microsoft security essentials says i have a virus and need to restart to clean it but every time i restart it says it again anyways. cannot remove it. i have windows 7 64 bit this started out as a lot of issues from browser tabs crashing almost constantly bsod's random pc lock ups where the mouse would move but couldent click or do anytihng unless i force restarted it. this morning i did a system restore and that fixed the lock ups and browser tab issues but the virus cleaning thing is still there.
heres the first log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by moo (administrator) on MOO-PC (MSI MS-7721) (14-07-2019 20:49:34)
Running from C:\Users\moo\Downloads
Loaded Profiles: moo (Available Profiles: moo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Bils) [File not signed] C:\Program Files (x86)\PC Equalizer\PCEqualizer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(SRS Labs, Inc -> SRS Labs, Inc.) C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [PCEqualizer] => C:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [5970432 2018-12-30] (Bils) [File not signed]
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [SRS Audio Sandbox] => C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [3676952 2010-01-07] (SRS Labs, Inc -> SRS Labs, Inc.)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Google Update] => C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-14] (Google Inc -> Google LLC)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646912 2019-07-02] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac684-9a9f-11e8-b527-309c233e923a} - G:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac685-9a9f-11e8-b527-309c233e923a} - H:\Setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac686-9a9f-11e8-b527-309c233e923a} - I:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac687-9a9f-11e8-b527-309c233e923a} - J:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {9cc79652-9d15-11e8-b27c-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {de7e9a92-1579-11e0-aeb1-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-09-29] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2005-09-27] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2005-09-27] (On2.com) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15EB8770-E8BE-435A-B898-EBE972FC106A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1D03792D-DE51-44C6-BBE9-E3B3C61FD9A3} - System32\Tasks\{4922ACCA-2A38-4F62-B3FA-C1A010D23BE2} => C:\Program Files (x86)\Event 0\event0.exe [20671488 2016-09-14] () [File not signed]
Task: {267A3E63-654A-49B3-A229-8C6215A81CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2018-12-20] (Google Inc -> Google Inc.)
Task: {2819E0ED-C93F-49FD-AB3C-E5C041462CAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178271911-2487205750-2762887493-1000UA => C:\Users\moo\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2018-12-20] (Google Inc -> Google Inc.)
Task: {2F57F06B-40E1-49CB-9A18-7C467FD177E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648232 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E4B8360-EC80-45F0-9E1C-1529648F3E6F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C8BA2C8-5208-4D42-9D95-FB54F26AC723} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F5B8E7B-5A1D-4E52-8F73-D11E089720BA} - System32\Tasks\{C8C90E3B-E551-47C0-BD09-3C8A4BFC9437} => C:\Program Files (x86)\Event 0\event0.exe [20671488 2016-09-14] () [File not signed]
Task: {5CD8F60C-7643-4601-8429-BB4AA478F703} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590888 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F424E69-CB0C-4C0F-B029-FEAC2859B4E1} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {77D57630-AE2B-4692-A638-7FB505C7DD12} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-178271911-2487205750-2762887493-1000 => C:\Users\moo\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-19] (Mega Limited -> Mega Limited)
Task: {7BF72013-BC09-4605-B55D-BF8B64C8F31A} - System32\Tasks\Core Temp Autostart moo => C:\Program Files\Core Temp\Core Temp.exe [1010064 2019-05-18] (ALCPU -> ALCPU)
Task: {85BF06BA-30A6-4F01-AE20-1C2067683C03} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728936 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D0FF65B-0FEB-4E06-A961-96385580F63D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {956BB8F9-2B79-4441-8483-3076B4ED7512} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-19] (Adobe Inc. -> Adobe)
Task: {A5045116-59F0-4D0B-962D-793FAF91C2D2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3BEB967-509F-4045-A65B-E4F8D0F9543E} - System32\Tasks\{B2A275B3-D441-41C8-8429-42CCEFD93926} => C:\Windows\system32\pcalua.exe -a C:\Users\moo\Downloads\vcredist_x86(2).exe -d C:\Users\moo\Downloads
Task: {D42E9E17-B0FB-4FED-A183-9BC8DC18D86E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB37F3B8-D7CF-40B0-B968-91C5FF747FC8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE20C62A-3783-4F6F-979B-89F714BB428C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2018-12-20] (Google Inc -> Google Inc.)
Task: {E7C89670-81FF-4C4E-B5A7-F827E587D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178271911-2487205750-2762887493-1000Core => C:\Users\moo\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2018-12-20] (Google Inc -> Google Inc.)
Task: {EA1B017E-0726-4FD8-92C4-285075728403} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F819013E-E293-4B70-B1A3-199C4C1C3DEC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5A9CAB87-04F7-4F44-BAE2-D7F2ACCB7093}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{C67C534F-48BD-480A-84D4-5D5E92751650}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D0150125-F58E-44B7-BD52-F2285C6E5B5D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EA7CCEAD-1756-4A01-A84F-0D6F3713B0E6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-178271911-2487205750-2762887493-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D061619-N0400A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-178271911-2487205750-2762887493-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D061619-N0400A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF DefaultProfile: pxwegxtr.default
FF DefaultProfile: wg8mg47o.Default User-1555246507613
FF ProfilePath: C:\Users\moo\AppData\Roaming\Waterfox\Profiles\pxwegxtr.default [2018-10-27]
FF Homepage: Waterfox\Profiles\pxwegxtr.default -> google.com/
FF ProfilePath: C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 [2019-07-14]
FF Homepage: Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 -> google.com
FF NewTab: Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 -> hxxp://www.bing.com/?pc=COS2&ptag=D061619-N0300A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF SearchPlugin: C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613\searchplugins\bing-lavasoft-ff59.xml [2019-06-16]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-19] (Adobe Inc. -> )
FF Plugin: @Java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-19] (Adobe Inc. -> )
FF Plugin-x32: @ITStructures.com/ffactivex -> C:\Program Files\Firefox ActiveX Plugin\npffax.dll [2011-12-28] () [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2018-12-13] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2018-12-13] () [File not signed]
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @Talk.google.com/GoogleTalkPlugin -> C:\Users\moo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @Talk.google.com/O1DPlugin -> C:\Users\moo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @tools.google.com/Google Update;version=3 -> C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @tools.google.com/Google Update;version=9 -> C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\moo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2019-02-11]
FF Plugin ProgramFiles/Appdata: C:\Users\moo\AppData\Roaming\mozilla\plugins\npo1d.dll [2019-02-11]
StartMenuInternet: Firefox-4752291C603E35AC - C:\Users\moo\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default [2019-06-16]
CHR Extension: (Slides) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-09]
CHR Extension: (Docs) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-09]
CHR Extension: (Google Drive) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-09]
CHR Extension: (YouTube) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-03]
CHR Extension: (Sheets) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-09]
CHR Extension: (Gmail) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
CHR Profile: C:\Users\moo\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-23] (Advanced Micro Devices, Inc.) [File not signed]
S4 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2066632 2018-11-30] (philandro Software GmbH -> )
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer USA Ltd. -> Razer Inc)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2019-01-28] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290352 2018-12-19] (Razer USA Ltd. -> Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [108256 2015-01-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [229088 2015-01-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [83656 2014-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [43720 2014-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-12-13] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [103064 2013-05-01] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(???? |))
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S1 mrjgvfmu; C:\Windows\system32\drivers\mrjgvfmu.sys [72816 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] (SRS Labs, Inc -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [203672 2013-05-01] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(???? |))
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [60640 2014-02-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 ALSysIO; \??\C:\Users\moo\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 MpKslf5df9b9a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD16507F-D807-4AF5-98D4-62C78301D699}\MpKslf5df9b9a.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-14 20:49 - 2019-07-14 20:50 - 000025481 _____ C:\Users\moo\Downloads\FRST.txt
2019-07-14 20:43 - 2019-07-14 20:48 - 000000000 _____ C:\Users\moo\Downloads\Addition.txt
2019-07-14 20:37 - 2019-07-14 20:49 - 000000000 ____D C:\FRST
2019-07-14 20:37 - 2019-07-14 20:37 - 002095104 _____ (Farbar) C:\Users\moo\Desktop\FRST64.exe
2019-07-14 20:34 - 2019-07-14 20:34 - 001268344 _____ (ALCPU ) C:\Users\moo\Downloads\Core-Temp-setup(2).exe
2019-07-14 20:33 - 2019-07-14 20:33 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrjgvfmu.sys
2019-07-14 09:00 - 2019-07-14 15:08 - 000065291 _____ C:\Users\moo\Desktop\bookmarks-2019-07-14.json
2019-07-14 08:59 - 2019-07-14 08:59 - 062611872 _____ (Skype Technologies S.A.) C:\Users\moo\Downloads\Skype-8.49.0.49.exe
2019-07-14 08:59 - 2019-07-14 08:59 - 000001348 _____ C:\Users\Public\Desktop\Skype.lnk
2019-07-14 08:59 - 2019-07-14 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-13 19:52 - 2019-07-14 20:32 - 000000000 ____D C:\Users\moo\Desktop\neon
2019-07-11 19:49 - 2019-07-14 08:50 - 000000000 ____D C:\Windows\Minidump
2019-07-02 23:35 - 2019-07-02 23:35 - 000000000 ____D C:\Temp
2019-06-29 22:40 - 2019-06-29 21:58 - 2576747849 ____N C:\Users\moo\Desktop\20190629_213044.mp4
2019-06-18 21:28 - 2019-06-18 21:28 - 000001008 _____ C:\Users\moo\Desktop\Start Tor Browser.lnk
2019-06-18 21:25 - 2019-06-18 22:31 - 000000000 ____D C:\Users\moo\Downloads\Tailspin
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\Program Files\Media Preview
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\Program Files (x86)\Media Preview
2019-06-16 10:16 - 2019-06-16 10:16 - 015438021 _____ (BabelSoft) C:\Users\moo\Downloads\MediaPreviewSetup-1.4.3.429.sfx.exe
2019-06-16 10:09 - 2019-06-16 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2019-06-16 10:09 - 2019-06-16 10:09 - 000000000 ____D C:\Program Files (x86)\Xiph.Org
2019-06-16 10:08 - 2019-06-16 10:08 - 002653944 _____ (Xiph.Org) C:\Users\moo\Downloads\opencodecs_0.85.17777.exe
2019-06-16 10:08 - 2019-06-16 10:08 - 000739671 _____ C:\Users\moo\Downloads\webmdshow-0.9.12.0-20101216.zip
2019-06-16 10:03 - 2019-06-16 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
2019-06-16 10:03 - 2019-06-16 10:03 - 000000000 ____D C:\Program Files\ffdshow
2019-06-16 10:03 - 2014-09-29 12:24 - 000127488 _____ C:\Windows\system32\ff_vfw.dll
2019-06-16 10:02 - 2019-06-16 10:02 - 005028439 _____ (ffdshow ) C:\Users\moo\Downloads\ffdshow_rev4533_20140929_clsid_x64.exe
2019-06-16 10:01 - 2019-06-16 10:01 - 002140816 _____ ( ) C:\Users\moo\Downloads\FFDSHOW_64-bit_1181268023.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-14 20:49 - 2018-08-07 17:47 - 000000000 ____D C:\Users\moo\AppData\LocalLow\Mozilla
2019-07-14 20:43 - 2018-08-19 04:39 - 000000000 ____D C:\Users\moo\AppData\Local\CrashDumps
2019-07-14 20:34 - 2018-08-07 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2019-07-14 20:34 - 2018-08-07 19:16 - 000000000 ____D C:\Program Files\Core Temp
2019-07-14 20:33 - 2018-08-07 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-14 20:31 - 2019-02-09 22:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-14 20:30 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-14 14:07 - 2018-08-07 01:57 - 000000000 ____D C:\Users\moo\AppData\Local\ElevatedDiagnostics
2019-07-14 12:06 - 2019-04-25 17:31 - 000000000 ____D C:\Users\moo\Documents\subaru rust
2019-07-14 11:51 - 2018-10-14 22:55 - 000000000 ____D C:\Users\moo\Downloads\Malwarebytes Anti-Malware Premium 3.6.1.2711 - Repack elchupacabra [4REALTORRENTZ.COM]
2019-07-14 11:38 - 2018-08-11 00:45 - 000000000 ____D C:\Users\moo\Documents\TeknoGods_Beta22
2019-07-14 10:10 - 2018-08-09 14:34 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-14 09:26 - 2018-08-19 13:34 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2019-07-14 09:22 - 2018-10-12 01:09 - 000000000 ____D C:\Program Files (x86)\Need For Speed Payback
2019-07-14 09:07 - 2018-11-02 00:51 - 000000000 ____D C:\Program Files\DiRT 4
2019-07-14 08:51 - 2019-05-03 21:30 - 000000000 ____D C:\Users\moo\AppData\Local\Mozilla Firefox
2019-07-14 08:51 - 2018-08-07 01:54 - 000000000 ____D C:\Users\moo
2019-07-14 08:50 - 2019-05-23 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-14 08:50 - 2019-05-03 21:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-14 08:50 - 2019-04-10 19:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-14 08:50 - 2018-10-10 21:48 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-07-14 08:50 - 2018-08-17 00:58 - 000000000 ____D C:\Windows\system32\unknown
2019-07-14 08:50 - 2018-08-07 19:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-14 08:50 - 2018-08-07 19:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\security
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2019-07-14 08:49 - 2018-08-09 14:34 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-14 08:48 - 2018-09-06 23:02 - 000000000 ____D C:\ProgramData\Razer
2019-07-13 23:21 - 2018-08-09 14:33 - 000000000 ____D C:\Users\moo\AppData\Local\Adobe
2019-07-09 15:05 - 2018-08-06 22:14 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-08 07:32 - 2009-07-13 23:45 - 000019904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-08 07:32 - 2009-07-13 23:45 - 000019904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-29 19:31 - 2018-12-26 14:40 - 000000000 ____D C:\Users\moo\Desktop\New folder
2019-06-28 18:34 - 2019-02-02 21:50 - 000000000 ____D C:\Users\moo\Documents\samsung j3 contents
2019-06-19 00:33 - 2018-08-17 01:39 - 000000000 ___SD C:\Users\moo\AppData\LocalLow\Temp
2019-06-19 00:33 - 2018-08-15 20:48 - 000000000 ____D C:\Users\moo\AppData\Roaming\uTorrent
2019-06-18 21:29 - 2018-12-11 09:36 - 000000000 ____D C:\Users\moo\Documents\phone pictures facebook
2019-06-18 21:28 - 2019-01-27 00:19 - 000000000 ____D C:\Users\moo\Desktop\New folder (2)
2019-06-18 21:28 - 2018-08-21 17:16 - 000644096 ___SH C:\Users\moo\Documents\Thumbs.db
2019-06-18 21:28 - 2018-08-07 19:12 - 000000000 ____D C:\Users\moo\Documents\desktop pics
2019-06-18 21:27 - 2018-08-10 23:53 - 000000000 ____D C:\Users\moo\Documents\Camera
2019-06-18 21:26 - 2018-08-11 00:42 - 000000000 ____D C:\Users\moo\Documents\Old Firefox Data
2019-06-18 21:23 - 2019-03-27 11:22 - 000000000 ____D C:\Users\moo\AppData\Local\BitTorrentHelper
2019-06-18 18:12 - 2019-02-09 20:52 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-18 03:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-06-16 10:12 - 2018-11-19 17:29 - 000000000 ____D C:\Users\moo\AppData\Roaming\vlc
==================== Files in the root of some directories ================
2018-10-11 17:57 - 2018-10-11 17:57 - 000000260 _____ () C:\ProgramData\fontcacheev1.dat
2018-10-13 01:10 - 2018-10-13 01:10 - 000000000 _____ () C:\Users\moo\AppData\Roaming\FC29FA0894FE.ini
2018-12-08 11:33 - 2018-12-11 02:28 - 000007606 _____ () C:\Users\moo\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\User32.dll
[2018-08-09 20:44] - [2018-08-19 13:51] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2018-08-09 20:43] - [2018-08-19 13:51] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
LastRegBack: 2019-07-12 00:04
==================== End of FRST.txt ============================
heres the first log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2019
Ran by moo (administrator) on MOO-PC (MSI MS-7721) (14-07-2019 20:49:34)
Running from C:\Users\moo\Downloads
Loaded Profiles: moo (Available Profiles: moo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Bils) [File not signed] C:\Program Files (x86)\PC Equalizer\PCEqualizer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(SRS Labs, Inc -> SRS Labs, Inc.) C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [PCEqualizer] => C:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [5970432 2018-12-30] (Bils) [File not signed]
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [SRS Audio Sandbox] => C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [3676952 2010-01-07] (SRS Labs, Inc -> SRS Labs, Inc.)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Google Update] => C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-14] (Google Inc -> Google LLC)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646912 2019-07-02] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac684-9a9f-11e8-b527-309c233e923a} - G:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac685-9a9f-11e8-b527-309c233e923a} - H:\Setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac686-9a9f-11e8-b527-309c233e923a} - I:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {139ac687-9a9f-11e8-b527-309c233e923a} - J:\setup.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {9cc79652-9d15-11e8-b27c-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\...\MountPoints2: {de7e9a92-1579-11e0-aeb1-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-09-29] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2005-09-27] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2005-09-27] (On2.com) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15EB8770-E8BE-435A-B898-EBE972FC106A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1D03792D-DE51-44C6-BBE9-E3B3C61FD9A3} - System32\Tasks\{4922ACCA-2A38-4F62-B3FA-C1A010D23BE2} => C:\Program Files (x86)\Event 0\event0.exe [20671488 2016-09-14] () [File not signed]
Task: {267A3E63-654A-49B3-A229-8C6215A81CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2018-12-20] (Google Inc -> Google Inc.)
Task: {2819E0ED-C93F-49FD-AB3C-E5C041462CAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178271911-2487205750-2762887493-1000UA => C:\Users\moo\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2018-12-20] (Google Inc -> Google Inc.)
Task: {2F57F06B-40E1-49CB-9A18-7C467FD177E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648232 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E4B8360-EC80-45F0-9E1C-1529648F3E6F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C8BA2C8-5208-4D42-9D95-FB54F26AC723} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F5B8E7B-5A1D-4E52-8F73-D11E089720BA} - System32\Tasks\{C8C90E3B-E551-47C0-BD09-3C8A4BFC9437} => C:\Program Files (x86)\Event 0\event0.exe [20671488 2016-09-14] () [File not signed]
Task: {5CD8F60C-7643-4601-8429-BB4AA478F703} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590888 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F424E69-CB0C-4C0F-B029-FEAC2859B4E1} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {77D57630-AE2B-4692-A638-7FB505C7DD12} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-178271911-2487205750-2762887493-1000 => C:\Users\moo\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-19] (Mega Limited -> Mega Limited)
Task: {7BF72013-BC09-4605-B55D-BF8B64C8F31A} - System32\Tasks\Core Temp Autostart moo => C:\Program Files\Core Temp\Core Temp.exe [1010064 2019-05-18] (ALCPU -> ALCPU)
Task: {85BF06BA-30A6-4F01-AE20-1C2067683C03} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728936 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D0FF65B-0FEB-4E06-A961-96385580F63D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {956BB8F9-2B79-4441-8483-3076B4ED7512} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-19] (Adobe Inc. -> Adobe)
Task: {A5045116-59F0-4D0B-962D-793FAF91C2D2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3BEB967-509F-4045-A65B-E4F8D0F9543E} - System32\Tasks\{B2A275B3-D441-41C8-8429-42CCEFD93926} => C:\Windows\system32\pcalua.exe -a C:\Users\moo\Downloads\vcredist_x86(2).exe -d C:\Users\moo\Downloads
Task: {D42E9E17-B0FB-4FED-A183-9BC8DC18D86E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB37F3B8-D7CF-40B0-B968-91C5FF747FC8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE20C62A-3783-4F6F-979B-89F714BB428C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2018-12-20] (Google Inc -> Google Inc.)
Task: {E7C89670-81FF-4C4E-B5A7-F827E587D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178271911-2487205750-2762887493-1000Core => C:\Users\moo\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2018-12-20] (Google Inc -> Google Inc.)
Task: {EA1B017E-0726-4FD8-92C4-285075728403} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F819013E-E293-4B70-B1A3-199C4C1C3DEC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5A9CAB87-04F7-4F44-BAE2-D7F2ACCB7093}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{C67C534F-48BD-480A-84D4-5D5E92751650}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D0150125-F58E-44B7-BD52-F2285C6E5B5D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EA7CCEAD-1756-4A01-A84F-0D6F3713B0E6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-178271911-2487205750-2762887493-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-178271911-2487205750-2762887493-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D061619-N0400A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
SearchScopes: HKU\S-1-5-21-178271911-2487205750-2762887493-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D061619-N0400A21ABFDD9D88F4162B1F&form=CONBDF&conlogo=CT3332016&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF DefaultProfile: pxwegxtr.default
FF DefaultProfile: wg8mg47o.Default User-1555246507613
FF ProfilePath: C:\Users\moo\AppData\Roaming\Waterfox\Profiles\pxwegxtr.default [2018-10-27]
FF Homepage: Waterfox\Profiles\pxwegxtr.default -> google.com/
FF ProfilePath: C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 [2019-07-14]
FF Homepage: Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 -> google.com
FF NewTab: Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613 -> hxxp://www.bing.com/?pc=COS2&ptag=D061619-N0300A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF SearchPlugin: C:\Users\moo\AppData\Roaming\Mozilla\Firefox\Profiles\wg8mg47o.Default User-1555246507613\searchplugins\bing-lavasoft-ff59.xml [2019-06-16]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-19] (Adobe Inc. -> )
FF Plugin: @Java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-19] (Adobe Inc. -> )
FF Plugin-x32: @ITStructures.com/ffactivex -> C:\Program Files\Firefox ActiveX Plugin\npffax.dll [2011-12-28] () [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2018-12-13] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2018-12-13] () [File not signed]
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @Talk.google.com/GoogleTalkPlugin -> C:\Users\moo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @Talk.google.com/O1DPlugin -> C:\Users\moo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @tools.google.com/Google Update;version=3 -> C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-178271911-2487205750-2762887493-1000: @tools.google.com/Google Update;version=9 -> C:\Users\moo\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\moo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2019-02-11]
FF Plugin ProgramFiles/Appdata: C:\Users\moo\AppData\Roaming\mozilla\plugins\npo1d.dll [2019-02-11]
StartMenuInternet: Firefox-4752291C603E35AC - C:\Users\moo\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default [2019-06-16]
CHR Extension: (Slides) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-09]
CHR Extension: (Docs) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-09]
CHR Extension: (Google Drive) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-09]
CHR Extension: (YouTube) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-03]
CHR Extension: (Sheets) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-09]
CHR Extension: (Gmail) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\moo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
CHR Profile: C:\Users\moo\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-23] (Advanced Micro Devices, Inc.) [File not signed]
S4 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2066632 2018-11-30] (philandro Software GmbH -> )
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer USA Ltd. -> Razer Inc)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2019-01-28] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290352 2018-12-19] (Razer USA Ltd. -> Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [108256 2015-01-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [229088 2015-01-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [83656 2014-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [43720 2014-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-12-13] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [103064 2013-05-01] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(???? |))
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S1 mrjgvfmu; C:\Windows\system32\drivers\mrjgvfmu.sys [72816 2019-07-14] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] (SRS Labs, Inc -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [203672 2013-05-01] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(???? |))
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [60640 2014-02-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 ALSysIO; \??\C:\Users\moo\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 MpKslf5df9b9a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD16507F-D807-4AF5-98D4-62C78301D699}\MpKslf5df9b9a.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-14 20:49 - 2019-07-14 20:50 - 000025481 _____ C:\Users\moo\Downloads\FRST.txt
2019-07-14 20:43 - 2019-07-14 20:48 - 000000000 _____ C:\Users\moo\Downloads\Addition.txt
2019-07-14 20:37 - 2019-07-14 20:49 - 000000000 ____D C:\FRST
2019-07-14 20:37 - 2019-07-14 20:37 - 002095104 _____ (Farbar) C:\Users\moo\Desktop\FRST64.exe
2019-07-14 20:34 - 2019-07-14 20:34 - 001268344 _____ (ALCPU ) C:\Users\moo\Downloads\Core-Temp-setup(2).exe
2019-07-14 20:33 - 2019-07-14 20:33 - 000072816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrjgvfmu.sys
2019-07-14 09:00 - 2019-07-14 15:08 - 000065291 _____ C:\Users\moo\Desktop\bookmarks-2019-07-14.json
2019-07-14 08:59 - 2019-07-14 08:59 - 062611872 _____ (Skype Technologies S.A.) C:\Users\moo\Downloads\Skype-8.49.0.49.exe
2019-07-14 08:59 - 2019-07-14 08:59 - 000001348 _____ C:\Users\Public\Desktop\Skype.lnk
2019-07-14 08:59 - 2019-07-14 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-13 19:52 - 2019-07-14 20:32 - 000000000 ____D C:\Users\moo\Desktop\neon
2019-07-11 19:49 - 2019-07-14 08:50 - 000000000 ____D C:\Windows\Minidump
2019-07-02 23:35 - 2019-07-02 23:35 - 000000000 ____D C:\Temp
2019-06-29 22:40 - 2019-06-29 21:58 - 2576747849 ____N C:\Users\moo\Desktop\20190629_213044.mp4
2019-06-18 21:28 - 2019-06-18 21:28 - 000001008 _____ C:\Users\moo\Desktop\Start Tor Browser.lnk
2019-06-18 21:25 - 2019-06-18 22:31 - 000000000 ____D C:\Users\moo\Downloads\Tailspin
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\Program Files\Media Preview
2019-06-16 10:17 - 2019-06-16 10:17 - 000000000 ____D C:\Program Files (x86)\Media Preview
2019-06-16 10:16 - 2019-06-16 10:16 - 015438021 _____ (BabelSoft) C:\Users\moo\Downloads\MediaPreviewSetup-1.4.3.429.sfx.exe
2019-06-16 10:09 - 2019-06-16 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2019-06-16 10:09 - 2019-06-16 10:09 - 000000000 ____D C:\Program Files (x86)\Xiph.Org
2019-06-16 10:08 - 2019-06-16 10:08 - 002653944 _____ (Xiph.Org) C:\Users\moo\Downloads\opencodecs_0.85.17777.exe
2019-06-16 10:08 - 2019-06-16 10:08 - 000739671 _____ C:\Users\moo\Downloads\webmdshow-0.9.12.0-20101216.zip
2019-06-16 10:03 - 2019-06-16 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
2019-06-16 10:03 - 2019-06-16 10:03 - 000000000 ____D C:\Program Files\ffdshow
2019-06-16 10:03 - 2014-09-29 12:24 - 000127488 _____ C:\Windows\system32\ff_vfw.dll
2019-06-16 10:02 - 2019-06-16 10:02 - 005028439 _____ (ffdshow ) C:\Users\moo\Downloads\ffdshow_rev4533_20140929_clsid_x64.exe
2019-06-16 10:01 - 2019-06-16 10:01 - 002140816 _____ ( ) C:\Users\moo\Downloads\FFDSHOW_64-bit_1181268023.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-14 20:49 - 2018-08-07 17:47 - 000000000 ____D C:\Users\moo\AppData\LocalLow\Mozilla
2019-07-14 20:43 - 2018-08-19 04:39 - 000000000 ____D C:\Users\moo\AppData\Local\CrashDumps
2019-07-14 20:34 - 2018-08-07 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2019-07-14 20:34 - 2018-08-07 19:16 - 000000000 ____D C:\Program Files\Core Temp
2019-07-14 20:33 - 2018-08-07 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-14 20:31 - 2019-02-09 22:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-14 20:30 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-14 14:07 - 2018-08-07 01:57 - 000000000 ____D C:\Users\moo\AppData\Local\ElevatedDiagnostics
2019-07-14 12:06 - 2019-04-25 17:31 - 000000000 ____D C:\Users\moo\Documents\subaru rust
2019-07-14 11:51 - 2018-10-14 22:55 - 000000000 ____D C:\Users\moo\Downloads\Malwarebytes Anti-Malware Premium 3.6.1.2711 - Repack elchupacabra [4REALTORRENTZ.COM]
2019-07-14 11:38 - 2018-08-11 00:45 - 000000000 ____D C:\Users\moo\Documents\TeknoGods_Beta22
2019-07-14 10:10 - 2018-08-09 14:34 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-14 09:26 - 2018-08-19 13:34 - 000000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2019-07-14 09:22 - 2018-10-12 01:09 - 000000000 ____D C:\Program Files (x86)\Need For Speed Payback
2019-07-14 09:07 - 2018-11-02 00:51 - 000000000 ____D C:\Program Files\DiRT 4
2019-07-14 08:51 - 2019-05-03 21:30 - 000000000 ____D C:\Users\moo\AppData\Local\Mozilla Firefox
2019-07-14 08:51 - 2018-08-07 01:54 - 000000000 ____D C:\Users\moo
2019-07-14 08:50 - 2019-05-23 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-14 08:50 - 2019-05-03 21:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-14 08:50 - 2019-04-10 19:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-14 08:50 - 2018-10-10 21:48 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-07-14 08:50 - 2018-08-17 00:58 - 000000000 ____D C:\Windows\system32\unknown
2019-07-14 08:50 - 2018-08-07 19:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-14 08:50 - 2018-08-07 19:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\security
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-07-14 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\AppCompat
2019-07-14 08:49 - 2018-08-09 14:34 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-14 08:48 - 2018-09-06 23:02 - 000000000 ____D C:\ProgramData\Razer
2019-07-13 23:21 - 2018-08-09 14:33 - 000000000 ____D C:\Users\moo\AppData\Local\Adobe
2019-07-09 15:05 - 2018-08-06 22:14 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-08 07:32 - 2009-07-13 23:45 - 000019904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-08 07:32 - 2009-07-13 23:45 - 000019904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-29 19:31 - 2018-12-26 14:40 - 000000000 ____D C:\Users\moo\Desktop\New folder
2019-06-28 18:34 - 2019-02-02 21:50 - 000000000 ____D C:\Users\moo\Documents\samsung j3 contents
2019-06-19 00:33 - 2018-08-17 01:39 - 000000000 ___SD C:\Users\moo\AppData\LocalLow\Temp
2019-06-19 00:33 - 2018-08-15 20:48 - 000000000 ____D C:\Users\moo\AppData\Roaming\uTorrent
2019-06-18 21:29 - 2018-12-11 09:36 - 000000000 ____D C:\Users\moo\Documents\phone pictures facebook
2019-06-18 21:28 - 2019-01-27 00:19 - 000000000 ____D C:\Users\moo\Desktop\New folder (2)
2019-06-18 21:28 - 2018-08-21 17:16 - 000644096 ___SH C:\Users\moo\Documents\Thumbs.db
2019-06-18 21:28 - 2018-08-07 19:12 - 000000000 ____D C:\Users\moo\Documents\desktop pics
2019-06-18 21:27 - 2018-08-10 23:53 - 000000000 ____D C:\Users\moo\Documents\Camera
2019-06-18 21:26 - 2018-08-11 00:42 - 000000000 ____D C:\Users\moo\Documents\Old Firefox Data
2019-06-18 21:23 - 2019-03-27 11:22 - 000000000 ____D C:\Users\moo\AppData\Local\BitTorrentHelper
2019-06-18 18:12 - 2019-02-09 20:52 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-18 03:08 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-06-16 10:12 - 2018-11-19 17:29 - 000000000 ____D C:\Users\moo\AppData\Roaming\vlc
==================== Files in the root of some directories ================
2018-10-11 17:57 - 2018-10-11 17:57 - 000000260 _____ () C:\ProgramData\fontcacheev1.dat
2018-10-13 01:10 - 2018-10-13 01:10 - 000000000 _____ () C:\Users\moo\AppData\Roaming\FC29FA0894FE.ini
2018-12-08 11:33 - 2018-12-11 02:28 - 000007606 _____ () C:\Users\moo\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\User32.dll
[2018-08-09 20:44] - [2018-08-19 13:51] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2018-08-09 20:43] - [2018-08-19 13:51] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
LastRegBack: 2019-07-12 00:04
==================== End of FRST.txt ============================