You are on page 1of 117

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe


(Avira Operations GmbH & Co. KG) C:\Program Files
(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe


(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========
FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-
11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe


==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()


R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]
(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)


S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt
2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -
03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam


2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed


C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe


(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program
Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-


11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files
(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -
hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]
(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]


(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH
& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip
2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win
7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt

2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf
2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera


2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs
==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedScan result of Farbar Recovery Scan


Tool (FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)


Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe


(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:
==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-


11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]


FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft
Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]
CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win
7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop
Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]


(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn
Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)


S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology
Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt


2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt

2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt
2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01
720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp
2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win
7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed


C:\Windows\system32\User32.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe


(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========
FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-
11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe


==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()


R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]
(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)


S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt
2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -
03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam


2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed


C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]
ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program
Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-


11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]
CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx
Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)
R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]


(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &
Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk
2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win
7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt

2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi
2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win
7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-
B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat
Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed


C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common


Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage
Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program
Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =


SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-
D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-


11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/


CHR StartupUrls: Default ->
"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]

CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira
Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]

R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]


(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)


S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN
Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe
2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win
7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe

2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt

2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt
2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win
7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302003_381.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe
2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray

2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe


2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk


2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed


C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedScan result of Farbar Recovery Scan


Tool (FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-


how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe


(Adobe Systems, Incorporated) C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGSService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

() C:\Program Files\FreeLAN\bin\freelan.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft


Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage


Technology\IAStorDataMgrSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\CCLibrary\CCLibrary.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common


Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win


7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program


Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files


(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->


C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start


Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]

ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1

Internet Explorer:

==================

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-


D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program


Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program


Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
FireFox:

========

FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-


11]

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program


Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]


(VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer ->


C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files


(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files


(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft


Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->


C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files


(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader


DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative


Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default ->


"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"

CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]

CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]

CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]

CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]

CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]
CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]

CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]

CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]

CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win


7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]

CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]

CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]

CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User


Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -


hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -


hxxps://clients2.google.com/service/update2/crx

Opera:
=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop


Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016


2017-08-23] (Adobe Systems, Incorporated)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]


(Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira


Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira


Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]


(Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]


(Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files


(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
Operations GmbH & Co. KG)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)

R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]


R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]


(Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System


Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248


2017-09-06] ()

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn


Time) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft


Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations


GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH


& Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &


Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &


Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &


Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &


Co. KG)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology


Inc)

R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)

S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN


Project)

S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN


Project)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN


Project)

S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]


(The OpenVPN Project)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)

==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "

2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt

2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt

2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt

2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST

2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


7\Downloads\RogueKillerX64.exe

2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win


7\Downloads\FRST64.exe

2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text


Document.txt

2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet (1).pdf

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.zip

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win


7\Downloads\Electroneum_Offline_Wallet.pdf

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win


7\Desktop\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win


7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win


7\AppData\Roaming\Electroneum

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win


7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe
2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -
03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt

2017-12-04 17:26 - 2017-12-04 17:26 - 000015417 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt

2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

2017-12-04 01:26 - 2017-12-04 01:26 - 000023084 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt

2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01


720p HDTV DD5 1 x264-A PYLON 1.mp4

2017-12-01 21:48 - 2017-12-01 21:48 - 000014757 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -


03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt

2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt

2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip

2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk

2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf

2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html

2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-


2014.pdf

2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf

2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip

2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip

2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


7\AppData\Local\Tempzxpsign52fedccffce6ee51

2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-


latest.msi

2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win


7\Downloads\PopcornTime-latest (1).exe

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302004_127.bmp
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
7\Desktop\ScreenCapture20171109_302003_381.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302002_378.bmp

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_302000_813.bmp

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


7\Desktop\ScreenCapture20171109_301957_728.bmp

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win


7\Downloads\MouseServer.exe

2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk

2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server

2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV

2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI

2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-


B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files

2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Avira

2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira

2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe

2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS

2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job

2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-


CE

2017-12-01 19:15 - 2017-08-06 09:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Acrobat Reader DC.lnk

2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera


scheduled Autoupdate 1508256773

2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera

2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache

2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT

2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira


SystrayStartTrigger

2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


7\AppData\Local\GDIPFONTCACHEV1.DAT

2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat


Update Task

2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf


2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____


C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-13 21:25 - 2017-08-06 09:12 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Google Chrome.lnk

2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime

2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start


Menu\Programs\Popcorn Time

2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time

2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6


Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed


C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 21:12


==================== End of FRST.txt ============================

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================


C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================