Rkill 2.8.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/22/2016 12:35:35 AM in x64 mode. Windows Version: Windows 10 Pro N Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\0utsky\AppData\Local\Temp\{E893B3AB-4150-494A-8D45-578BCEB44EC4}\{8C89782F-78BD-46F8-81AD-7FABE0B7DBB0}.exe (PID: 14976) [T-HEUR] 1 proccess terminated! Active Proxy Server Detected * Proxy Disabled. * ProxyOverride value deleted. * ProxyServer value deleted. * AutoConfigURL value deleted. * Proxy settings were backed up to Registry file. Checking Registry for malware related settings: * No issues found in the Registry. Backup Registry file created at: C:\Users\0utsky\Desktop\rkill\rkill-01-22-2016-12-35-39.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * (AFD) is not Running. Startup Type set to: * (BFE) is not Running. Startup Type set to: * (CryptSvc) is not Running. Startup Type set to: * (Dhcp) is not Running. Startup Type set to: * (Dnscache) is not Running. Startup Type set to: * (EventSystem) is not Running. Startup Type set to: * (mpsdrv) is not Running. Startup Type set to: * (MpsSvc) is not Running. Startup Type set to: * (NetBT) is not Running. Startup Type set to: * (nsiproxy) is not Running. Startup Type set to: * (PlugPlay) is not Running. Startup Type set to: * (RpcSs) is not Running. Startup Type set to: * (Tcpip) is not Running. Startup Type set to: * (tdx) is not Running. Startup Type set to: * (WinDefend) is not Running. Startup Type set to: * (Winmgmt) is not Running. Startup Type set to: * (wscsvc) is not Running. Startup Type set to: * fcvsc [Missing Service] * HdAudAddService [Missing Service] * HyperVideo [Missing Service] * netvsc [Missing Service] * tunnel [Missing Service] * wfpcapture [Missing Service] * WMPNetworkSvc [Missing Service] * WPDBusEnum [Missing Service] * WpdUpFltr [Missing Service] * lmhosts [Missing Parameters Key] * NlaSvc [Missing Parameters Key] * nsi [Missing Parameters Key] * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath] * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath] * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 199.193.116.104 astrill.com 199.193.116.104 www.astrill.com 199.193.116.104 members.astrill.com Program finished at: 01/22/2016 12:35:44 AM Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)