION
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-26] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 1d31221886f85c0fbbb38d4251403c4d; "C:\Program Files\1d31221886f85c0fbbb38d4251403c4d\1cf0d4ba009c0a7c9a502498cc1ddff5.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 8e44f3b89f0a25c00337268e396acc08; C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys [78744 2017-08-23] (L00M47) <==== ATTENTION
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-12] (ASUS Corporation)
R1 cfywlan2; C:\WINDOWS\system32\DRIVERS\cfywlan2.sys [46088 2017-05-07] (Connectify)
R1 cnnctfy4; C:\WINDOWS\system32\DRIVERS\cnnctfy4.sys [53216 2017-05-07] (Connectify)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-28] (Disc Soft Ltd)
S3 GENERICDRV; C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\3\amifldrv64.sys [17896 2017-01-05] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [249104 2016-10-07] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
R1 LanmaMaster; C:\WINDOWS\system32\drivers\lanmamaster.sys [1494120 2017-07-11] () [File not signed] <==== ATTENTION
R1 MpKsl40e5fb4b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3862ED8D-DED3-4F3E-83B2-0DE482F46588}\MpKsl40e5fb4b.sys [44928 2017-08-24] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_15c6c286fd4435fd\nvlddmkm.sys [15668664 2017-07-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2017-07-29] () [File not signed]
R2 TMhardware; C:\WINDOWS\system32\drivers\TMhardware.sys [215072 2017-07-11] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by GL553VD (administrator) on DESKTOP-HHD7U7V (27-08-2017 10:46:06)
Running from C:\Users\GL553VD\Downloads
Loaded Profiles: GL553VD (Available Profiles: defaultuser0 & GL553VD)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
() C:\Windows\opcddemg.exe
() C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
((C) LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\LINE_APP.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [AWiC] => C:\Program Files (x86)\Qualcomm Atheros\AWiCMgr.exe [179840 2014-05-14] (Atheros)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4146744 2016-11-18] (Connectify)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\GL553VD\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1879152 2017-08-01] (Smadsoft)
HKLM\...\RunOnce: [DESKTOP-HHD7U7V] => C:\WINDOWS\TEMP\gE637.tmp.exe [245760 2017-08-24] () <==== ATTENTION
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id__2Hl'iLnhç.exe] => C:\Program Files\3D Analyzer\6VKDIX\_2Hl'iLnhç.exe [173056 2017-08-24] ()
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [uTorrent] => C:\Users\GL553VD\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Google Update] => C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-19] (Google Inc.)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Chromium] => c:\users\gl553vd\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [Steam] => D:\Games\Program Games\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Run: [QwzVnJGAa9.exe] => C:\Program Files\Microsoft Office\M0R9OHCQHMU6RD\QwzVnJGAa9.exe [361984 2017-08-24] ()
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2017-05-08]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-890557738-1276667348-2891567123-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-890557738-1276667348-2891567123-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-890557738-1276667348-2891567123-1001] => hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-19] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6eb1670d-3e95-467a-813d-a0b317ddb5c0}: [DhcpNameServer] 192.168.100.1
ManualProxies: 0hxxp://unstop.net/wpad.dat?ff0aca50b40a88a025c0d77edfdad13d30625964
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774019071&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
HKU\S-1-5-21-890557738-1276667348-2891567123-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131480007774028961&GUID=86841CD8-217D-4E09-9F85-9E4BF5E5FEC1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-890557738-1276667348-2891567123-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: lu7sbzli.default
FF ProfilePath: C:\Users\GL553VD\AppData\Roaming\Mozilla\Firefox\Profiles\lu7sbzli.default [2017-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-890557738-1276667348-2891567123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GL553VD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-19] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\47480734.js [2017-05-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-08-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\47480734.cfg [2017-05-07] <==== ATTENTION
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-17] (ASUSTek Computer Inc.)
S2 ASUS Rog Aura Core; C:\Program Files (x86)\ASUS\ROG Aura Core\AuraCoreSrv.exe [552600 2016-10-15] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
S3 AWiCSrvc; C:\Program Files (x86)\Qualcomm Atheros\AWiCSrvc.exe [50816 2014-05-14] (Atheros Communications) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-08-15] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-11-18] (Connectify)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 opcddemg; C:\WINDOWS\opcddemg.exe [57344 2004-11-09] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-05-09] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-10-22] (ASUSTeK COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-08] (SolidWorks) [File not signed]
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-01-31] (Code Sector)
U2 TMhardwareHelp; C:\Windows\SysWow64\TMhardwareHelp.dll [461096 2017-08-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
R2 WMPNetworkAcSvc; C:\Users\GL553VD\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3972074 2017-08-16] () [File not signed] <==== ATTENTION
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-26] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 1d31221886f85c0fbbb38d4251403c4d; "C:\Program Files\1d31221886f85c0fbbb38d4251403c4d\1cf0d4ba009c0a7c9a502498cc1ddff5.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 8e44f3b89f0a25c00337268e396acc08; C:\WINDOWS\system32\drivers\8e44f3b89f0a25c00337268e396acc08.sys [78744 2017-08-23] (L00M47) <==== ATTENTION
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-12] (ASUS Corporation)
R1 cfywlan2; C:\WINDOWS\system32\DRIVERS\cfywlan2.sys [46088 2017-05-07] (Connectify)
R1 cnnctfy4; C:\WINDOWS\system32\DRIVERS\cnnctfy4.sys [53216 2017-05-07] (Connectify)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-28] (Disc Soft Ltd)
S3 GENERICDRV; C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\3\amifldrv64.sys [17896 2017-01-05] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [249104 2016-10-07] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-25] (Intel Corporation)
R1 LanmaMaster; C:\WINDOWS\system32\drivers\lanmamaster.sys [1494120 2017-07-11] () [File not signed] <==== ATTENTION
R1 MpKsl40e5fb4b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3862ED8D-DED3-4F3E-83B2-0DE482F46588}\MpKsl40e5fb4b.sys [44928 2017-08-24] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_15c6c286fd4435fd\nvlddmkm.sys [15668664 2017-07-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2017-07-29] () [File not signed]
R2 TMhardware; C:\WINDOWS\system32\drivers\TMhardware.sys [215072 2017-07-11] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)