Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvr32.exe error popping up after every boot


  • This topic is locked This topic is locked
11 replies to this topic

#1 Butterjones

Butterjones

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 11:38 PM

I have a picture of the issue attached 

 

I couldn't fit this in the title, but I have another problem. 

 

Everyday around 1:00PM to 7:00PM windows defender, malwarebytes, etc. blocks

 

pcds32.exe and pcds64.exe

 

and 

 

puts them in the quarantine but they appear again the next day around that time frame

 

hopefully both problems are related 

 

here are my frst logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Beatnik (administrator) on BEATNIKGUNSO (20-01-2016 20:21:08)
Running from C:\Users\Beatnik\Desktop
Loaded Profiles: Beatnik (Available Profiles: Beatnik)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Scarlet.Crush Productions) C:\Scarlet Crush Productions\SCP-DS-Driver\ScpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) E:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) E:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) E:\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\ASUS\KeyBot\KeyBot.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2guard.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Beatnik\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Users\Beatnik\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Users\Beatnik\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Akamai Technologies, Inc.) C:\Users\Beatnik\AppData\Local\Akamai\netsession_win.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Akamai Technologies, Inc.) C:\Users\Beatnik\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft internet security\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Google Update] => C:\Users\Beatnik\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [MusicManager] => C:\Users\Beatnik\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Beatnik\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6302856 2015-10-28] (Plex, Inc.)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Ukmmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Beatnik\AppData\Local\Angpworks\BridgectrlSpl.dll
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\RunOnce: [Uninstall C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\RunOnce: [Uninstall C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\RunOnce: [Uninstall C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\RunOnce: [Uninstall C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\RunOnce: [Uninstall C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Beatnik\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2015-02-24]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2015-06-05]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{80e0385f-2395-4ce8-a8d4-09739ff839cc}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F2EAB58E-515B-4DC4-8019-C80238F8C13D}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f7036be9-37b5-4226-9b91-f00162d695ce}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Beatnik\AppData\Roaming\Mozilla\Firefox\Profiles\naj0a8k3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-12-07] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4004132674-1876710410-2687368874-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Beatnik\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4004132674-1876710410-2687368874-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Beatnik\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4004132674-1876710410-2687368874-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Beatnik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Invert Selection command invocation - C:\Users\Beatnik\AppData\Roaming\Mozilla\Firefox\Profiles\naj0a8k3.default\extensions\{005AEACE-9233-B93E-FA66-4458CD9286AC} [2015-12-07] [not signed]
FF Extension: Adblock Plus - C:\Users\Beatnik\AppData\Roaming\Mozilla\Firefox\Profiles\naj0a8k3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Beatnik\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Beatnik\AppData\Roaming\IDM\idmmzcc5 [2016-01-20] [not signed]
FF HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Beatnik\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942","hxxp://isearch.fantastigames.com/465","hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Turn Off the Lights) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-01-20]
CHR Extension: (YouTube) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-13]
CHR Extension: (Adblock Plus) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (APNG) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2015-03-27]
CHR Extension: (ARC Welder) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2015-12-11]
CHR Extension: (Google Play Music) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-09]
CHR Extension: (Google Sheets) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (WebM for NeoGAF) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjkaaggachnbhepejjhfacpldjflffl [2015-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Google Play Music) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-01-22]
CHR Extension: (PlayTo for Chromecast™) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngkenaoceimiimeokpdbmejeonaaami [2015-12-13]
CHR Extension: (Google Play) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16]
CHR Extension: (Google Maps) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17]
CHR Extension: (ARC Welder) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2015-12-11]
CHR Extension: (TubeBuddy) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2016-01-18]
CHR Extension: (Pocket Legends) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2015-01-09]
CHR Extension: (ButtonBeats Guitar) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf [2015-01-09]
CHR Extension: (deviantART muro) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-01-09]
CHR Extension: (IDM Integration Module) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-19]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-17]
CHR Extension: (NeoGAF++) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\njfegfiockhnbnphjgjbdfjbpdikdiil [2015-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (ScriptSafe) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-03-18]
CHR Extension: (Enhanced Steam) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-01-09]
CHR Extension: (Penguin Slice) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okflagoeojoippcanifjmfmiahbgjngh [2015-01-09]
CHR Extension: (Steins gate (1920x1080)) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\opglmdnmlofeadkalpgfhbfdobgddcbg [2015-08-16]
CHR Extension: (Gmail) - C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Internet Security\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-23] () [File not signed]
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1933000 2015-11-17] (AVerMedia TECHNOLOGIES, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe [1314576 2015-02-27] (Disc Soft Ltd)
R2 Ds3Service; C:\Scarlet Crush Productions\SCP-DS-Driver\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-01-05] (SurfRight B.V.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [147216 2015-12-14] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; E:\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; E:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2078216 2015-10-10] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [401096 2014-05-01] (Mediatek Inc.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454344 2014-03-25] (Mediatek Inc.)
S3 RaMediaServer; C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2016-01-20] (RaMMicHaeL)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 Droid4XService; E:\Droid4X\Droid4XService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R3 AVer330USB; C:\Windows\system32\DRIVERS\AVer330USB.sys [1551616 2015-04-08] (AVerMedia TECHNOLOGIES, Inc.)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [485856 2015-05-03] (Intel Corporation)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145144 2015-12-20] (AhnLab, Inc.)
R1 epp; C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R1 FWNDIS_LWF; C:\Windows\system32\DRIVERS\fwndislwf64.sys [312064 2015-12-07] ()
R1 fwwfp; C:\Program Files\Emsisoft Internet Security\fwwfp764.sys [564896 2015-12-07] ()
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-01-04] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2015-07-10] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-01-19] (Wellbia.com Co., Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-20 20:10 - 2016-01-20 20:10 - 00016148 _____ C:\WINDOWS\system32\BEATNIKGUNSO_Beatnik_HistoryPrediction.bin
2016-01-20 19:45 - 2016-01-20 20:21 - 00059020 _____ C:\Users\Beatnik\Desktop\FRST.txt
2016-01-20 19:44 - 2016-01-20 20:21 - 00000000 ____D C:\FRST
2016-01-20 19:44 - 2016-01-20 19:44 - 02370560 _____ (Farbar) C:\Users\Beatnik\Desktop\FRST64.exe
2016-01-20 19:40 - 2016-01-20 19:40 - 00001092 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-01-20 19:40 - 2016-01-20 19:40 - 00000000 ____D C:\ProgramData\Unchecky
2016-01-20 19:40 - 2016-01-20 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-01-20 19:40 - 2016-01-20 19:40 - 00000000 ____D C:\Program Files (x86)\Unchecky
2016-01-20 19:34 - 2016-01-20 19:34 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2016-01-20 19:34 - 2016-01-20 19:34 - 00001289 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2016-01-20 19:34 - 2016-01-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2016-01-20 19:34 - 2016-01-20 19:34 - 00000000 ____D C:\ProgramData\Foolish IT
2016-01-20 19:34 - 2016-01-20 19:34 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2016-01-20 19:13 - 2016-01-20 19:13 - 1043962369 _____ C:\WINDOWS\MEMORY.DMP
2016-01-20 19:13 - 2016-01-20 19:13 - 00358552 _____ C:\WINDOWS\Minidump\012016-6578-01.dmp
2016-01-20 19:08 - 2016-01-20 19:08 - 00001947 _____ C:\Users\Beatnik\Desktop\JRT.txt
2016-01-20 19:04 - 2016-01-20 19:04 - 01600184 _____ (Malwarebytes) C:\Users\Beatnik\Desktop\JRT.exe
2016-01-20 16:14 - 2016-01-20 16:14 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-20 16:13 - 2016-01-20 16:13 - 02870984 _____ (ESET) C:\Users\Beatnik\Desktop\esetsmartinstaller_enu.exe
2016-01-20 15:49 - 2016-01-20 15:50 - 00000000 ____D C:\Users\Beatnik\Desktop\vegas saves
2016-01-19 22:18 - 2016-01-19 22:18 - 00036904 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2016-01-19 22:17 - 2016-01-19 22:57 - 00000000 ____D C:\Users\Beatnik\Documents\Black Desert
2016-01-19 20:28 - 2016-01-19 22:17 - 00000000 ____D C:\Program Files (x86)\BDOCharacterCreator
2016-01-19 20:28 - 2016-01-19 20:29 - 00000000 ____D C:\Users\Beatnik\AppData\Local\BDOCharacterCreator
2016-01-19 20:28 - 2016-01-19 20:28 - 00002083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Character Creator.lnk
2016-01-19 20:28 - 2016-01-19 20:28 - 00002077 _____ C:\Users\Public\Desktop\Black Desert Character Creator.lnk
2016-01-19 20:28 - 2016-01-19 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDOCharacterCreator
2016-01-19 13:16 - 2016-01-19 13:56 - 00000000 ____D C:\SUPERDelete
2016-01-19 09:28 - 2016-01-20 17:28 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d6bed2a2-7217-4b88-98d8-3d2146a03cfc.job
2016-01-19 09:28 - 2016-01-20 02:00 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9df2694a-bf91-47f6-91b2-a26f8dfa7a5a.job
2016-01-19 09:28 - 2016-01-19 09:28 - 00003778 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9df2694a-bf91-47f6-91b2-a26f8dfa7a5a
2016-01-19 09:28 - 2016-01-19 09:28 - 00003696 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d6bed2a2-7217-4b88-98d8-3d2146a03cfc
2016-01-19 09:28 - 2016-01-19 09:28 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-01-19 09:28 - 2016-01-19 09:28 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\SUPERAntiSpyware.com
2016-01-19 09:28 - 2016-01-19 09:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-19 09:28 - 2016-01-19 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-19 09:28 - 2016-01-19 09:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-18 19:17 - 2016-01-20 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-18 19:17 - 2016-01-18 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-01-18 19:17 - 2016-01-18 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-15 14:44 - 2016-01-15 15:09 - 00000000 ____D C:\Users\Beatnik\AppData\Local\UNDERTALE
2016-01-15 14:42 - 2016-01-15 14:42 - 00001105 _____ C:\Users\Beatnik\Desktop\UNDERTALE.exe - Shortcut.lnk
2016-01-15 13:20 - 2016-01-15 13:20 - 00000682 _____ C:\Users\Beatnik\Desktop\Droid4X Multi Manager.lnk
2016-01-14 18:35 - 2016-01-14 18:35 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-14 18:32 - 2016-01-20 20:11 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2016-01-14 18:32 - 2016-01-14 18:32 - 00000972 _____ C:\Users\Public\Desktop\Emsisoft Internet Security.lnk
2016-01-14 18:32 - 2016-01-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security
2016-01-14 18:32 - 2015-12-07 22:30 - 00312064 _____ C:\WINDOWS\system32\Drivers\fwndislwf64.sys
2016-01-13 12:50 - 2016-01-13 12:50 - 00000000 ____D C:\Users\Beatnik\Desktop\Undertale
2016-01-12 16:10 - 2016-01-04 19:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 16:10 - 2016-01-04 19:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-12 16:10 - 2016-01-04 19:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 16:10 - 2016-01-04 19:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-12 16:10 - 2016-01-04 19:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 16:10 - 2016-01-04 19:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-12 16:10 - 2016-01-04 19:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-12 16:10 - 2016-01-04 19:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-12 16:10 - 2016-01-04 19:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-12 16:10 - 2016-01-04 18:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-12 16:10 - 2016-01-04 18:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 16:10 - 2016-01-04 18:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 16:10 - 2016-01-04 18:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 16:10 - 2016-01-04 18:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 16:10 - 2016-01-04 18:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-12 16:10 - 2016-01-04 18:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-12 16:10 - 2016-01-04 18:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-12 16:10 - 2016-01-04 18:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 16:10 - 2016-01-04 18:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-12 16:10 - 2016-01-04 18:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-12 16:10 - 2016-01-04 18:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 16:10 - 2016-01-04 18:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 16:10 - 2016-01-04 18:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-12 16:10 - 2016-01-04 18:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-12 16:10 - 2016-01-04 18:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 16:10 - 2016-01-04 18:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 16:10 - 2016-01-04 18:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-12 16:10 - 2016-01-04 18:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 16:10 - 2016-01-04 18:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-12 16:10 - 2016-01-04 18:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-12 16:10 - 2016-01-04 18:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-12 16:10 - 2016-01-04 18:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-12 16:10 - 2016-01-04 18:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-12 16:10 - 2016-01-04 18:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 16:10 - 2016-01-04 18:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-12 16:10 - 2016-01-04 18:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-12 16:10 - 2016-01-04 18:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 16:10 - 2016-01-04 18:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 16:10 - 2016-01-04 18:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-12 16:10 - 2016-01-04 18:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-12 16:10 - 2016-01-04 18:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-12 16:10 - 2016-01-04 18:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-12 16:10 - 2016-01-04 18:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 16:10 - 2016-01-04 18:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 16:10 - 2016-01-04 18:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 16:10 - 2016-01-04 18:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 16:10 - 2016-01-04 18:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 16:10 - 2016-01-04 18:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 16:10 - 2016-01-04 18:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-12 16:10 - 2016-01-04 18:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 16:10 - 2016-01-04 17:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 16:10 - 2016-01-04 17:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 16:10 - 2016-01-04 17:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 16:10 - 2016-01-04 17:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 16:10 - 2016-01-04 17:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 16:10 - 2016-01-04 17:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 16:10 - 2016-01-04 17:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 16:10 - 2016-01-04 17:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-12 16:10 - 2016-01-04 17:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-12 16:10 - 2016-01-04 17:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-12 16:10 - 2016-01-04 17:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 16:10 - 2016-01-04 17:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 16:10 - 2016-01-04 17:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-12 16:10 - 2016-01-04 17:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 16:10 - 2016-01-04 17:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-12 16:10 - 2016-01-04 17:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 16:10 - 2016-01-04 17:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 16:10 - 2016-01-04 17:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 16:10 - 2016-01-04 17:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 16:10 - 2016-01-04 17:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 16:10 - 2016-01-04 17:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-12 16:10 - 2016-01-04 17:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 16:10 - 2016-01-04 17:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 16:10 - 2016-01-04 17:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 16:10 - 2016-01-04 17:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 16:10 - 2016-01-04 17:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 16:10 - 2016-01-04 17:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-12 16:10 - 2016-01-04 17:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-12 16:10 - 2016-01-04 17:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-08 19:44 - 2016-01-08 19:44 - 00000222 _____ C:\Users\Beatnik\Desktop\FTL Faster Than Light.url
2016-01-08 19:44 - 2016-01-08 19:44 - 00000220 _____ C:\Users\Beatnik\Desktop\Psychonauts.url
2016-01-08 19:43 - 2016-01-08 19:43 - 00000221 _____ C:\Users\Beatnik\Desktop\Sonic Adventure DX.url
2016-01-08 19:42 - 2016-01-08 19:42 - 00000222 _____ C:\Users\Beatnik\Desktop\NiGHTS into Dreams....url
2016-01-05 11:18 - 2016-01-05 11:19 - 00001343 _____ C:\Users\Beatnik\Desktop\OBS.exe - Shortcut.lnk
2016-01-05 00:11 - 2016-01-18 19:10 - 00000340 _____ C:\WINDOWS\system32\.crusader
2016-01-05 00:08 - 2016-01-19 14:00 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-05 00:08 - 2016-01-05 00:08 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-01-05 00:08 - 2016-01-05 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-01-05 00:05 - 2016-01-05 00:12 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-04 23:03 - 2016-01-04 23:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-04 22:15 - 2016-01-04 22:15 - 00002289 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2016-01-04 22:15 - 2016-01-04 22:15 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2016-01-04 22:15 - 2016-01-04 22:15 - 00000057 _____ C:\ProgramData\Ament.ini
2016-01-04 22:15 - 2016-01-04 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-04 22:15 - 2016-01-04 22:15 - 00000000 ____D C:\ProgramData\HP
2016-01-04 22:15 - 2016-01-04 22:15 - 00000000 ____D C:\Program Files\HP
2016-01-04 22:15 - 2016-01-04 22:15 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-04 22:15 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMC211.dll
2016-01-04 22:14 - 2016-01-04 22:15 - 00000000 ____D C:\Users\Beatnik\AppData\Local\HP
2016-01-04 20:01 - 2016-01-20 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-04 20:00 - 2016-01-20 16:10 - 00000000 ____D C:\Users\Beatnik\Desktop\mbar
2016-01-04 19:40 - 2016-01-20 19:10 - 00000000 ____D C:\AdwCleaner
2016-01-04 19:01 - 2016-01-05 00:44 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\NVIDIA
2016-01-04 18:23 - 2016-01-04 18:23 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-01-04 18:23 - 2016-01-04 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-04 18:23 - 2016-01-04 18:23 - 00000000 ____D C:\Program Files\VideoLAN
2016-01-04 18:09 - 2016-01-04 18:09 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-04 18:05 - 2016-01-20 19:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-04 18:05 - 2016-01-04 18:09 - 00000000 ____D C:\Users\Beatnik\AppData\Local\NVIDIA
2016-01-04 18:05 - 2016-01-04 18:05 - 00002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-01-04 18:05 - 2016-01-04 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-04 18:05 - 2015-12-16 08:59 - 01846016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 01530240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 00206968 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 00194680 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-01-04 18:05 - 2015-12-16 08:59 - 00111520 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 06359672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 02985264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 01256240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-01-04 18:05 - 2015-12-16 06:54 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-01-04 18:05 - 2015-12-16 06:54 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-01-04 18:05 - 2015-12-16 06:49 - 06090019 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-01-04 18:05 - 2015-12-16 06:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-01-04 18:03 - 2015-12-16 08:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 19727624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 14103608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 03603368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 03184152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00541000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00416560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00376440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00370992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00339760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-01-04 18:03 - 2015-12-16 08:59 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-01-04 18:03 - 2015-12-16 08:59 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-01-04 17:47 - 2016-01-04 17:47 - 00001279 _____ C:\Users\Public\Desktop\OBS Multiplatform.lnk
2016-01-04 17:47 - 2016-01-04 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Multiplatform
2016-01-04 17:23 - 2016-01-04 17:23 - 00000000 ____D C:\Program Files (x86)\Bandicam
2016-01-04 17:17 - 2016-01-04 17:17 - 00000599 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-01-04 17:17 - 2016-01-04 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-01-04 17:17 - 2016-01-04 17:17 - 00000000 ____D C:\Fraps
2016-01-04 17:16 - 2016-01-04 17:16 - 00000000 ____D C:\Users\Beatnik\Desktop\Fraps v3.5.9 build 15586 Registered [h33t][iahq76]
2016-01-04 14:22 - 2015-08-10 20:52 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-01-04 14:22 - 2015-08-10 20:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-01-04 14:22 - 2015-08-10 20:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-01-04 10:40 - 2016-01-04 10:45 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Dxtory Software
2016-01-04 10:40 - 2016-01-04 10:40 - 00001194 _____ C:\Users\Beatnik\Desktop\Dxtory.lnk
2016-01-04 10:40 - 2016-01-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2016-01-04 10:40 - 2016-01-04 10:40 - 00000000 ____D C:\Program Files (x86)\ExKode
2016-01-04 10:40 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2016-01-04 10:40 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\WINDOWS\system32\DxtoryCodec.dll
2016-01-03 11:38 - 2016-01-03 11:39 - 00002820 _____ C:\WINDOWS\system32\cc_20160103_113856.reg
2016-01-03 11:35 - 2016-01-03 11:35 - 00000000 ____D C:\Users\Beatnik\Desktop\autoruns
2016-01-02 22:39 - 2016-01-02 22:40 - 00014202 _____ C:\WINDOWS\system32\cc_20160102_223925.reg
2016-01-02 20:18 - 2016-01-02 20:18 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Blizzard
2016-01-02 19:50 - 2016-01-02 19:50 - 00000743 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-01-02 19:50 - 2016-01-02 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-01-02 19:38 - 2016-01-02 19:38 - 00000000 ____D C:\Data
2016-01-02 14:43 - 2016-01-02 14:43 - 00000000 ___HD C:\$Windows.~WS
2016-01-02 13:11 - 2016-01-02 13:11 - 00001864 _____ C:\WINDOWS\system32\cc_20160102_131135.reg
2016-01-02 13:05 - 2016-01-02 13:05 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-02 13:05 - 2016-01-02 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-02 12:57 - 2016-01-02 12:57 - 00000358 _____ C:\WINDOWS\system32\cc_20160102_125701.reg
2016-01-02 12:56 - 2016-01-02 12:56 - 00022570 _____ C:\WINDOWS\system32\cc_20160102_125541.reg
2016-01-02 12:56 - 2016-01-02 12:56 - 00000764 _____ C:\WINDOWS\system32\cc_20160102_125649.reg
2016-01-02 11:51 - 2016-01-02 11:51 - 00823216 _____ C:\WINDOWS\system32\cc_20160102_115058.reg
2016-01-02 11:48 - 2016-01-02 11:48 - 00007602 _____ C:\Users\Beatnik\AppData\Local\Resmon.ResmonCfg
2016-01-01 14:27 - 2016-01-19 13:49 - 00000000 ____D C:\Users\Beatnik\AppData\Local\CrashDumps
2015-12-27 22:42 - 2016-01-09 00:13 - 00000000 ____D C:\Users\Beatnik\Documents\SEGA
2015-12-26 19:36 - 2015-12-26 19:36 - 00000000 ____D C:\Nexon
2015-12-26 19:35 - 2015-12-26 19:40 - 00000000 ____D C:\Users\Beatnik\AppData\Local\NexonLauncher
2015-12-26 16:32 - 2015-12-26 16:32 - 00302011 _____ C:\Users\Beatnik\Downloads\WindowsUpdateDiagnostic.diagcab
2015-12-26 16:32 - 2015-12-26 16:32 - 00000000 ____D C:\Users\Beatnik\AppData\Local\ElevatedDiagnostics
2015-12-25 23:06 - 2015-05-03 08:00 - 00485856 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1d65x64.sys
2015-12-25 23:06 - 2015-05-03 08:00 - 00125728 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo4.dll
2015-12-25 23:06 - 2015-05-03 08:00 - 00089872 _____ (Intel Corporation) C:\WINDOWS\system32\NicInstD.dll
2015-12-25 23:06 - 2015-05-03 08:00 - 00075288 _____ (Intel Corporation) C:\WINDOWS\system32\e1dmsg.dll
2015-12-25 23:06 - 2015-05-03 08:00 - 00003130 _____ C:\WINDOWS\system32\e1d65x64.din
2015-12-25 23:05 - 2016-01-04 20:32 - 00000000 ____D C:\ProgramData\DriverTalent
2015-12-25 23:05 - 2015-12-25 23:05 - 00001277 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2015-12-25 23:05 - 2015-12-25 23:05 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\DriverTalent
2015-12-25 23:05 - 2015-12-25 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2015-12-25 23:05 - 2015-12-25 23:05 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2015-12-25 23:05 - 2015-12-25 23:05 - 00000000 ____D C:\OSTotoFolder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-20 20:14 - 2015-05-16 23:04 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4004132674-1876710410-2687368874-1001UA1d0906fb2ebd426.job
2016-01-20 20:12 - 2015-01-09 17:31 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-20 20:12 - 2015-01-09 17:31 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 20:10 - 2015-01-09 22:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-20 20:04 - 2015-01-13 11:54 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4004132674-1876710410-2687368874-1001UA.job
2016-01-20 19:45 - 2015-07-10 01:05 - 00000000 ____D C:\Windows
2016-01-20 19:44 - 2015-07-31 09:56 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-20 19:44 - 2015-07-10 03:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-20 19:39 - 2015-12-07 13:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-20 19:39 - 2015-08-15 23:37 - 00000000 ___RD C:\Users\Beatnik\Google Drive
2016-01-20 19:39 - 2015-02-07 14:54 - 00000000 ____D C:\Users\Beatnik\AppData\Local\HTC MediaHub
2016-01-20 19:39 - 2015-01-09 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-20 19:38 - 2015-10-14 17:10 - 00000342 _____ C:\WINDOWS\Tasks\Qvhg.job
2016-01-20 19:38 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-20 19:38 - 2015-07-10 01:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-20 19:37 - 2015-07-31 09:48 - 00000000 ____D C:\Users\Beatnik
2016-01-20 19:37 - 2015-04-10 17:47 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\DMCache
2016-01-20 19:37 - 2015-01-12 14:14 - 00001456 _____ C:\Users\Beatnik\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-20 19:13 - 2015-08-06 22:04 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-20 19:11 - 2015-01-09 11:20 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Battle.net
2016-01-20 17:59 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-20 17:59 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-20 16:52 - 2015-01-09 17:29 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CCD40DF0-533B-4F1C-A682-850521F3EF17}
2016-01-20 12:04 - 2015-11-13 17:24 - 00000000 ____D C:\WINDOWS\Panther
2016-01-20 11:56 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-20 10:44 - 2015-01-24 19:04 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\OBS
2016-01-20 09:47 - 2015-01-10 22:18 - 00790712 _____ C:\Users\Beatnik\Desktop\Standard Lets play save.veg
2016-01-20 08:26 - 2015-01-10 22:18 - 00793040 _____ C:\Users\Beatnik\Desktop\Standard Lets play save.veg.bak
2016-01-20 05:05 - 2015-07-11 18:05 - 00002533 _____ C:\Users\Beatnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-01-20 05:05 - 2015-07-11 18:05 - 00002525 _____ C:\Users\Beatnik\Desktop\Google Chrome Canary.lnk
2016-01-20 02:04 - 2015-01-13 11:54 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4004132674-1876710410-2687368874-1001Core.job
2016-01-20 00:36 - 2015-09-23 20:46 - 00000000 ____D C:\Users\Beatnik\Desktop\top ten folder
2016-01-19 23:14 - 2015-05-16 23:04 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4004132674-1876710410-2687368874-1001Core1d0906fb22bd2d3.job
2016-01-19 20:28 - 2015-01-09 17:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-19 14:45 - 2015-09-12 15:28 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Droid4X
2016-01-19 14:42 - 2015-04-09 16:47 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\MPC-HC
2016-01-19 14:23 - 2015-03-26 15:27 - 00000000 ____D C:\Users\Beatnik\.VirtualBox
2016-01-19 13:49 - 2015-05-03 20:32 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\IDM
2016-01-19 13:32 - 2015-06-08 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-19 13:03 - 2015-09-01 21:25 - 00828520 _____ C:\Users\Beatnik\Desktop\Standard Lets play save 2.veg
2016-01-19 13:02 - 2015-09-01 21:25 - 00826152 _____ C:\Users\Beatnik\Desktop\Standard Lets play save 2.veg.bak
2016-01-18 18:32 - 2015-07-10 01:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-18 18:30 - 2015-07-28 17:31 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2016-01-18 18:30 - 2015-07-28 17:31 - 00020958 _____ C:\WINDOWS\diagerr.xml
2016-01-18 18:30 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\Registration
2016-01-15 13:20 - 2015-04-09 14:16 - 00000000 ____D C:\Program Files\Droid4Xext
2016-01-14 18:17 - 2015-02-07 14:51 - 00000000 ____D C:\Temp
2016-01-14 17:13 - 2015-01-09 17:31 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 10:25 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\security
2016-01-13 14:59 - 2015-01-09 17:23 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Packages
2016-01-13 14:59 - 2015-01-09 02:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-13 14:58 - 2015-01-17 09:34 - 00000000 ____D C:\Program Files (x86)\LOOT
2016-01-12 17:10 - 2015-07-10 02:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 17:10 - 2015-01-09 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 17:07 - 2015-01-09 03:21 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-10 20:23 - 2015-01-10 10:46 - 00000000 ____D C:\Users\Beatnik\Documents\my games
2016-01-09 00:25 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-08 19:44 - 2015-01-09 02:14 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-08 12:10 - 2015-01-09 17:39 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-01-05 21:19 - 2015-01-10 15:07 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\Audacity
2016-01-05 11:23 - 2015-01-24 19:04 - 00000000 ____D C:\Program Files\OBS
2016-01-05 11:18 - 2015-01-24 19:04 - 00000965 _____ C:\Users\Beatnik\Desktop\Open Broadcaster Software.lnk
2016-01-05 11:16 - 2015-01-24 19:04 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-04 23:53 - 2015-08-12 13:35 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\vlc
2016-01-04 20:00 - 2015-12-07 13:33 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-04 19:55 - 2015-02-04 21:49 - 00000000 ____D C:\Users\Beatnik\AppData\Local\Steam
2016-01-04 18:05 - 2015-07-31 09:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-04 18:05 - 2015-07-31 09:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-04 18:05 - 2015-07-31 09:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-04 18:05 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\Help
2016-01-04 17:59 - 2015-08-18 15:58 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\obs-studio
2016-01-04 14:22 - 2015-01-09 02:22 - 00000000 ____D C:\Users\Beatnik\AppData\Local\NVIDIA Corporation
2016-01-03 11:40 - 2015-01-13 21:32 - 00000000 ____D C:\WINDOWS\AsDmiHtm
2016-01-02 22:40 - 2015-03-26 16:34 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\Azureus
2016-01-02 22:40 - 2015-01-13 21:40 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\DAEMON Tools Pro
2016-01-02 18:48 - 2015-12-04 18:26 - 00001061 ____H C:\Users\Beatnik\.swfinfo
2016-01-02 17:40 - 2015-07-10 03:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-07-10 03:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 15:09 - 2015-12-15 06:27 - 00000000 ____D C:\ESD
2016-01-02 13:34 - 2015-01-09 11:20 - 00000000 ____D C:\Users\Beatnik\AppData\Roaming\Battle.net
2016-01-02 13:34 - 2015-01-09 11:11 - 00000000 ____D C:\ProgramData\Battle.net
2016-01-02 13:33 - 2015-07-10 05:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-02 13:33 - 2015-03-26 16:34 - 00000000 ____D C:\Program Files\Vuze
2016-01-02 13:12 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-02 13:06 - 2015-12-15 03:37 - 00000000 ____D C:\Program Files\CCleaner
2016-01-02 12:45 - 2015-07-10 04:20 - 00266024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-27 23:17 - 2015-10-29 20:37 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-12-26 03:08 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\TAPI
 
==================== Files in the root of some directories =======
 
2015-01-11 01:50 - 2015-03-16 13:48 - 0000132 _____ () C:\Users\Beatnik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-09 14:08 - 2015-09-12 15:28 - 0002483 _____ () C:\Users\Beatnik\AppData\Roaming\droid4xinstaller.log
2015-01-12 14:14 - 2016-01-20 19:37 - 0001456 _____ () C:\Users\Beatnik\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-09 02:32 - 2015-01-09 21:00 - 1065984 _____ () C:\Users\Beatnik\AppData\Local\file__0.localstorage
2015-07-20 20:00 - 2015-07-20 20:02 - 23270368 _____ () C:\Users\Beatnik\AppData\Local\package.nw.new
2016-01-02 11:48 - 2016-01-02 11:48 - 0007602 _____ () C:\Users\Beatnik\AppData\Local\Resmon.ResmonCfg
2015-12-12 05:11 - 2015-12-16 13:03 - 0000904 ____H () C:\ProgramData\@system.temp
2015-12-12 05:10 - 2015-12-16 13:03 - 0000640 ____H () C:\ProgramData\@system3.att
2016-01-04 22:15 - 2016-01-04 22:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-26 15:27 - 2015-03-26 15:27 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
 
Some files in TEMP:
====================
C:\Users\Beatnik\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-20 11:31
 
==================== End of FRST.txt ============================Attached File  Addition.txt   69.24KB   4 downloadsAttached File  regsvr32.jpg   58.27KB   0 downloads


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 21 January 2016 - 10:14 AM

Hello 

Butterjones

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

let me know how the machine is running after you complete these steps.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Butterjones

Butterjones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 21 January 2016 - 12:36 PM

alright everything went well

 

the error didn't pop up whatsoever 

 

here's the frst log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Beatnik (2016-01-21 09:12:07) Run:1
Running from C:\Users\Beatnik\Desktop
Loaded Profiles: Beatnik (Available Profiles: Beatnik)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Ukmmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Beatnik\AppData\Local\Angpworks\BridgectrlSpl.dll
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\...\Run: [Reflector2] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942","hxxp://isearch.fantastigames.com/465","hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
Task: {D7222692-2E8A-4592-A6B6-80832E5673B0} - System32\Tasks\Qvhg => Rundll32.exe "C:\WINDOWS\SysWOW64\KBDALY.dll",lxrnaojm
Task: {529080F6-7F26-4FC6-947D-784B9D1E7440} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2015-10-13] ()
Task: C:\WINDOWS\Tasks\Qvhg.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\KBDALY.dll
HOSTS:
Emptytemp:
 
 
*****************
 
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ukmmedia => value removed successfully
HKU\S-1-5-21-4004132674-1876710410-2687368874-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Reflector2 => value removed successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D7222692-2E8A-4592-A6B6-80832E5673B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7222692-2E8A-4592-A6B6-80832E5673B0}" => key removed successfully
C:\WINDOWS\System32\Tasks\Qvhg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Qvhg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{529080F6-7F26-4FC6-947D-784B9D1E7440}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529080F6-7F26-4FC6-947D-784B9D1E7440}" => key removed successfully
C:\WINDOWS\System32\Tasks\RegIdleBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegIdleBackup" => key removed successfully
C:\WINDOWS\Tasks\Qvhg.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 556.3 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:12:35 ====
 
and here's the adw log as well
 
# AdwCleaner v5.030 - Logfile created 21/01/2016 at 09:19:38
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Beatnik - BEATNIKGUNSO
# Running from : C:\Users\Beatnik\Desktop\adwcleaner_5.030.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[-] Folder Deleted : C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\bccd4e71-b365-6c55-13cb-152b58f6522e
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : startnow.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search-results.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : engadget.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slender.en.softonic.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : painttool-sai.en.softonic.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : massively.joystiq.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : five-nights-at-freddys-2.en.softonic.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : comicrack.en.softonic.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mobile.engadget.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cknghehebaconkajgiobncfleofebcog
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehkepjiconegkhpodgoaeamnpckdbblp
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : startnow.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : search-results.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.fantastigames.com/465
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Extension] Deleted : cknghehebaconkajgiobncfleofebcog
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Extension] Deleted : ehkepjiconegkhpodgoaeamnpckdbblp
[-] [C:\Users\Beatnik\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.babylon.com/?affID=109221&tt=031012_IKAN_4112_2&babsrc=HP_ss&mntrId=3e934593000000000000002637bd3942
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4758 bytes] ##########
 
Thanks fireman4it  you have been a huge help and if you can, could let me know what exactly happened to my computer.
 
This has never happened to me before so I would like to know what I did wrong so I can prevent it from happening again in the future


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 21 January 2016 - 01:49 PM

Glad to hear things are better. Lets run a couple other scanners for any leftovers. I would suspect you downloaded or installed a program that had a malicious toolbar attached to it with out your knowledge. Or you may have visited a malicious website that was infected. I will out line better ways to keep you protected once we have you all cleaned up.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Butterjones

Butterjones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 21 January 2016 - 03:22 PM

ok here is the malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/21/2016
Scan Time: 10:51 AM
Logfile: malware bytes log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.21.04
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Beatnik
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376932
Time Elapsed: 9 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
 
there was no option to make logs for eset since it didn't find any threats but I attached a picture anyway Attached File  Untitled-2.jpg   101.71KB   0 downloads

Edited by Butterjones, 21 January 2016 - 06:18 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 21 January 2016 - 07:32 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Butterjones

Butterjones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 21 January 2016 - 07:52 PM

it's running fine no pop ups from malwarebytes saying it blocked a threat so that's good 

 

but windows defender was deactivated and so was windows firewall

 

I turned windows firewall back on

 

should I turn on windows defender again 


Edited by Butterjones, 21 January 2016 - 07:52 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 22 January 2016 - 11:57 AM

Turn back on Windows Defender. Let me know how it goes.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Butterjones

Butterjones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 22 January 2016 - 01:27 PM

ah ok I tried to turn it on. it said it's currently not running so I went to security and maintenance to check what's going on like it said.

 

it says emsisoft internet security is taking care of virus, spyware, and unwanted software protection.

 

which is right since I installed that like a week ago

 

so that should be fine right?



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 22 January 2016 - 01:45 PM

Correct Emisisoft will turn off defender. so everything is fine.

 

Hello,

Butterjones

.
Congratulations! You now appear clean! :cool:


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 


You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky.

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

 

If you would like to donate for the fight against spyware please click btn_donate_LG.gif button below.


Edited by fireman4it, 22 January 2016 - 01:47 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Butterjones

Butterjones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 22 January 2016 - 02:21 PM

alright just downloaded all of those items

 

thanks for your help fireman4it thank you big time 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:48 AM

Posted 24 January 2016 - 03:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users