Inactive Suspected malware interfering with audio in video files

D

Daniel Burkus

Posts: 161   +7
Hi. I have a problem with my PC playing (primarily) video files, and am hoping that you can help me resolve the issue. My PC is running Windows 7 Professional. If there are any other PC details that you need, please tell me.

Last Sunday (12/10) it seems that some sort of malware installed itself on my PC when I opened a downloaded folder. Resulting issues (from what I can remember) were primarily a loss of internet connectivity (which I resolved, after some playing around, by plugging the internet cable into the jack on the internet card, rather than the one attached to the mother-board), and a problem playing certain videos where the voices are muted to the point of being inaudible (background music is unaffected, which suggests that the modification is related to a karaoke function in NVIDIA). However, the NVIDIA control panel is inaccessible; and removing it and downloading a replacement does nothing to make it so; and this is limited to only certain video files (I have not tried to analyze them to see if it is related to the file-type of the audio component). Thus, after a week of screwing around with it, I guess I have to bother you with the matter.

The issue, as I said, is limited to certain video files (while others play without issue), regardless of which (of several) players I have tried. The vast majority of my Mp3 files play (in WinAMP) just fine, so whatever it is appears to be targeting video media. Also, while some CDs that I have burned myself work, others do not (the same sound issue); and commercially produced DVD discs do not seem to be able to play at all. Therefore it seems not to be something that corrupts the actual files (CDs and DVDs are burned onto discs), but rather interferes with the data between the files and the speakers.

There is no logic to the sound problems: the distortion seems to follow no fixed pattern, some files play normally, then suddenly they do not play in parts, with varying degrees of loss of certain parts of the audio-track; and in a couple of instances, the video does not play (what shows up are a series of "stills"). At least to my eyes, this does not look like a mother-board (or hardware) problem, since it is inconsistent. If the board were going bad, wouldn't it affect everything equally? Since whatever it is is blocking access to the NVIDIA control panel, I suspect that the problem might lie there.

At any rate, I suppose that it would be best to rule out malware first, so I am posting this in the Malware Forum. Thank you very much for your time, and for anything that you can do to help.

-- Daniel M. Burkus
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Do you want a copy of the Avast scan? I ran one two days ago and it was negative. But if you want, I will run it again and try to get a copy of the results.
 
FRST scan (FRST.txt):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-12-2017
Ran by Daniel M. Burkus (administrator) on PC (17-12-2017 15:36:37)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-11] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-10-20] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7972528 2017-12-14] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [Kaspersky Software Updater] => C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [8546112 2017-11-20] (Kakao Corp. )
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B467908D-00FC-4908-9541-083B36A379AE}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-11] (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-11] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 [2017-12-17]
FF Homepage: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Extension: (AdBlocker Ultimate) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\adblockultimate@adblockultimate.net.xpi [2017-12-13]
FF Extension: (Flash Video Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\artur.dubovoy@gmail.com.xpi [2017-12-12]
FF Extension: (FlashStopper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\flashstopper@byo.co.il.xpi [2017-10-18] [Legacy]
FF Extension: (Google Search by Image) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\google@hitachi.com.xpi [2017-02-02] [Legacy]
FF Extension: (Markdown Viewer) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\markdownviewer@thiht.fr.xpi [2017-01-07] [Legacy]
FF Extension: (Restart Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\restartbutton@strk.jp.xpi [2016-08-16] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\sp@avast.com.xpi [2017-12-13]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\wrc@avast.com.xpi [2017-10-18]
FF Extension: (Bulk Media Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-11-07]
FF Extension: (CacheViewer Fx21) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2017-03-24] [Legacy]
FF Extension: (No Name) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2017-12-12]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-12-14]
FF Extension: (Google Hangouts Web Messenger) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{c4c8bd04-e508-46df-a109-92af7ea4992b}.xpi [2017-12-01]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2017-12-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-11] (AVAST Software)
R2 FoxitReaderService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R3 ksu; C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [157176 2017-11-11] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255616 2017-11-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157408 2017-11-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276728 2017-11-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50376 2017-11-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42848 2017-11-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124952 2017-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99560 2017-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70864 2017-11-11] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783136 2017-11-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388760 2017-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [150848 2017-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [298360 2017-11-11] (AVAST Software)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393368 2017-10-22] (Symantec Corporation)
R1 epp; C:\EEK\bin32\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-12-10] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] () [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 15:36 - 2017-12-17 15:39 - 000018433 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2017-12-17 15:31 - 2017-12-17 15:35 - 001752576 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2017-12-17 08:31 - 2017-12-17 08:31 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-16 11:02 - 2017-12-17 09:18 - 000000105 _____ C:\Users\Daniel M. Burkus.PC\Desktop\TechSpot Forum URL.txt
2017-12-13 21:50 - 2017-12-13 21:50 - 000032814 _____ C:\ComboFix.txt
2017-12-13 21:25 - 2011-06-26 15:45 - 000256000 _____ C:\Windows\PEV.exe
2017-12-13 21:25 - 2010-11-08 02:20 - 000208896 _____ C:\Windows\MBR.exe
2017-12-13 21:25 - 2009-04-20 13:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-12-13 21:25 - 2000-08-31 09:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-12-13 21:25 - 2000-08-31 09:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-12-13 21:25 - 2000-08-31 09:00 - 000098816 _____ C:\Windows\sed.exe
2017-12-13 21:25 - 2000-08-31 09:00 - 000080412 _____ C:\Windows\grep.exe
2017-12-13 21:25 - 2000-08-31 09:00 - 000068096 _____ C:\Windows\zip.exe
2017-12-13 21:21 - 2017-12-13 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-12-13 21:19 - 2017-11-11 07:13 - 000305328 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-13 15:26 - 2017-12-13 20:13 - 000000310 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Path to NVIDIA.txt
2017-12-12 21:02 - 2017-12-12 21:02 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Sun
2017-12-12 21:02 - 2017-12-12 21:02 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Sun
2017-12-12 21:01 - 2017-12-13 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-12 21:00 - 2017-12-12 21:28 - 000000000 ____D C:\ProgramData\Oracle
2017-12-12 21:00 - 2017-12-12 21:00 - 000000000 ____D C:\Program Files\Java
2017-12-11 17:31 - 2017-12-17 15:36 - 000000000 ____D C:\FRST
2017-12-10 16:39 - 2017-12-13 12:50 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\uTorrent
2017-12-07 18:37 - 2017-12-07 18:37 - 000000152 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Lee Hae-in.txt
2017-12-07 13:12 - 2017-12-07 13:12 - 000000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 6, Part 20 (Notes).txt
2017-12-07 13:11 - 2017-12-07 13:25 - 000000304 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 6, Part 20 (Text).txt
2017-12-07 13:11 - 2017-12-07 13:11 - 000000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 6, Part 19 (Notes).txt
2017-12-07 13:10 - 2017-12-07 13:24 - 000000308 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 6, Part 19 (Text).txt
2017-12-07 07:33 - 2017-12-07 07:33 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-05 09:30 - 2017-12-05 09:30 - 000474922 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Ralph Nader The Democrats Are Unable to Defend the U.S. from the “Most Vicious” Republican Party in History.htm
2017-12-05 09:30 - 2017-12-05 09:30 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Ralph Nader The Democrats Are Unable to Defend the U.S. from the “Most Vicious” Republican Party in History_files
2017-12-04 22:23 - 2017-12-04 22:23 - 000000024 _____ C:\Users\Daniel M. Burkus.PC\Desktop\YouTube Downloader URL.txt
2017-12-03 20:13 - 2017-12-03 20:14 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Mori-san's Photos of Chawan
2017-11-20 09:39 - 2017-11-20 09:39 - 000000056 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Kuro ha furui-gokoro (Sotan Nikki).txt
2017-11-19 13:04 - 2017-11-19 13:04 - 000000048 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Pinterest Login Details.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 15:16 - 2016-03-24 20:56 - 000001240 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2017-12-17 15:06 - 2017-08-20 05:18 - 015194624 ___SH C:\Users\Daniel M. Burkus.PC\Desktop\Thumbs.db
2017-12-17 08:57 - 2016-11-16 20:55 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2017-12-17 08:40 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-17 08:40 - 2009-07-14 13:34 - 000024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-17 08:30 - 2016-01-29 01:50 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-17 08:30 - 2009-07-14 13:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-16 22:25 - 2016-08-06 20:33 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2017-12-16 22:24 - 2017-01-02 11:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2017-12-16 18:54 - 2016-09-25 20:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2017-12-15 20:14 - 2016-05-14 12:47 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\MPC-HC
2017-12-15 20:13 - 2016-03-26 19:27 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2017-12-15 20:13 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\inf
2017-12-14 13:25 - 2017-07-19 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2017-12-14 13:25 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-14 13:25 - 2017-05-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-14 13:25 - 2017-05-24 11:42 - 000000000 ____D C:\ProgramData\Norton
2017-12-14 13:25 - 2016-04-13 21:34 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2017-12-14 13:25 - 2016-03-27 17:25 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Winamp
2017-12-14 13:25 - 2016-02-19 14:55 - 000000000 ____D C:\Windows\erdnt
2017-12-14 13:25 - 2016-02-15 14:57 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-14 13:25 - 2016-01-30 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-14 13:25 - 2016-01-30 08:04 - 000000000 ____D C:\Program Files\CCleaner
2017-12-14 13:25 - 2016-01-29 01:49 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-14 13:25 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\system32\NDF
2017-12-14 13:25 - 2009-07-14 11:37 - 000000000 ____D C:\Windows\registration
2017-12-13 22:03 - 2016-01-29 05:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-12-13 22:03 - 2016-01-29 05:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-12-13 22:03 - 2016-01-29 05:02 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 21:50 - 2017-06-24 12:07 - 000000000 ____D C:\Qoobox
2017-12-13 21:47 - 2009-07-14 11:04 - 000000215 _____ C:\Windows\system.ini
2017-12-13 21:23 - 2016-08-03 15:36 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2017-12-13 21:17 - 2016-03-24 07:59 - 000000000 ____D C:\Users\Daniel M. Burkus.PC
2017-12-12 22:39 - 2016-04-23 20:01 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Doctor Web
2017-12-12 22:35 - 2017-08-22 23:24 - 000007608 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2017-12-11 17:56 - 2017-05-24 11:42 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NPE
2017-12-11 08:04 - 2017-05-23 07:20 - 000000000 ____D C:\EEK
2017-12-10 14:56 - 2017-09-12 19:18 - 000000243 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Movies to Search.txt
2017-12-10 10:58 - 2017-06-30 20:06 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-10 10:57 - 2017-07-18 14:18 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu-to-wa Illustrations
2017-12-10 10:54 - 2016-04-25 09:15 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Chanoyu to wa
2017-12-10 07:38 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20171217-083839.backup
2017-12-10 07:30 - 2017-05-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-12-10 07:30 - 2016-11-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-09 16:15 - 2016-10-24 12:08 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Documentaries
2017-12-05 22:34 - 2016-08-18 23:06 - 000000084 _____ C:\Users\Daniel M. Burkus.PC\Desktop\movie time.txt
2017-12-03 08:48 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20171210-073814.backup
2017-12-02 08:56 - 2016-06-16 09:55 - 000000675 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Google Search No Country Redirect URL.txt
2017-11-30 18:15 - 2016-03-09 06:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-26 08:30 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20171203-084833.backup
2017-11-23 06:38 - 2017-11-09 12:59 - 000000002 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book page.txt
2017-11-20 18:07 - 2017-08-10 18:19 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Digital Tea Dictionary - Sadō yōgo yomikata jiten [茶道用語読み方辞典]
2017-11-19 08:37 - 2017-05-31 22:49 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts.20171126-083034.backup
2017-11-17 08:50 - 2016-03-24 08:02 - 000000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2017-08-22 23:24 - 2017-12-12 22:35 - 000007608 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-15 17:59 - 2017-04-18 00:12 - 000872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-09 12:36

==================== End of FRST.txt ============================
 
Addition (Addition.txt):

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-12-2017
Ran by Daniel M. Burkus (17-12-2017 15:40:02)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView 4.50 (32-bit) (HKLM\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.6.3.1672 - Kakao Corp.)
Kaspersky Security Scan (HKLM\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Software Updater (HKLM\...\{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 57.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
Norton Security Scan (HKLM\...\NSS) (Version: 4.6.1.84 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141666}) (Version: 4.0.19 - dotPDN LLC)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.11.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.21.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-18] (Free Time)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-10-18] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-05] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12663B07-140E-4C57-A7EC-B72E862B74B6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-14] (Piriform Ltd)
Task: {1EDEBF28-27ED-428F-8EA6-BAA48B1C1482} - System32\Tasks\Norton Security Scan for Daniel M. Burkus => C:\Program Files\Norton Security Scan\Engine\4.6.1.84\Nss.exe [2017-08-17] (Symantec Corporation)
Task: {47A5CB3B-81DB-4550-B43B-66584D9DD57F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4F9FCC77-0961-45B7-8B19-A5FC610B40A8} - System32\Tasks\SafeZone scheduled Autoupdate 1498554344 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {5439F437-1585-4F4B-B335-75DE0926C042} - System32\Tasks\{C91B6667-6FA7-4977-BE1A-CC3C386768BD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\vcredist_x86.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => C:\Windows\system32\pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {C2CCF148-F0A7-4D26-90FE-9E23911F4146} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-11] (AVAST Software)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => C:\Windows\system32\pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {F857E1A7-6248-4487-A478-1A025701E05E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-07] (AVAST Software)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-14] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-11 07:13 - 2017-11-11 07:13 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-16 08:02 - 2017-12-16 08:02 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121502\algo.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-12-17 08:32 - 2017-12-17 08:32 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121604\algo.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 000326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 000404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-18 09:27 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-18 09:27 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-18 09:27 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 000004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 000018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 000017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2017-09-08 21:38 - 2017-09-08 21:38 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-11-26 23:42 - 2016-11-26 23:42 - 000332104 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 045077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 045077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 000418512 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2017-11-11 07:13 - 2017-11-11 07:13 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2017-12-17 08:38 - 000453575 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15597 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C8C8449C-551A-4E75-AE3E-E09703125179}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F2D483B-605C-424A-A310-6870042B4E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ED93D084-BA17-416E-90D5-E23710D28A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3F3044D4-83EA-4F36-819C-0540DB3C62B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4245A8E4-FCDE-4230-8AC5-3557B279D5C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6B02DDB3-3765-4A3C-BA3D-102013750252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0EFE17E5-7BC2-42F9-BC63-9CBD3B95CEFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7456F395-39EC-4769-81B4-36090891D776}] => (Allow) C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00DD1655-DA80-46D7-9438-F9E6BE620886}] => (Allow) C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{88A6D0C8-A914-4DAD-BA5D-80DF22724A19}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9EED5CCD-D9CE-4E2B-9FFC-B3D66868D551}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

16-12-2017 08:41:32 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2017 10:42:46 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5360. Message ID: [0x2509].

Error: (12/15/2017 08:13:52 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.

Error: (12/15/2017 04:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04d00fef
Faulting process id: 0x9ac
Faulting application start time: 0x01d375182232cfb2
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: 18e6a84e-e169-11e7-ab4c-000ee8e22084

Error: (12/13/2017 10:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x025f0fef
Faulting process id: 0x1764
Faulting application start time: 0x01d37410e57e005d
Faulting application path: C:\Windows\Explorer.exe
Faulting module path: unknown
Report Id: b33e4c07-e007-11e7-bae8-000ee8e22084

Error: (12/13/2017 09:26:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x800706be).

Error: (12/13/2017 08:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 4.8.714.0, time stamp: 0x505f0220
Faulting module name: nvcplui.exe, version: 4.8.714.0, time stamp: 0x505f0220
Exception code: 0x40000015
Fault offset: 0x00157100
Faulting process id: 0x17c4
Faulting application start time: 0x01d37402ea55d044
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Report Id: 2ed7ee8d-dff6-11e7-9930-000ee8e22084

Error: (12/13/2017 07:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x58061fe3
Faulting module name: NVCPL.DLL, version: 8.17.13.4200, time stamp: 0x58061972
Exception code: 0xc0000005
Fault offset: 0x001d9b1c
Faulting process id: 0x580
Faulting application start time: 0x01d373fe190662f8
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\Windows\system32\NVCPL.DLL
Report Id: 600410a9-dff1-11e7-9c90-c9bb37610dc4

Error: (12/13/2017 07:19:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.7.4.13, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0373b5ed
Faulting process id: 0x948
Faulting application start time: 0x01d373fbce9de85a
Faulting application path: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
Faulting module path: unknown
Report Id: 12be6e37-dfef-11e7-98cb-000ee8e22084

Error: (12/13/2017 03:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x58061fe3
Faulting module name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x58061fe3
Exception code: 0x40000015
Fault offset: 0x0015a770
Faulting process id: 0x1060
Faulting application start time: 0x01d373d9320a00a6
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Report Id: 726b3bf6-dfcc-11e7-98cb-000ee8e22084

Error: (12/13/2017 03:07:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x58061fe3
Faulting module name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x58061fe3
Exception code: 0x40000015
Fault offset: 0x0015a770
Faulting process id: 0x890
Faulting application start time: 0x01d373d89891e8bd
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Report Id: d7bb4fc9-dfcb-11e7-98cb-000ee8e22084


System errors:
=============
Error: (12/16/2017 11:45:18 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (12/16/2017 11:44:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:12:35 AM on ‎12/‎16/‎2017 was unexpected.

Error: (12/15/2017 08:12:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/15/2017 08:12:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/15/2017 08:10:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/15/2017 08:10:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/15/2017 08:10:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/15/2017 08:10:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/15/2017 07:28:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/15/2017 05:59:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


CodeIntegrity:
===================================
Date: 2017-06-24 12:28:59.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 12:28:59.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DANIEL~1.PC\AppData\Local\temp\24992B468C.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-30 08:13:32.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:49.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:34.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 82%
Total physical RAM: 2047.3 MB
Available physical RAM: 365.85 MB
Total Virtual: 4094.61 MB
Available Virtual: 1562.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:39.41 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:24.78 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:40.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Nothing malicious there.
However in your Event Viewer I can see some nVidia errors so your video card may be the culprit of your problems.
But that would be a subject to Windows forum.
 
Ok, thank you very much Broni.

So do you think it is unnecessary to pursue this any further here in the Malware Forum, and so we should close the topic? If so, I will start a new thread in the Windows Forum....

-- Daniel M. Burkus
 
Ok, thank you. And thank you very much for your help. Even if it is outside of your field (or, maybe, turf would be the better word), you have much more knowledge of computers than I will ever have, so you can spot things that I can only guess at from the symptoms. I am wondering if I should even bother the Windows Forum people, or just look into getting a new video card.

Anyway, thank you, again. Please enjoy a happy holiday season, and may the New Year fulfill all of your wishes!

-- Daniel M. Burkus
 
Same to you :)
I'd definitely double check in Windows forum. Maybe it's just a driver not a card itself.
 
You must log in or register to reply here.

Similar threads

midian182
Neuralink video shows quadriplegic patient who can play chess and video games with his...
Replies
15
Views
254
quadibloc
quadibloc
A
Unbelievable lag when playing PC games in the evening only
Replies
3
Views
737
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
485
eriksnyman1
E

Latest posts

Back