Is vpnsvc a virus

Do i have a virus?

Do i have a virus?



Examination result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 performed by Ela (Administrator) on LAPTOP-VCP93I16 (13-11-2017 11:31:20) Started by C: \ Users \ Ela \ Desktop Loaded Profiles: Ela (Available Profiles: Ela) Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: German (Germany) Internet Explorer Version 11 (Standard Browser: Edge) Start Mode: Normal Instructions for Farbar Recovery Scan Tool: hxxp: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ============== ====== Processes (not on the exception list) ================== (If an entry is added to the fixlist, the process will be closed. The file will not be moved .) (Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ igfxCUIService.exe (HP) C: \ Windows \ System32 \ hpservice.exe (Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RtkAudioService64.exe (Fortinet Inc. ) C: \ Program Files (x86) \ Fortinet \ FortiClient \ scheduler.exe (Microsoft Corporation) C: \ Windows \ System32 \ wlanext.exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ Adobe Desktop Common \ ElevationManager \ AdobeUpdateService.exe (Adobe Systems, Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ AdobeGCClient \ AGSService.exe (Apple Inc.) C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe (Intel Corporation) C: \ Windows \ System32 \ Intel \ DPTF \ esif_uf.exe (Intel Corporation) C: \ Windows \ System32 \ ibtsiva.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ GeForce Experience Service \ GfExperienceService.exe (McAfee, Inc.) C: \ Windows \ System32 \ mfevtps.exe (Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ IntelCpHDCPSvc.exe (Microsoft Corporation ) C: \ Program Files \ Common Files \ microsoft shared \ ClickToRun \ OfficeClickToRun.exe (Intel (R) Corporation) C: \ Program Files \ Intel \ WiFi \ bin \ E vtEng.exe (Apple Inc.) C: \ Program Files \ Bonjour \ mDNSResponder.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfemms.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ ModuleCore \ ModuleCoreService.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe (Intel Security, Inc.) C: \ Program Files \ Common Files \ Intel Security \ PEF \ CORE \ PEFService.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamService.exe (NVIDIA Corporation) C: \ Program Files (x86) \ NVIDIA Corporation \ NetService \ NvNetworkService.exe (Intel (R) Corporation) C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ RegSrvc.exe () C: \ Program Files (x86) \ Remote Mouse \ RemoteMouseService.exe
Examination result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 performed by Ela (Administrator) on LAPTOP-VCP93I16 (13-11-2017 11:31:20) Started by C: \ Users \ Ela \ Desktop Loaded Profiles: Ela (Available Profiles: Ela) Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: German (Germany) Internet Explorer Version 11 (Standard Browser: Edge) Start Mode: Normal Instructions for Farbar Recovery Scan Tool: hxxp: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ============== ====== Processes (not on the exception list) ================== (If an entry is added to the fixlist, the process will be closed. The file will not be moved .) (Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ igfxCUIService.exe (HP) C: \ Windows \ System32 \ hpservice.exe (Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RtkAudioService64.exe (Fortinet Inc. ) C: \ Program Files (x86) \ Fortinet \ FortiClient \ scheduler.exe (Microsoft Corporation) C: \ Windows \ System32 \ wlanext.exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ Adobe Desktop Common \ ElevationManager \ AdobeUpdateService.exe (Adobe Systems, Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ AdobeGCClient \ AGSService.exe (Apple Inc.) C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe (Intel Corporation) C: \ Windows \ System32 \ Intel \ DPTF \ esif_uf.exe (Intel Corporation) C: \ Windows \ System32 \ ibtsiva.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ GeForce Experience Service \ GfExperienceService.exe (McAfee, Inc.) C: \ Windows \ System32 \ mfevtps.exe (Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ IntelCpHDCPSvc.exe (Microsoft Corporation ) C: \ Program Files \ Common Files \ microsoft shared \ ClickToRun \ OfficeClickToRun.exe (Intel (R) Corporation) C: \ Program Files \ Intel \ WiFi \ bin \ E vtEng.exe (Apple Inc.) C: \ Program Files \ Bonjour \ mDNSResponder.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfemms.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ ModuleCore \ ModuleCoreService.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe (Intel Security, Inc.) C: \ Program Files \ Common Files \ Intel Security \ PEF \ CORE \ PEFService.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamService.exe (NVIDIA Corporation) C: \ Program Files (x86) \ NVIDIA Corporation \ NetService \ NvNetworkService.exe (Intel (R) Corporation) C: \ Program Files \ Common Files \ Intel \ WirelessCommon \ RegSrvc.exe () C: \ Program Files (x86) \ Remote Mouse \ RemoteMouseService.exe () C: \ Program Files \ CyberLink \ Shared files \ RichVideo64.exe () C: \ Program Files \ AVAST Software \ SecureLine \ VpnSvc.exe (Synaptics Incorporated) C: \ Program Files \ Synaptics \ SynTP \ SynTPEnhService.exe (Microsoft Corporation) C: \ Program Files \ Windows Defende r \ MsMpEng.exe (Intel® Corporation) C: \ Program Files \ Intel \ WiFi \ bin \ ZeroConfigService.exe (TeamViewer GmbH) C: \ Program Files (x86) \ TeamViewer \ TeamViewer_Service.exe (Malwarebytes) C: \ Program Files \ Malwarebytes \ Anti-Malware \ MBAMService.exe (Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ IntelCpHeciSvc.exe (McAfee, Inc.) C: \ Windows \ System32 \ mfevtps.exe ( Fortinet Inc.) C: \ Program Files (x86) \ Fortinet \ FortiClient \ FCDBLog.exe (Fortinet Inc.) C: \ Program Files (x86) \ Fortinet \ FortiClient \ FortiESNAC.exe (Fortinet Inc.) C: \ Program Files (x86) \ Fortinet \ FortiClient \ FortiSSLVPNdaemon.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfefire.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ CSP \ 2.3.322.0 \ McCSPServiceHost.exe (Microsoft Corporation) C: \ Windows \ Microsoft.NET \ Framework64 \ v3 .0 \ WPF \ PresentationFontCache.exe (NVIDIA Corporation) C : \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamNetworkService.exe (Microsoft Corporation) C: \ Program Files \ Windows Defender \ NisSrv.exe (FortiClient System Helper) C: \ Program Files (x86) \ Fortinet \ FortiClient \ FCHelper64.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfefire.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ VSCore_15_6 \ mcapexe.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ AMCore \ mcshield.exe (Hewlett-Packard Company) C: \ Program Files (x86) \ Hewlett-Packard \ Shared \ hpqwmiex.exe (WildTangent) C: \ Program Files (x86 ) \ WildTangent Games \ App \ GamesAppIntegrationService.exe () C: \ Program Files \ GoPro \ GoPro Desktop App \ GoProDeviceDetection.exe (HP Inc.) C: \ Program Files \ HPCommRecovery \ HPCommRecovery.exe (HP Inc.) C: \ Program Files (x86) \ Hewlett-Packard \ HP Support Solutions \ HPSupportSolutionsFrameworkService.exe (Intel Corporation) C: \ Program Files \ Intel \ Intel (R) Rapid Storage Technology \ IAStorDataMgrSvc.exe (Intel Corporation) C: \ Program File s (x86) \ Intel \ Intel (R) Management Engine Components \ DAL \ jhi_service.exe (Intel Corporation) C: \ Program Files (x86) \ Intel \ Intel (R) Management Engine Components \ LMS \ LMS.exe (HP Inc.) C: \ Program Files (x86) \ HP \ HP System Event \ HPWMISVC.exe (RemoteMouse.net) C: \ Program Files (x86) \ Remote Mouse \ RemoteMouseCore.exe (RemoteMouse.net) C: \ Program Files (x86) \ Remote Mouse \ RemoteMouse.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe (Intel Corporation) C: \ Windows \ Temp \ DPTF \ esif_assist_64.exe ( Intel Corporation) C: \ Windows \ System32 \ DriverStore \ FileRepository \ ki124164.inf_amd64_85b60d2b8c3af983 \ igfxEM.exe (Malwarebytes) C: \ Program Files \ Malwarebytes \ Anti-Malware \ mbamtray.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ McAfee \ ModuleCore \ ModuleCoreService.exe (Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RAVBg64.exe (Synaptics Incorporated) C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe (McAfee, Inc.) C: \ Program Files \ Common Files \ Mc Afee \ platform \ McUICnt.exe (NVIDIA Corporation) C: \ Program Files (x86) \ NVIDIA Corporation \ Update Core \ NvBackend.exe (Synaptics Incorporated) C: \ Program Files \ Synaptics \ SynTP \ SynTPHelper.exe (Microsoft Corporation) C: \ Windows \ System32 \ Speech_OneCore \ Common \ SpeechRuntime.exe (Microsoft Corporation) C: \ Windows \ SystemApps \ Microsoft.Windows.Cortana_cw5n1h2txyewy \ RemindersServer.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display \ nvtray .exe (Fortinet Inc.) C: \ Program Files (x86) \ Fortinet \ FortiClient \ FortiTray.exe () C: \ Program Files \ GoPro \ GoPro Desktop App \ GoProDesktopSystemTray.exe (Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RtkNGUI64.exe (Microsoft Corporation) C: \ Program Files \ Windows Defender \ MSASCuiL.exe (© 2015 Microsoft Corporation) C: \ Users \ Ela \ AppData \ Local \ Microsoft \ BingSvc \ BingSvc.exe ( Google, Inc) C: \ Users \ Ela \ AppData \ Local \ Programs \ Google \ Google Photos Backup \ Google Photos Backup.exe (Hewlett-Packard Development Company, LP) C: \ Program Files \ HP \ HP ENVY 4520 series \ Bin \ ScanToPCActivationApp.exe (BlueStack Systems, Inc.) C: \ Program Files (x86) \ BlueStacks \ HD-Agent.exe (Piriform Ltd) C: \ Program Files \ CCleaner \ CCleaner64.exe (Skype Technologies SA) C: \ Program Files (x86) \ Skype \ Phone \ Skype.exe (Facebook) C: \ Users \ Ela \ AppData \ Local \ Facebook \ Games \ FacebookGameroom.exe (HP) C: \ Program Files (x86) \ HP \ HP Wireless Button Driver \ HPRadioMgr64.exe (Logitech Inc.) C: \ Program Files (x86) \ Logitech \ LWS \ Webcam Software \ LWS.exe () C: \ Program Files (x86) \ Logitech \ LWS \ Webcam Software \ CameraHelperShell.exe () C: \ Program Files \ WindowsApps \ Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c \ SkypeHost.exe (Wondershare) C: \ Program Files (x86) \ Common Files \ Wondershare \ Wondershare Helper Compact \ WSHelper. exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ ACC \ Creative Cloud.exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ OOBE \ PDApp \ IPC \ AdobeIPCBroker.exe (Hewlett-Packard) C: \ Program Files (x86) \ HP \ HP S oftware Update \ hpwuschd2.exe (Microsoft Corporation) C: \ Program Files \ Windows Defender \ MpCmdRun.exe (HP Inc.) C: \ Program Files (x86) \ HP \ HP System Event \ HPMSGSVC.exe (HP) C: \ Program Files (x86) \ HP \ HP 3D DriveGuard \ AccelerometerSt.exe (HP Development Company, LP) C: \ Program Files (x86) \ HP \ HP CoolSense \ CoolSense.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamUserAgent.exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ Adobe Desktop Common \ ADS \ Adobe Desktop Service.exe (Adobe Systems Incorporated) C: \ Program Files (x86 ) \ Common Files \ Adobe \ Adobe Desktop Common \ HEX \ Adobe CEF Helper.exe () C: \ Program Files (x86) \ Adobe \ Adobe Sync \ CoreSync \ CoreSync.exe (Adobe Systems Incorporated) C: \ Program Files ( x86) \ Adobe \ Adobe Creative Cloud \ CCXProcess \ CCXProcess.exe (Node.js) C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ CCXProcess \ libs \ node.exe (Adobe Systems Incorporated) C: \ Program Files (x86) \ Common Files \ Adobe \ Adobe Desktop Common \ HEX \ Ad obe CEF Helper.exe (Intel Corporation) C: \ Program Files \ Intel \ Intel (R) Rapid Storage Technology \ IAStorIcon.exe (The CefSharp Authors) C: \ Users \ Ela \ AppData \ Local \ Facebook \ Games \ Facebook Gameroom Browser.exe (AVAST Software) C: \ Program Files \ AVAST Software \ SecureLine \ SecureLine.exe (Mozilla Corporation) C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe (Mozilla Corporation) C: \ Program Files ( x86) \ Mozilla Firefox \ firefox.exe (Mozilla Corporation) C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe (Mozilla Corporation) C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe (Skype Technologies ) C: \ Program Files (x86) \ Skype \ Browser \ SkypeBrowserHost.exe (Skype Technologies) C: \ Program Files (x86) \ Skype \ Browser \ SkypeBrowserHost.exe (Microsoft Corporation) C: \ Windows \ SystemApps \ Microsoft. MicrosoftEdge_8wekyb3d8bbwe \ MicrosoftEdge.exe (Microsoft Corporation) C: \ Windows \ System32 \ browser_broker.exe (Microsoft Corporation) C: \ Windows \ System32 \ smartscreen.exe (Microsoft Corporation) C: \ Windows \ SystemApp s \ Microsoft.MicrosoftEdge_8wekyb3d8bbwe \ MicrosoftEdgeCP.exe (Microsoft Corporation) C: \ Windows \ System32 \ dllhost.exe ===================== Registry (not on the exception list) =========================== (When an entry is added to the fixlist, the registry entry is reset to the default value or removed. The file is not moved.) HKLM \ ... \ Run: [ShadowPlay] => "C: \ windows \ system32 \ rundll32.exe" C: \ windows \ system32 \ nvspcap64.dll, ShadowPlayOnSystemStart HKLM \ ... \ Run: [GoPro Tray App] => C: \ Program Files \ GoPro \ GoPro Desktop App \ GoProDesktopSystemTray.exe [866224 2016-12-02] () HKLM \ ... \ Run: [Wondershare Helper Compact.exe] = > C: \ Program Files \ Common Files \ Wondershare \ Wondershare Helper Compact \ WSHelper.exe HKLM \ ... \ Run: [AdobeAAMUpdater-1.0] => C: \ Program Files (x86) \ Common Files \ Adobe \ OOBE \ PDApp \ UWA \ UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM \ ... \ Run: [IAStorIcon] => C: \ Program Files \ Intel \ Intel (R) Rapid Storage Technology \ IAStorIcon .exe [320568 2016-09-20] (Intel Corporation) HKLM \ ... \ Run: [RTHDVCPL] => C: \ Program Files \ Realtek \ Audio \ HDA \ RtkNGUI64.exe [9186816 2016-12-23] (Realtek Semiconductor) HKLM \ ... \ Run: [WindowsDefender] => C: \ Program Files \ Windows Defender \ MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation) HKLM-x32 \ ... \ Run : [HP wheel ioMgr] => C: \ Program Files (x86) \ HP \ HP Wireless Button Driver \ HPRadioMgr64.exe [258600 2016-01-05] (HP) HKLM-x32 \ ... \ Run: [LWS] => C : \ Program Files (x86) \ Logitech \ LWS \ Webcam Software \ LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32 \ ... \ Run: [Wondershare Helper Compact.exe] => C: \ Program Files (x86) \ Common Files \ Wondershare \ Wondershare Helper Compact \ WSHelper.exe [2137744 2016-10-08] (Wondershare) HKLM-x32 \ ... \ Run: [Adobe Creative Cloud] => C : \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ ACC \ Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated) HKLM-x32 \ ... \ Run: [HP Software Update] => C: \ Program Files (x86) \ Hp \ HP Software Update \ HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32 \ ... \ Run: [] => [X] HKLM- x32 \ ... \ Run: [HPMessageService] => C: \ Program Files (x86) \ HP \ HP System Event \ HPMSGSVC.exe [1062392 2017-03-15] (HP Inc.) HKLM-x32 \ .. . \ Run: [svcpop] => C: \ Program Files \ Common Files \ System \ svcpop \ svcpop.exe HKLM-x32 \ ... \ Run: [AccelerometerSysTrayApplet] => C: \ Program Files (x86) \ HP \ HP 3D DriveGuard \ AccelerometerST.exe [133952 2016-09-28] (HP) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run : [BingSvc] => C: \ Users \ Ela \ AppData \ Local \ Microsoft \ BingSvc \ BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU \ S-1-5-21-3116711094- 2019905291-1396944601-1001 \ ... \ Run: [OpenOffice Updater] => C: \ Users \ Ela \ AppData \ Roaming \ OpenOffice Updater \ Updater.exe [388032 2017-11-09] () HKU \ S-1 -5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [Google Update] => C: \ Users \ Ela \ AppData \ Local \ Google \ Update \ 1.3.33.5 \ GoogleUpdateCore.exe [601168 2017 -04-30] (Google Inc.) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [Google Photos Backup] => C: \ Users \ Ela \ AppData \ Local \ Programs \ Google \ Google Photos Backup \ Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [HP ENVY 4520 series (NET)] => C: \ Program Files \ HP \ HP ENVY 4520 series \ Bin \ ScanToPCActivationApp.exe [3651080 20 15-03-09] (Hewlett-Packard Development Company, LP) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [CCleaner Monitoring] => C: \ Program Files \ CCleaner \ CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [BlueStacks Agent] => C: \ Program Files (x86) \ BlueStacks \ HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.) HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ ... \ Run: [Skype] => C: \ Program Files (x86) \ Skype \ Phone \ Skype.exe [27832264 2017-10-10] (Skype Technologies SA) HKU \ S-1-5-21-3116711094-2019905291 -1396944601-1001 \ ... \ MountPoints2: {1ec425e0-4c58-11e7-b926-d0577b9dfff2} - "G: \ win \ AutoRun.exe" HKU \ S-1-5-18 \ Control Panel \ Desktop \ SCRNSAVE .EXE -> Startup: C: \ Users \ Ela \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Facebook Gameroom.lnk [2017-07-14] ShortcutTarget: Facebook Gameroom.lnk -> C: \ Users \ Ela \ AppData \ Local \ Facebook \ Games \ FacebookGameroom.exe (Facebook) GroupPolicy: Restriction <= === ATTENTION ==================== Internet (not on the exception list) =================== = (If an entry is added to the fixlist, the entry is removed or reset to the default value if it is a registry entry.) Hosts: There is more than one entry in the hosts file.See hosts area in Addition.txt Tcpip \ Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip \ .. \ Interfaces \ {492dd641-20c8-4499-aef1-2a1a778e92e3}: [NameServer] 10.159.66.201.200,10.159.66 Tcpip \ .. \ Interfaces \ {51b1fb3e-2940-4204-adb2-c36811eb17c5}: [DhcpNameServer] 195.34.133.21 212.186.211.21 Tcpip \ .. \ Interfaces \ {92222b00-fada-4b2d-846b-dcc2 }f7f: 172.20.10.1 Internet Explorer: ================== HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.com HKLM \ Software \ Wow6432Node \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.com HKU \ .DEFAULT \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = hxxp: //hp15-comm.msn.com/? Pc = HRTE HKU \. DEFAULT \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = hxxp: //hp15-comm.msn.com/? Pc = HRTE HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001 \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = hxxp: //hp15-comm.msn.com/? Pc = HRTE SearchScopes: HKLM -> DefaultScope {46BB83F1-E5 CE-4774-A94D-E7BE83AB0253} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4DA}-BE8A-2923 - > C: \ Program Files (x86) \ Microsoft Office \ root \ VFS \ ProgramFilesX64 \ Microsoft Office \ Office16 \ OCHelper.dll [2017-11-08] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755 -C1BA-4DCB-9F13-99BD91223ADE} -> C: \ Program Files (x86) \ Hewlett-Packard \ HP Support Framework \ Resources \ HPNetworkCheck \ HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Handler-x32 : mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C: \ Program Files (x86) \ Microsoft Office \ root \ Office16 \ MSOSB.DLL [2017-11-08] (Microsoft Corporation ) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C: \ Program Files (x86) \ Microsoft Office \ root \ Office16 \ MSOSB.DLL [2017-11-08] ( Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C: \ Program Files (x86) \ Microsoft Office \ root \ Office16 \ MSOSB.DLL [2017-11-08] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C: \ Program Files (x86) \ Microsoft Office \ root \ Office16 \ MSOSB.DLL [2017-11-08] (Microsoft Corporation) Filter: application / x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c: \ Program Files \ mcafee \ msc \ McSnIePl64.dll [2017-04-17] (McAfee, Inc.) Filter-x32: application / x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c: \ Program Files (x86) \ McAfee \ msc \ McSnIePl.dll [2017-04-17] (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: lxtnxq76.default FF ProfilePath: C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default [2017-11-13] FF DefaultSearchEngine: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> Yahoo! Powered FF SearchEngineOrder.3: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> Bing FF SelectedSearchEngine: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> Yahoo! Powered FF NetworkProxy: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> autoconfig_url "," hxxp: //help.greentube.com/intern/config.pac "FF NetworkProxy: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> http "," hxxp: //help.greentube.com/intern/config.pac "FF NetworkProxy: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> no_proxies_on", "hxxp: //help.greentube.com/intern/config .pac "FF NetworkProxy: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> share_proxy_settings", true FF NetworkProxy: Mozilla \ Firefox \ Profiles \ lxtnxq76.default -> type ", 2 FF Extension: (Bing Search) - C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default \ Extensions \ [email protected] [2017-01-29] FF Extension: (Safe Browsing Version 4 (temporary add-on) ) - C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default \ Extensions \ [email protected] [2017-10-11] FF Extension: (uBlock Origin) - C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default \ Extensions \ u [email protected] [2017-11-09] FF Extension: (ReloadEvery) - C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default \ Extensions \ {888d99e7-e8b5-46a3 -851e-1ec45da1e644} .xpi [2017-05-05] FF SearchPlugin: C: \ Users \ Ela \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ lxtnxq76.default \ searchplugins \ bing-.xml [2017-01-29 ] FF HKLM-x32 \ ... \ Thunderbird \ Extensions: [[email protected]] - C: \ Program Files \ McAfee \ MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C: \ Program Files \ McAfee \ MSK [2017-03-31] [is not signed] FF Plugin: @ adobe.com / FlashPlayer -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ NPSWF64_27_0_0_183.dll [2017-10-26] () FF Plugin : @ mcafee.com / MSC, version = 10 -> c: \ PROGRA ~ 1 \ mcafee \ msc \ NPMCSN ~ 1.DLL [2017-04-17] () FF Plugin: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems) FF Plugin-x32: @ adobe.com / FlashPlayer -> C: \ WINDOWS \ SysWOW64 \ Macromed \ Flash \ NPSWF32_27_0_0_183.dll [2017- 10-26] () FF Plugin-x32: @ adobe.com / ShockwavePlayer -> C: \ windows \ SysWOW64 \ Adobe \ Director \ np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.) FF Plugin- x32: @FortinetCacheClean -> C: \ Program Files (x86) \ Fortinet \ FortiClient \ npccplugin.dll [2017-06-15] (Fortinet Inc.) FF Plugin-x32: @FortinetCacheCleanEx -> C: \ Program Files (x86 ) \ Fortinet \ FortiClient \ npccpluginex.dll [2017-06-15] (Fortinet Inc.) FF Plugin-x32: @FortinetTunnelControl -> C: \ Program Files (x86) \ Fortinet \ FortiClient \ nptcplugin.dll [2017-06 -15] (Fortinet Inc.) FF Plugin-x32: @ google.com / npPicasa3, version = 3.0.0 -> C: \ Program Files (x86) \ Google \ Picasa3 \ npPicasa3.dll [2015-10-09] (Google, Inc.) FF Plugin-x32: @ mcafee.com / MSC, version = 10 -> c: \ PROGRA ~ 2 \ mcafee \ msc \ NPMCSN ~ 1.DLL [2017-04-17] () FF plugin -x32: @ microsoft.com / SharePoint, version = 14.0 -> C: \ Program Files (x86) \ Microsoft Office \ root \ Office16 \ NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation) FF Plugin-x32: @ tools.google.com / Google Update; version = 3 -> C: \ Program Files ( x86) \ Google \ Update \ 1.3.33.5 \ npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @ tools.google.com / Google Update; version = 9 -> C: \ Program Files (x86) \ Google \ Update \ 1.3.33.5 \ npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @ WildTangent.com / GamesAppPresenceDetector, Version = 1.0 -> C: \ Program Files (x86) \ WildTangent Games \ App \ BrowserIntegration \ Registered \ 0 \ NP_wtapp.dll [2015-12-22] () FF Plugin-x32: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems) FF Plugin HKU \ S-1-5-21-3116711094-2019905291-1396944601-1001: @ tools.google.com / Google Update; version = 3 -> C: \ Users \ Ela \ AppData \ Local \ Google \ Update \ 1.3.33.5 \ npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin HKU \ S-1-5-21 -3116711094-2019905291-1396944601-1001: @ tools.google.com / Google Update; version = 9 -> C: \ Users \ Ela \ AppData \ Local \ Google \ Update \ 1.3.33.5 \ npGoogleUpdate3.dll [2017-04 -30] (Google Inc.) Chrome: ======= CHR HomePage: Def ault -> hxxp: //www.google. \ Chrome \ Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps: //clients2.google.com/service/update2/crx =============== ===== Services (not on the exception list) ===================== (If an entry is added to the fixlist, it is removed from the registry. The file will not be moved unless it is listed separately.) R2 AdobeUpdateService; C: \ Program Files (x86) \ Common Files \ Adobe \ Adobe Desktop Common \ ElevationManager \ AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated) R2 AGSService; C: \ Program Files (x86) \ Common Files \ Adobe \ AdobeGCClient \ AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) S3 BstHdAndroidSvc; C: \ Program Files (x86) \ BlueStacks \ HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C: \ Program Files (x86) \ BlueStacks \ HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C: \ Program Files (x86) \ BlueStacks \ HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C: \ Program Files \ Common Files \ Microsoft Shared \ ClickToRun \ OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation) S3 ClientAnalyticsService; C: \ Program Files \ Common Files \ McAfee \ ClientAnalytics \ Legacy \ McClientAnalytics.exe [1752992 2017-03-29] (Intel Security) S2 dbupdate; C: \ Program Files (x86) \ Dropbox \ Update \ DropboxUpdate.exe [143144 2017-01-26] (Dropbox, Inc.) S3 dbupdatem; C: \ Program Files (x86) \ Dropbox \ Update \ DropboxUpdate.exe [143144 2017-01-26] (Dropbox, Inc.) R2 esifsvc; C: \ WINDOWS \ system32 \ Intel \ DPTF \ esif_uf.exe [2208888 2016-09-02] (Intel Corporation) R2 FA_Scheduler; C: \ Program Files (x86) \ Fortinet \ FortiClient \ scheduler.exe [127296 2017-06-15] (Fortinet Inc.) R2 GamesAppIntegrationService; C: \ Program Files (x86) \ WildTangent Games \ App \ GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent) R2 GfExperienceService; C: \ Program Files \ NVIDIA Corporation \ GeForce Experience Service \ GfExperienceService.exe [1163200 2016-03-01] (NVIDIA Corporation) R2 GoProDeviceDetectionService; C: \ Program Files \ GoPro \ GoPro Desktop App \ GoProDeviceDetection.exe [37808 2016-12-02] () R2 HomeNetSvc; C: \ Program Files \ Common Files \ McAfee \ Platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 HP Comm Recover; C: \ Program Files \ HPCommRecovery \ HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [file is not signed] R2 hpsrv; C: \ WINDOWS \ system32 \ Hpservice.exe [38728 2016-10-11] (HP) R2 HPSupportSolutionsFrameworkService; C: \ Program Files (x86) \ Hewlett-Packard \ HP Support Solutions \ HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) R2 HPWMISVC; C: \ Program Files (x86) \ HP \ HP System Event \ HPWMISVC.exe [630776 2017-02-06] (HP Inc.) R2 IAStorDataMgrSvc; C: \ Program Files \ Intel \ Intel (R) Rapid Storage Technology \ IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation) S3 Intel (R) Capability Licensing Service TCP IP Interface; C: \ Program Files \ Intel \ iCLS Client \ SocketHeciServer.exe [987432 2016-07-26] (Intel (R) Corporation) S3 Intel (R) WiDi SAM; C: \ Program Files (x86) \ Intel Corporation \ Intel WiDi \ Intel (R) Software Asset Manager \ bin \ IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation) R2 jhi_service; C: \ Program Files (x86) \ Intel \ Intel (R) Management Engine Components \ DAL \ jhi_service.exe [177440 2016-10-05] (Intel Corporation) R2 MBAMService; C: \ Program Files \ Malwarebytes \ Anti-Malware \ mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 McAPExe; C: \ Program Files \ Common Files \ McAfee \ VSCore_15_6 \ McApExe.exe [994312 2017-04-04] (McAfee, Inc.) S3 McAWFwk; C: \ Program Files \ Common Files \ McAfee \ ActWiz \ McAWFwk.exe [352104 2015-09-29] (McAfee, Inc.) R2 mcbootdelaystartsvc; C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mccspsvc; C: \ Program Files \ Common Files \ McAfee \ CSP \ 2.3.322.0 \ McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.) R2 McMPFSvc; C: \ Program Files \ Common Files \ McAfee \ Platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 McNaiAnn; C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) S3 McODS; C: \ Program Files \ mcafee \ VirusScan \ mcods.exe [1344472 2017-02-24] (McAfee, Inc.) S4 McOobeSv2; C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mcpltsvc; C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 McProxy; C: \ Program Files \ Common Files \ McAfee \ platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R3 mfefire; C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfefire.exe [241040 2017-01-18] (McAfee, Inc.) R2 mfemms; C: \ Program Files \ Common Files \ McAfee \ SystemCore \ mfemms.exe [385112 2017-01-18] (McAfee, Inc.) R3 mfevtp; C: \ windows \ system32 \ mfevtps.exe [343792 2017-01-18] (McAfee, Inc.) R2 ModuleCoreService; C: \ Program Files \ Common Files \ McAfee \ ModuleCore \ ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.) S3 MSK80Service; C: \ Program Files \ Common Files \ McAfee \ Platform \ McSvcHost \ McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C: \ Program Files \ Intel \ WiFi \ bin \ PanDhcpDns.exe [269480 2017-07-03] () R2 NVDisplay.ContainerLocalSystem; C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation) R2 NvNetworkService; C: \ Program Files (x86) \ NVIDIA Corporation \ NetService \ NvNetworkService.exe [1879488 2016-03-01] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamNetworkService.exe [6308288 2016-03-01] (NVIDIA Corporation) R2 NvStreamSvc; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamService.exe [4812736 2016-03-01] (NVIDIA Corporation) R2 PEFService; C: \ Program Files \ Common Files \ Intel Security \ PEF \ CORE \ PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.) R2 RemoteMouseService; C: \ Program Files (x86) \ Remote Mouse \ RemoteMouseService.exe [18432 2016-06-25] () [file is not signed] R2 RichVideo64; C: \ Program Files \ CyberLink \ Shared files \ RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C: \ Program Files \ Realtek \ Audio \ HDA \ RtkAudioService64.exe [320512 2016-12-23] (Realtek Semiconductor) R2 SecureLine; C: \ Program Files \ AVAST Software \ SecureLine \ VpnSvc.exe [452456 2015-12-08] () R2 SynTPEnhService; C: \ Program Files \ Synaptics \ SynTP \ SynTPEnhService.exe [269912 2017-10-13] (Synaptics Incorporated) R2 TeamViewer; C: \ Program Files (x86) \ TeamViewer \ TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) R3 WdNisSvc; C: \ Program Files \ Windows Defender \ NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) R2 WinDefend; C: \ Program Files \ Windows Defender \ MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation) R2 ZeroConfigService; C: \ Program Files \ Intel \ WiFi \ bin \ ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation) R2 ibtsiva; % SystemRoot% \ system32 \ ibtsiva [X] ===================== Driver (Not on the exception list) ============= ========== (If an entry is added to the fixlist, it is removed from the registry. The file is not moved unless it is listed separately.) R3 Accelerometer; C: \ WINDOWS \ system32 \ DRIVERS \ Accelerometer.sys [56128 2016-10-11] (HP) S3 BstHdDrv; C: \ Program Files (x86) \ BlueStacks \ HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems) S3 BstkDrv; C: \ Program Files (x86) \ BlueStacks \ BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc.) R3 CAMBOXDRV; C: \ WINDOWS \ system32 \ DRIVERS \ camboxdrv.sys [39984 2016-07-11] (Windows (R) Win 7 DDK provider) R3 cfwids; C: \ WINDOWS \ System32 \ drivers \ cfwids.sys [88464 2017-01-20] (McAfee, Inc.) S3 dg_ssudbus; C: \ WINDOWS \ system32 \ DRIVERS \ ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C: \ WINDOWS \ System32 \ drivers \ dptf_cpu.sys [66624 2016-08-12] (Intel Corporation) R3 esif_lf; C: \ WINDOWS \ system32 \ DRIVERS \ esif_lf.sys [350272 2016-08-12] (Intel Corporation) S3 fortiapd; C: \ WINDOWS \ System32 \ drivers \ fortiapd.sys [18000 2017-06-15] (Fortinet Inc) R1 FortiFilter; C: \ WINDOWS \ system32 \ DRIVERS \ FortiFilter.sys [45792 2015-08-26] (Fortinet Inc) S1 FortiFW; C: \ WINDOWS \ System32 \ drivers \ FortiFW2.sys [37456 2017-06-15] (Fortinet Inc) S3 Fortips; C: \ WINDOWS \ System32 \ drivers \ fortips.sys [147536 2017-06-15] (Fortinet Inc) R1 FortiShield; C: \ WINDOWS \ System32 \ drivers \ FortiShield.sys [72272 2017-06-15] (Fortinet Inc) S3 fortisniff; C: \ WINDOWS \ System32 \ drivers \ fortisniff2.sys [85072 2017-06-15] (Fortinet Inc) S3 ftsvnic; C: \ WINDOWS \ System32 \ drivers \ ftsvnic.sys [66600 2017-04-24] (Fortinet Inc.) R3 ft_vnic; C: \ WINDOWS \ System32 \ drivers \ ftvnic.sys [71928 2015-08-26] (Fortinet Inc) S3 HipShieldK; C: \ WINDOWS \ System32 \ drivers \ HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.) R0 hpdskflt; C: \ WINDOWS \ System32 \ DRIVERS \ hpdskflt.sys [42312 2016-10-11] (HP) R3 ibtusb; C: \ WINDOWS \ system32 \ DRIVERS \ ibtusb.sys [244744 2017-04-13] (Intel Corporation) R0 MBAMSwissArmy; C: \ WINDOWS \ System32 \ Drivers \ mbamswissarmy.sys [252232 2017-10-11] (Malwarebytes) R3 mfeaack; C: \ WINDOWS \ System32 \ drivers \ mfeaack.sys [487184 2017-01-20] (McAfee, Inc.) R3 mfeavfk; C: \ WINDOWS \ System32 \ drivers \ mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.) S0 mfeelamk; C: \ WINDOWS \ System32 \ drivers \ mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.) R3 mfefirek; C: \ WINDOWS \ System32 \ drivers \ mfefirek.sys [518704 2017-01-20] (McAfee, Inc.) R0 mfehidk; C: \ WINDOWS \ System32 \ drivers \ mfehidk.sys [923640 2017-01-20] (McAfee, Inc.) R3 mfencbdc; C: \ WINDOWS \ System32 \ DRIVERS \ mfencbdc.sys [498648 2017-01-18] (McAfee, Inc.) S3 mfencrk; C: \ WINDOWS \ System32 \ DRIVERS \ mfencrk.sys [109320 2017-01-18] (McAfee, Inc.) R3 mfeplk; C: \ WINDOWS \ System32 \ drivers \ mfeplk.sys [110256 2017-01-20] (McAfee, Inc.) R0 mfewfpk; C: \ WINDOWS \ System32 \ drivers \ mfewfpk.sys [254800 2017-01-20] (McAfee,Inc.) R1 MpKsl9bbe0bf6; C: \ ProgramData \ Microsoft \ Windows Defender \ Definition Updates \ {03B0A996-BFFB-4687-9E42-76A59503B4AB} \ MpKsl9bbe0bf6.sys [58120 2017-11-13] (Microsoft Corporation) S3 mtkmbim; C: \ WINDOWS \ System32 \ drivers \ mtkmbim7_x64.sys [209920 2012-12-14] (MBB) S3 NetAdapterCx; C: \ WINDOWS \ System32 \ drivers \ NetAdapterCx.sys [90624 2016-07-16] () S3 Netwtw02; C: \ WINDOWS \ System32 \ drivers \ Netwtw02.sys [6724368 2016-02-06] (Intel Corporation) R3 Netwtw04; C: \ WINDOWS \ System32 \ drivers \ Netwtw04.sys [7643648 2017-07-13] (Intel Corporation) R3 nvlddmkm; C: \ WINDOWS \ System32 \ DriverStore \ FileRepository \ nvhm.inf_amd64_f0b2a5e1e71031b3 \ nvlddmkm.sys [15620208 2017-10-16] (NVIDIA Corporation) R3 NvStreamKms; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamKms.sys [26560 2016-03-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C: \ WINDOWS \ system32 \ drivers \ nvvad64v.sys [47760 2016-03-01] (NVIDIA Corporation) R3 pppop; C: \ WINDOWS \ System32 \ drivers \ pppop64.sys [54344 2016-03-29] (Fortinet Inc.) R3 rt640x64; C: \ WINDOWS \ System32 \ drivers \ rt640x64.sys [943112 2016-08-05] (Realtek) S3 RTSPER; C: \ WINDOWS \ system32 \ DRIVERS \ RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation) S3 RTSUER; C: \ WINDOWS \ system32 \ Drivers \ RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation) S3 SmbDrv; C: \ WINDOWS \ System32 \ drivers \ Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated) R3 SmbDrvI; C: \ WINDOWS \ system32 \ DRIVERS \ Smb_driver_Intel.sys [46680 2017-10-13] (Synaptics Incorporated) S3 ssudmdm; C: \ WINDOWS \ system32 \ DRIVERS \ ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S0 WdBoot; C: \ WINDOWS \ System32 \ drivers \ WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C: \ WINDOWS \ System32 \ drivers \ WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 wdf_usb; C: \ WINDOWS \ system32 \ DRIVERS \ usb2ser.sys [82944 2012-12-13] (MBB) R3 WdNisDrv; C: \ WINDOWS \ System32 \ Drivers \ WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C: \ WINDOWS \ System32 \ drivers \ WirelessButtonDriver64.sys [30544 2015-08-12] (HP) ==================== NetSvcs (Not on the exception list) ==================== (If an entry is added to the fixlist, it will be removed from the registry. The file will not be moved unless it is listed separately.) = ==================== One month: files and folders created ======== (If an entry is added to the fixlist, the file / folder 2017-11-13 10:55 - 2017-11-13 10:55 - 000000000 ____D C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ McAfee 2017-11-12 11:56 - 2017-11 -12 13:02 - 000000000 ____D C: \ Users \ Ela \ Downloads \ HolmeZ 2017-11-12 11:56 - 2017-11-12 11:56 - 000000000 ____D C: \ Users \ Ela \ AppData \ Local \ IsolatedStorage 2017-11-12 11:54 - 2017-11-12 11:56 - 000000000 ____D C: \ Users \ Ela \ AppData \ Roaming \ HolmeZ 2017-11-12 11:54 - 2017-11-12 11:54 - 000002014 _____ C: \ Users \ Public \ Desktop \ HolmeZ Newsreader.lnk 2017-11-12 11:54 - 2017-11-1 2 11:54 - 000001957 _____ C: \ Users \ Public \ Desktop \ HolmeZ check for updates. Lnk 2017-11-12 11:54 - 2017-11-12 11:54 - 000000000 ____D C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ HolmeZ 2017-11-12 11:54 - 2017-11-12 11:54 - 000000000 ____D C: \ Program Files (x86) \ HolmeZ 2017-11-12 11:53 - 2017-11- 12 11:53 - 016789168 _____ (HolmeZ SoftSolutions Pte. Ltd.) C: \ Users \ Ela \ Downloads \ Holmez.exe 2017-11-12 11:53 - 2017-11-12 11:53 - 000000000 ____D C: \ Users \ Ela \ AppData \ Roaming \ HolmeZ 2.3.1 2017-11-12 11:53 - 2017-11-12 11:53 - 000000000 ____D C: \ Users \ Ela \ AppData \ Local \ AdvinstAnalytics 2017-11-12 08:02 - 2017-11-13 11:31 - 000000000 ____D C: \ Users \ Ela \ Desktop \ FRST-OlderVersion 2017-11-12 07:47 - 2017-11-12 07:51 - 000000000 ____D C: \ AdwCleaner 2017-11-12 07:47 - 2017-11 -12 07:47 - 008261584 _____ (Malwarebytes) C: \ Users \ Ela \ Downloads \ AdwCleaner_7.0.4.0.exe 2017-11-09 17:59 - 2017-11-09 17:59 - 000357545 _____ C: \ Users \ Ela \ Desktop \ doc01476320171109095335.pdf 2017-11-08 22:53 - 2017-11-08 22:53 - 000001466 _____ C: \ Users \ Ela \ Desktop \ Fixlog.txt 2017-11-08 22:46 - 2017-11-13 11:31 - 000035978 _____ C: \ Users \ Ela \ Desktop \ FRST.txt 2017-11-08 22:46 - 2017-11-12 08:04 - 000070457 _____ C: \ Users \ Ela \ Desktop \ Addition.txt 2017-11-08 22:43 - 2017-11-08 22:48 - 000071091 _____ C: \ Users \ Ela \ Downloads \ Addition.txt 2017-11-08 22:42 - 2017-11- 13 11:31 am - 0 02392576 _____ (Farbar) C: \ Users \ Ela \ Desktop \ FRST64.exe 2017-11-08 22:42 - 2017-11-13 11:31 - 000000000 ____D C: \ FRST 2017-11-08 22:42 - 2017-11-08 22:48 - 000090010 _____ C: \ Users \ Ela \ Downloads \ FRST.txt 2017-11-08 22:41 - 2017-11-08 22:41 - 001799680 _____ (Farbar) C: \ Users \ Ela \ Downloads \ FRST.exe 2017-11-08 22:36 - 2017-11-08 22:39 - 000001168 _____ C: \ Users \ Ela \ Downloads \ FSS.txt 2017-11-08 22:36 - 2017 -11-08 22:36 - 000899584 _____ (Farbar) C: \ Users \ Ela \ Downloads \ FSS.exe 2017-11-08 21:54 - 2017-11-08 21:54 - 002870984 _____ (ESET) C: \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (13) .exe 2017-11-07 13:29 - 2017-11-07 13:29 - 002870984 _____ (ESET) C: \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (12). exe 2017-11-07 13:29 - 2017-11-07 13:29 - 002870984 _____ (ESET) C: \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (11) .exe 2017-11-07 12:34 - 2017- 11-07 12:34 - 002870984 _____ (ESET) C: \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (10) .exe 2017-11-03 10:15 - 2017-11-03 10:15 - 002870984 _____ (ESET) C. : \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (9) .exe 2017-11-02 21:10 - 2017-11-12 22:01 - 000009216 _____ C: \ Users \ Ela \ Desktop \ gametwist.xls 2017-10- 26 15:54 - 2017-11-13 10:51 - 001388448 _____ C: \ Users \ Public \ VOIP.dat 2017-10-26 14:36 ​​- 2017-11-13 10:51 - 001388448 _____ C: \ Users \ Public \ ASR.dat 2017-10-26 09:15 - 2017-10-26 09:15 - 002870984 _____ (ESET) C: \ Users \ Ela \ Downloads \ esetsmartinstaller_deu (8) .exe 2017-10-26 05 : 55 - 2017-11-03 06:51 - 000000000 ____D C: \ Program Files (x86) \ VulkanRT 2017-10-26 05:55 - 2017-07-20 18:21 - 000905504 _____ C: \ WINDOWS \ system32 \ vulkan-1.dll 2017-10-26 05:55 - 2017-07-20 18:21 - 000776992 _____ C: \ WINDOWS \ SysWOW64 \ vulkan-1.dll 2017-10-26 05:55 - 2017-07 -20 18:21 - 000578848 _____ C: \ WINDOWS \ system32 \ vulkaninfo.exe 2017-10-26 05:55 - 2017-07-20 18:21 - 000477472 _____ C: \ WINDOWS \ SysWOW64 \ vulkaninfo.exe 2017- 10-16 14:45 - 2017-11-05 11:35 - 000000000 ____D C: \ Users \ Ela \ Desktop \ gametwist 2017-10-16 00:18 - 2017-10-16 00:18 - 035934136 _____ (NVIDIA Cor poration) C: \ WINDOWS \ system32 \ nvoglv64.dll 2017-10-16 00:18 - 2017-10-16 00:18 - 029028792 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvoglv32.dll 2017-10- 16 00:13 - 2017-10-16 00:13 - 000981616 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ NvIFR64.dll 2017-10-16 00:13 - 2017-10-16 00:13 - 000932976 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ NvIFR.dll 2017-10-16 00:13 - 2017-10-16 00:13 - 000618424 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ NvIFROpenGL.dll 2017- 10-16 00:13 - 2017-10-16 00:13 - 000507832 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ NvIFROpenGL.dll 2017-10-16 00:12 - 2017-10-16 00:12 - 001996912 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvdispco6438569.dll 2017-10-16 00:12 - 2017-10-16 00:12 - 001615288 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvdispgenco6438569.dll 2017-10-16 00:12 - 2017-10-16 00:12 - 001076664 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ NvFBC64.dll 2017-10-16 00:12 - 2017-10-16 00: 12 - 001013872 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ NvFBC.dll 2017-10-16 00:11 - 2017-10-16 00:11 - 040248760 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvcompiler.dll 2017-10-16 00 : 11 - 2017-10-16 00:11 - 035322808 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvcompiler.dll 2017-10-16 00:11 - 2017-10-16 00:11 - 023343840 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvopencl.dll 2017-10-16 00:11 - 2017-10-16 00:11 - 019023464 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvopencl.dll 2017-10- 16 00:11 - 2017-10-16 00:11 - 012357696 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvptxJitCompiler.dll 2017-10-16 00:11 - 2017-10-16 00:11 - 010184544 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvptxJitCompiler.dll 2017-10-16 00:11 - 2017-10-16 00:11 - 004153784 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvcuvid.dll 2017- 10-16 00:11 - 2017-10-16 00:11 - 003584440 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvcuvid.dll 2017-10-16 00:10 - 2017-10-16 00:10 - 001312216 _____ (NVIDIA Corporation) C: \ WINDOWS \ sy stem32 \ nvEncMFTH264.dll 2017-10-16 00:10 - 2017-10-16 00:10 - 001026600 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvEncMFTH264.dll 2017-10-16 00:10 - 2017- 10-16 00:10 - 000797568 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvEncodeAPI64.dll 2017-10-16 00:10 - 2017-10-16 00:10 - 000705448 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ nvfatbinaryLoader.dll 2017-10-16 00:10 - 2017-10-16 00:10 - 000631592 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvEncodeAPI.dll 2017-10-16 00:10 - 2017-10-16 00:10 - 000592024 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvfatbinaryLoader.dll 2017-10-16 00:09 - 2017-10-16 00:09 - 013912344 _____ (NVIDIA Corporation) C : \ WINDOWS \ system32 \ nvcuda.dll 2017-10-16 00:09 - 2017-10-16 00:09 - 011804040 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvcuda.dll 2017-10-16 00: 09 - 2017-10-16 00:09 - 003753392 _____ (NVIDIA Corporation) C: \ WINDOWS \ SysWOW64 \ nvapi.dll 2017-10-15 23:55 - 2017-10-15 23:55 - 000000669 _____ C: \ WINDOWS \ SysWOW64 \ nv-vk32.json 20 17-10-15 23:55 - 2017-10-15 23:55 - 000000669 _____ C: \ WINDOWS \ system32 \ nv-vk64.json =================== == One month: Changed files and folders ======== (If an entry is added to the fixlist, the file / folder will be moved. INI 2017-11-12 07:59 - 2016-07-16 23:51 - 001817914 _____ C: \ WINDOWS \ system32 \ perfh007.dat 2017-11-12 07:59 - 2016-07-16 23:51 - 000472756 _____ C: \ WINDOWS \ system32 \ perfc007.dat 2017-11- 12 07:51 - 2017-09-08 10:44 - 000000000 ____D C: \ Users \ Ela \ AppData \ Local \ Downloaded Installations 2017-11-12 07:51 - 2017-01-26 12:51 - 000000006 ____H C : \ WINDOWS \ Tasks \ SA.DAT 2017-11-12 07:51 - 2016-07-16 07:04 - 000524288 _____ C: \ WINDOWS \ system32 \ config \ BBI 2017-11-12 07:26 - 2017- 01-29 12:13 - 000000000 ____D C: \ ProgramData \ Skype 2017-11-12 07:25 - 2017-08-25 15:35 - 000000356 _____ C: \ WINDOWS \ Tasks \ HPCeeScheduleForEla.job 2017-11-12 07:25 - 2017-01-26 12:48 - 000000000 ____D C: \ Users \ Ela 2017-11-12 07:24 - 2017-02-01 20:54 - 000002271 _____ C: \ ProgramData \ Wed crosoft \ Windows \ Start Menu \ Programs \ Google Chrome.lnk 2017-11-10 16:13 - 2017-08-25 15:35 - 000003240 _____ C: \ WINDOWS \ System32 \ Tasks \ HPCeeScheduleForEla 2017-11-09 10: 18 - 2016-07-16 12:47 - 000000000 ____D C: \ WINDOWS \ AppReadiness 2017-11-08 10:02 - 2016-07-16 12:47 - 000000000 ____D C: \ ProgramData \ regid.1991-06. com.microsoft 2017-11-08 10:01 - 2016-04-01 03:00 - 000000000 ____D C: \ Program Files (x86) \ Microsoft Office 2017-11-08 09:48 - 2016-07-16 12: 47 - 000000000 ___HD C: \ Program Files \ WindowsApps 2017-11-07 20:18 - 2017-01-26 13:03 - 000000000 ____D C: \ Program Files (x86) \ Mozilla Maintenance Service 2017-11-07 20: 18 - 2017-01-26 13:03 - 000000000 ____D C: \ Program Files (x86) \ Mozilla Firefox 2017-11-07 20:18 - 2016-07-16 07:04 - 000032768 _____ C: \ WINDOWS \ system32 \ config \ ELAM 2017-11-07 10:47 - 2016-07-16 12:36 - 000000000 ____D C: \ WINDOWS \ CbsTemp 2017-11-05 06:51 - 2017-07-26 08:53 - 000003374 _____ C: \ WINDOWS \ System32 \ Tasks \ OneDrive Standalone Update Task-S-1-5-21-3116711094-20199 05291-1396944601-1001 2017-11-05 06:51 - 2017-01-26 12:12 - 000002388 _____ C: \ Users \ Ela \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ OneDrive.lnk 2017- 11-05 06:51 - 2017-01-26 12:12 - 000000000 ___RD C: \ Users \ Ela \ OneDrive 2017-11-03 06:51 - 2017-01-26 12:47 - 000000000 ____D C: \ Program Files \ Intel 2017-11-03 06:49 - 2017-10-04 16:50 - 000000000 ____D C: \ Program Files \ rempl 2017-10-30 08:22 - 2017-01-26 12:51 - 000004252 _____ C: \ WINDOWS \ System32 \ Tasks \ avast! SL Update 2017-10-29 07:14 - 2016-07-16 12:47 - 000000000 ____D C: \ WINDOWS \ system32 \ NDF 2017-10-26 10:36 - 2016-07-16 12:47 - 000000000 ____D C: \ WINDOWS \ SysWOW64 \ Macromed 2017-10-26 10:36 - 2016-07-16 12:47 - 000000000 ____D C: \ WINDOWS \ system32 \ Macromed 2017-10-26 09:06 - 2016-11-12 15:49 - 000000000 ____D C: \ Program Files (x86) \ McAfee 2017-10-26 05:55 - 2017-09-20 20:30 - 000000000 ____D C: \ temp 2017-10-26 05:54 - 2017 -01-26 12:47 - 000000000 ____D C: \ Program Files \ NVIDIA Corporation 2017-10-25 19:13 - 2017-09-13 13:27 - 000835568 _____ (Adobe Systems Incorporated) C: \ WINDOWS \ SysWOW64 \ FlashPlayerApp.exe 2017-10-25 19:13 - 2017-09-13 13:27 - 000177648 _____ (Adobe Systems Incorporated) C: \ WINDOWS \ SysWOW64 \ FlashPlayerCPLApp.cpl 2017-10-24 08:37 - 2017-01 -26 12:10 - 000000000 ____D C: \ Users \ Ela \ AppData \ Local \ Packages 2017-10-16 00:18 - 2016-12-02 02:12 - 015620208 _____ (NVIDIA Corporation) C: \ WINDOWS \ system32 \ Drivers \ nvlddmkm.sys 2017-10-16 00:09 - 2016-12-02 02:08 - 004256264 _____ (NV IDIA Corporation) C: \ WINDOWS \ system32 \ nvapi64.dll 2017-10-15 23:55 - 2016-10-27 18:35 - 000046443 _____ C: \ WINDOWS \ system32 \ nvinfo.pb ======= ============= Files in the root directory of some directories ======= 2017-04-27 10:35 - 2017-04-27 10:35 - 000000000 _____ () C: \ Users \ Ela \ AppData \ Roaming \ Nesato 2017-01-30 11:21 - 2017-01-30 11:53 - 000003584 _____ () C: \ Users \ Ela \ AppData \ Local \ DCBC2A71-70D8-4DAN-EHR8- E0D61DEA3FDF.ini 2017-02-18 14:41 - 2017-02-18 14:41 - 000000057 _____ () C: \ ProgramData \ Ament.ini files that should be moved or deleted: ======== ============ C: \ Users \ Public \ ASR.dat C: \ Users \ Public \ VOIP.dat =================== == Bamital & volsnap ====================== (There is no automatic fix for files that failed verification.) C: \ WINDOWS \ system32 \ winlogon.exe => File is digitally signed C: \ WINDOWS \ system32 \ wininit.exe => File is digitally signed C: \ WINDOWS \ explorer.exe => File is digitally signed C: \ WINDOWS \ SysWOW 64 \ explorer.exe => File is digitally signed C: \ WINDOWS \ system32 \ svchost.exe => File is digitally signed C: \ WINDOWS \ SysWOW64 \ svchost.exe => File is digitally signed C: \ WINDOWS \ system32 \ services.exe => File is digitally signed C: \ WINDOWS \ system32 \ User32.dll => File is digitally signed C: \ WINDOWS \ SysWOW64 \ User32.dll => File is digitally signed C: \ WINDOWS \ system32 \ userinit. exe => File is digitally signed C: \ WINDOWS \ SysWOW64 \ userinit.exe => File is digitally signed C: \ WINDOWS \ system32 \ rpcss.dll => File is digitally signed C: \ WINDOWS \ system32 \ dnsapi.dll = > File is digitally signed C: \ WINDOWS \ SysWOW64 \ dnsapi.dll => File is digitally signed C: \ WINDOWS \ system32 \ Drivers \ volsnap.sys => File is digitally signed LastRegBack: 2017-11-12 12:40 = ==================== End of FRST.txt =========================== ==