Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer opens random program


  • This topic is locked This topic is locked
16 replies to this topic

#1 Isszr

Isszr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 10 June 2016 - 09:38 PM

So recently i downloaded some viruses on accident and i'm pretty sure i removed them but ever since then I've been having this program randomly open on my task bar then closes instantly closes afterward i also recorded it(its around 0:32) https://youtu.be/mlKZu3OoNnY?t=25[/size]
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by Kc (administrator) on BIGBOOTYRUBY_I (10-06-2016 22:18:49)
Running from C:\Users\Kc\Downloads
Loaded Profiles: Kc (Available Profiles: Kc)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) D:\SteamLibrary\Steam.exe
(Valve Corporation) D:\SteamLibrary\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\SteamLibrary\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Kc\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Electronic Arts) D:\Origin\Origin.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(MY.COM B.V.) C:\Users\Kc\AppData\Local\MyComGames\MyComGames.exe
(MY.COM B.V.) C:\Users\Kc\AppData\Local\MyComGames\MyComGames.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024 2015-05-18] (MSI)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [Steam] => D:\SteamLibrary\steam.exe [2917456 2016-06-09] (Valve Corporation)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [Clownfish] => D:\clown\Clownfish.exe [1366256 2016-02-19] (Bogdan Sharkov)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [Spotify Web Helper] => C:\Users\Kc\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [Spotify] => C:\Users\Kc\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [MyComGames] => C:\Users\Kc\AppData\Local\MyComGames\MyComGames.exe [4912016 2016-05-30] (MY.COM B.V.)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [uTorrent] => C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-06-04] (BitTorrent Inc.)
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ear Trumpet.lnk [2016-05-23]
ShortcutTarget: Ear Trumpet.lnk -> C:\Program Files (x86)\Ear Trumpet\EarTrumpet.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-06-10]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-29]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-08]
ShortcutTarget: Curse.lnk -> C:\Users\Kc\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Kc\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{646e3e6c-7d62-4a83-978d-fdd0678eac63}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> {911B7DD0-18DA-4C3E-A299-71035112E439} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-05] (Oracle Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2888130912-4148248216-2714598515-1001: @my.com/Games -> C:\Users\Kc\AppData\Local\MyComGames\NPMyComDetector.dll [2016-05-30] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-2888130912-4148248216-2714598515-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon [2016-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-05]
CHR Extension: (Google Drive) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-05]
CHR Extension: (Destiny Item Manager) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2016-06-07]
CHR Extension: (TV) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-06-05]
CHR Extension: (YouTube) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-05]
CHR Extension: (Adblock Plus) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-05]
CHR Extension: (Pandora) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-06-05]
CHR Extension: (AdBlock) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-05]
CHR Extension: (Marc Ecko) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-06-09]
CHR Extension: (Gmail) - C:\Users\Kc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-09] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2016-01-16] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2016-06-10] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-05-25] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-05-25] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [226168 2016-06-10] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [65176 2016-04-07] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S2 spacedeskService; C:\Windows\system32\spacedeskService.exe [674992 2016-02-29] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160316.006\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-28] (Symantec Corporation)
R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160324.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-09] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-12-28] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160324.036\ENG64.SYS [138488 2015-12-28] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160324.036\EX64.SYS [2148080 2015-12-28] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2016-05-30] (SoftEther Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-06-09] (Greatis Software)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2016-05-30] (SoftEther Corporation)
R0 spacedeskHookKmode; C:\Windows\system32\DRIVERS\spacedeskHookKmode.sys [218800 2016-02-29] (datronicsoft Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2016-02-22] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-10 22:18 - 2016-06-10 22:19 - 00028604 _____ C:\Users\Kc\Downloads\FRST.txt
2016-06-10 22:17 - 2016-06-10 22:18 - 00000000 ____D C:\FRST
2016-06-10 22:17 - 2016-06-10 22:17 - 02385408 _____ (Farbar) C:\Users\Kc\Downloads\FRST64.exe
2016-06-10 22:02 - 2016-06-10 22:02 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Kc\Downloads\esetonlinescanner_enu (1).exe
2016-06-10 22:01 - 2016-06-10 22:01 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Kc\Downloads\esetonlinescanner_enu.exe
2016-06-10 22:01 - 2016-06-10 22:01 - 00000000 ____D C:\Users\Kc\AppData\Local\ESET
2016-06-10 21:28 - 2016-06-10 21:29 - 02622792 _____ (Kaspersky Lab) C:\Users\Kc\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328 (1).exe
2016-06-10 21:18 - 2016-06-10 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-06-10 21:18 - 2016-06-10 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-06-10 21:17 - 2016-06-10 21:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-10 21:17 - 2016-06-10 21:18 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-06-10 21:16 - 2016-06-10 21:16 - 02622792 _____ (Kaspersky Lab) C:\Users\Kc\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-06-10 21:16 - 2016-06-10 21:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-06-09 22:04 - 2016-06-09 22:04 - 00000000 ____D C:\Users\Kc\AppData\Roaming\NCSOFT
2016-06-09 22:04 - 2016-06-09 22:04 - 00000000 ____D C:\Users\Kc\AppData\Local\NCSOFT
2016-06-09 20:06 - 2016-06-10 16:47 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\uTorrent
2016-06-09 17:27 - 2016-06-09 17:27 - 00000000 ____D C:\ProgramData\Gaijin
2016-06-09 17:24 - 2016-06-09 17:59 - 00000000 ____D C:\Users\Kc\Downloads\backups
2016-06-09 17:18 - 2016-06-09 17:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kc\Downloads\HijackThis.exe
2016-06-09 15:27 - 2016-06-09 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-09 15:27 - 2016-06-09 15:27 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-06-09 14:48 - 2016-06-09 16:25 - 00000000 ____D C:\Users\Kc\AppData\Local\Windows Live
2016-06-09 14:48 - 2016-06-09 14:48 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-06-09 14:48 - 2016-06-09 14:48 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-06-09 14:48 - 2016-06-09 14:48 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-06-09 14:48 - 2016-06-09 14:48 - 00000000 ____D C:\WINDOWS\en
2016-06-09 14:48 - 2016-06-09 14:48 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-06-09 14:48 - 2016-06-09 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-06-09 14:47 - 2016-06-09 14:47 - 01239752 _____ (Microsoft Corporation) C:\Users\Kc\Downloads\wlsetup-web.exe
2016-06-09 14:14 - 2016-06-10 16:46 - 00000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2016-06-09 14:13 - 2016-06-09 15:24 - 00000000 ____D C:\@RestoreQuarantine
2016-06-09 14:03 - 2016-06-09 14:03 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2016-06-09 13:36 - 2016-06-09 15:21 - 00000000 ____D C:\ProgramData\RegRun
2016-06-09 13:35 - 2016-06-09 15:22 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-06-09 13:35 - 2016-06-09 15:22 - 00000000 ____D C:\Users\Kc\Documents\RegRun2
2016-06-09 13:35 - 2016-06-09 14:18 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-06-09 13:35 - 2016-06-09 13:35 - 17475297 _____ C:\Users\Kc\Downloads\unhackme.zip
2016-06-09 13:35 - 2016-06-09 13:35 - 00003412 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2016-06-09 13:35 - 2016-06-09 13:35 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-06-09 13:35 - 2016-06-09 13:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2016-06-09 13:35 - 2016-06-09 13:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2016-06-09 13:35 - 2016-06-09 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-06-09 13:35 - 2016-04-05 15:17 - 00012808 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2016-06-09 13:35 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-06-05 22:09 - 2016-06-05 22:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-06-05 22:09 - 2016-06-05 22:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-05 22:09 - 2016-05-19 21:57 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-06-05 22:09 - 2016-05-03 22:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-05 22:09 - 2016-05-03 22:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-05 22:09 - 2016-05-03 22:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-05 22:09 - 2016-05-03 22:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-05 22:08 - 2016-05-21 17:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-06-05 22:08 - 2016-05-21 17:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 31639096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 25401280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 21802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 21346520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 18145256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 17740664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 17379520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 10642912 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 08733280 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 02791360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 02419768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00786360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00772152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00708032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00631104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00379480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00178136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00153416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00131768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-06-05 22:08 - 2016-05-20 04:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-06-05 22:08 - 2016-05-20 04:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-06-05 22:03 - 2016-06-05 22:03 - 00590434 _____ C:\Users\Kc\Downloads\oalinst.zip
2016-06-05 22:03 - 2016-06-05 22:03 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-06-05 22:03 - 2016-06-05 22:03 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-06-05 22:03 - 2016-06-05 22:03 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-06-05 22:03 - 2016-06-05 22:03 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-06-05 22:03 - 2016-06-05 22:03 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-06-05 14:30 - 2016-06-09 18:00 - 00000000 ____D C:\AdwCleaner
2016-06-05 14:29 - 2016-06-05 14:30 - 03677248 _____ C:\Users\Kc\Downloads\adwcleaner_5.119.exe
2016-06-05 10:39 - 2016-06-05 10:52 - 00000000 ____D C:\KVRT_Data
2016-06-05 10:33 - 2016-06-05 10:33 - 00000000 ____D C:\$SysReset
2016-06-05 10:29 - 2016-06-09 13:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-05 00:07 - 2016-06-09 18:32 - 01500792 _____ C:\WINDOWS\ntbtlog.txt
2016-06-05 00:07 - 2016-06-09 18:27 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-04 23:45 - 2016-06-04 23:59 - 00000000 ____D C:\ProgramData\1465098313
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Roaming\c
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Unity
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Local\Unity
2016-06-04 23:45 - 2016-06-04 23:44 - 00001188 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-04 23:43 - 2016-06-10 22:19 - 00003658 _____ C:\WINDOWS\System32\Tasks\VirusRemover
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Vigomooi
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\BajlobFex
2016-06-04 23:43 - 2016-06-05 10:54 - 00003334 _____ C:\WINDOWS\System32\Tasks\AdBlock
2016-06-04 23:43 - 2016-06-05 10:11 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Company
2016-06-04 23:43 - 2016-06-04 23:59 - 00000000 ____D C:\Program Files\GarxhokoeUn
2016-06-04 23:42 - 2016-06-05 20:35 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-04 23:42 - 2016-06-04 23:42 - 00000000 ____D C:\Users\Kc\AppData\Local\Вoйти в Интeрнет
2016-06-04 23:40 - 2016-06-04 23:59 - 00000000 ____D C:\Users\Kc\AppData\Local\svshost
2016-06-04 23:38 - 2016-06-04 23:38 - 00000000 ____D C:\Users\Kc\AppData\Local\Поиcк в Интeрнете
2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\Users\Kc\Documents\DyingLight
2016-06-04 10:48 - 2016-06-04 10:48 - 00000000 ____D C:\Users\Kc\Documents\SkidRow
2016-06-04 10:48 - 2016-06-04 10:48 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Blacksea Odyssey
2016-06-04 10:44 - 2016-06-04 10:44 - 182953694 _____ C:\Users\Kc\Downloads\IGG-Blacksea.Odyssey.rar
2016-06-03 21:57 - 2016-06-03 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-01 20:21 - 2016-06-01 20:21 - 00002903 _____ C:\Users\Kc\Downloads\bf4-aob-hp_only.CT
2016-06-01 19:17 - 2016-06-01 19:17 - 16247707 _____ C:\Users\Kc\Downloads\Starbound Extended Modpack.rar
2016-06-01 16:14 - 2016-06-01 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-06-01 16:13 - 2016-06-01 16:13 - 02314240 _____ C:\Users\Kc\Downloads\MinecraftInstaller.msi
2016-06-01 14:57 - 2016-06-01 14:57 - 04734664 _____ () C:\Users\Kc\Downloads\TechnicLauncher (2).exe
2016-05-30 16:11 - 2016-05-30 16:11 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-05-30 14:49 - 2016-05-30 14:49 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-05-30 14:48 - 2016-06-10 21:05 - 00000000 ____D C:\Users\Kc\AppData\Local\MyComGames
2016-05-30 14:48 - 2016-05-30 14:48 - 05246912 _____ (MY.COM B.V.) C:\Users\Kc\Downloads\SkyforgeLoader_9b78697737aadf713a783221559e2599__en.exe
2016-05-30 13:16 - 2016-05-30 13:16 - 00611177 _____ (GameOn) C:\Users\Kc\Downloads\BlackDesert_live_20160210 (3).exe
2016-05-30 13:15 - 2016-05-30 13:15 - 00611177 _____ (GameOn) C:\Users\Kc\Downloads\BlackDesert_live_20160210 (2).exe
2016-05-30 13:15 - 2016-05-30 13:15 - 00611177 _____ (GameOn) C:\Users\Kc\Downloads\BlackDesert_live_20160210 (1).exe
2016-05-30 13:14 - 2016-05-30 13:14 - 00920399 _____ C:\Users\Kc\Downloads\Unconfirmed 898745.crdownload
2016-05-30 13:13 - 2016-05-30 14:30 - 00000000 ____D C:\Users\Kc\AppData\Roaming\BitComet
2016-05-30 13:12 - 2016-05-30 13:12 - 00611177 _____ (GameOn) C:\Users\Kc\Downloads\BlackDesert_live_20160210.exe
2016-05-30 13:08 - 2016-05-30 13:11 - 01094232 _____ ( ) C:\Users\Kc\Downloads\bitcomet_setup.exe
2016-05-30 13:04 - 2016-05-30 13:05 - 04363099 _____ C:\Users\Kc\Downloads\setup (1).exe
2016-05-30 13:01 - 2016-05-30 13:01 - 00000000 ____D C:\Users\Kc\AppData\Local\Vebanaul
2016-05-30 12:57 - 2016-05-30 12:59 - 00500272 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\gamenet.exe
2016-05-30 12:52 - 2016-05-30 13:00 - 00478768 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\PlayBlackDesert.exe
2016-05-30 12:50 - 2016-05-30 12:50 - 00038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys
2016-05-30 12:46 - 2016-05-30 12:46 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2016-05-30 12:46 - 2016-05-30 12:46 - 00051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys
2016-05-30 01:25 - 2016-05-30 01:26 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Guild Wars 2
2016-05-30 01:25 - 2016-05-30 01:25 - 29340840 _____ (ArenaNet) C:\Users\Kc\Downloads\Gw2Setup-64.tmp
2016-05-30 01:25 - 2016-05-30 01:25 - 29340840 _____ (ArenaNet) C:\Users\Kc\Downloads\Gw2Setup-64.exe
2016-05-30 01:25 - 2016-05-30 01:25 - 00093776 _____ C:\Users\Kc\Downloads\Crash.dmp
2016-05-30 01:25 - 2016-05-30 01:25 - 00000000 ____D C:\Users\Kc\Downloads\bin64
2016-05-30 01:25 - 2016-05-30 01:25 - 00000000 _____ C:\Users\Kc\Downloads\Gw2.tmp
2016-05-30 01:25 - 2016-05-30 01:25 - 00000000 _____ C:\Users\Kc\Downloads\Gw2.dat
2016-05-29 20:06 - 2016-05-29 20:06 - 00000000 ____D C:\Users\Kc\Documents\SQUARE ENIX
2016-05-29 13:47 - 2016-05-29 13:47 - 00000000 ____D C:\Users\Kc\AppData\Roaming\.mono
2016-05-29 13:47 - 2016-05-29 13:47 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Jagex Ltd
2016-05-29 13:47 - 2016-05-29 13:47 - 00000000 ____D C:\ProgramData\.mono
2016-05-25 20:10 - 2016-05-25 20:10 - 00076152 _____ C:\WINDOWS\system32\PnkBstrA.exe
2016-05-25 20:00 - 2016-05-25 20:00 - 00000000 ____D C:\Users\Kc\AppData\Local\PunkBuster
2016-05-25 19:57 - 2016-05-25 20:02 - 00000000 ____D C:\Users\Kc\Documents\Battlefield 4
2016-05-25 19:41 - 2016-05-25 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2016-05-25 19:41 - 2016-05-25 19:41 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2016-05-25 19:40 - 2016-06-10 20:59 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-25 19:40 - 2016-06-02 17:39 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-05-25 19:40 - 2016-05-25 19:41 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-05-25 17:24 - 2016-05-25 17:25 - 31395368 _____ (Electronic Arts, Inc.) C:\Users\Kc\Downloads\OriginThinSetup (1).exe
2016-05-23 16:09 - 2016-05-23 16:09 - 13405956 _____ ( ) C:\Users\Kc\Downloads\Ear.Trumpet.Setup.exe
2016-05-23 16:09 - 2016-05-23 16:09 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ear Trumpet.lnk
2016-05-23 16:09 - 2016-05-23 16:09 - 00000000 ____D C:\Program Files (x86)\Ear Trumpet
2016-05-16 16:16 - 2016-05-16 16:16 - 08785920 _____ C:\Users\Kc\Downloads\hamachi (1).msi
2016-05-11 20:15 - 2016-05-11 20:15 - 00000000 ____D C:\Users\Kc\Documents\Paradox Interactive
2016-05-11 20:14 - 2016-05-11 20:15 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-05-11 20:14 - 2016-05-11 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellaris
2016-05-11 20:14 - 2016-05-11 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2016-05-11 13:10 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 13:10 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 13:10 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 13:10 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 13:10 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 13:10 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 13:10 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 13:10 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 13:10 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 13:10 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 13:10 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 13:10 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 13:10 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 13:10 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 13:10 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 13:10 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 13:10 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 13:10 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 13:10 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 13:10 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 13:10 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 13:10 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 13:10 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 13:10 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 13:10 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 13:10 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 13:10 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 13:10 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 13:10 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 13:10 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 13:10 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 13:10 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 13:10 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 13:10 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 13:10 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 13:10 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 13:10 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 13:10 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 13:10 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 13:10 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 13:10 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 13:10 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 13:10 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 13:10 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 13:10 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 13:10 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 13:10 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 13:10 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 13:10 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 13:10 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 13:10 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 13:10 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 13:10 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 13:10 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 13:10 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 13:10 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 13:10 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 13:10 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 13:10 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 13:10 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 13:10 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 13:10 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 13:10 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 13:10 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 13:10 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 13:10 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 13:10 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 13:10 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 13:10 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 13:10 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 13:10 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 13:10 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 13:10 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 13:10 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 13:10 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 13:10 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 13:10 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 13:10 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 13:10 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 13:10 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 13:10 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 13:10 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 13:10 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 13:10 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 13:10 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 13:10 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 13:10 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 13:10 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 13:10 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 13:10 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 13:10 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 13:10 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 13:10 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 13:10 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 13:10 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 13:10 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 13:10 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 13:10 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 13:10 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 13:10 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 13:10 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 13:10 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 13:10 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 13:10 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 13:10 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 13:10 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 13:10 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 13:10 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 13:10 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 13:10 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 13:10 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 13:10 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 13:10 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 13:10 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 13:10 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 13:10 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 13:10 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 13:10 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 13:10 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 13:10 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 13:10 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 13:10 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 13:10 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 13:10 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 13:10 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 13:10 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 13:10 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 13:10 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 13:10 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 13:10 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 13:10 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 13:10 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 13:10 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 13:10 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 13:10 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 13:10 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 13:10 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 13:10 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 13:10 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 13:10 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 13:10 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 13:10 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 13:10 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 13:10 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 13:10 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 13:10 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 13:10 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 13:10 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 08:57 - 2016-05-11 08:57 - 00564736 _____ C:\WINDOWS\system32\bitst.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-10 22:05 - 2015-12-28 21:15 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Skype
2016-06-10 21:57 - 2016-01-09 05:52 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-10 21:30 - 2015-12-28 21:06 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-10 21:06 - 2016-02-26 16:31 - 00000000 ____D C:\Users\Kc\AppData\Local\CrashDumps
2016-06-10 20:56 - 2016-03-06 00:35 - 00000000 ____D C:\ProgramData\Origin
2016-06-10 20:30 - 2015-12-28 21:06 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-10 18:08 - 2016-02-29 19:42 - 00000000 ____D C:\Users\Kc\AppData\Roaming\uTorrent
2016-06-10 16:56 - 2016-01-06 00:51 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E77330E-999B-4E2C-992D-E29FA9C4A625}
2016-06-10 16:56 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-10 16:54 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-10 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-10 16:52 - 2016-03-23 13:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2016-06-10 16:52 - 2015-12-29 12:51 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-10 16:48 - 2016-01-18 19:15 - 00000000 ____D C:\Users\Kc\AppData\Local\LogMeIn Hamachi
2016-06-10 16:47 - 2016-03-08 16:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-10 16:47 - 2016-03-08 16:03 - 00000000 ____D C:\Users\Kc
2016-06-10 16:47 - 2016-03-08 16:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-10 16:47 - 2016-01-09 05:52 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-09 22:53 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-09 20:40 - 2015-12-30 03:55 - 00000000 ____D C:\Users\Kc\Desktop\Games
2016-06-09 18:12 - 2016-01-12 16:28 - 00000000 ____D C:\Users\Kc\AppData\Roaming\OBS
2016-06-09 17:18 - 2015-12-29 12:49 - 00000000 ____D C:\Users\Kc\AppData\Local\VirtualStore
2016-06-09 16:25 - 2015-12-28 23:22 - 00000000 ____D C:\Users\Kc\Desktop\Stuff
2016-06-09 15:22 - 2016-01-18 20:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 14:48 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-09 13:05 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-07 22:13 - 2016-03-08 16:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-07 20:09 - 2015-12-29 16:18 - 00000000 ____D C:\Program Files\Rockstar Games
2016-06-07 20:09 - 2015-12-29 16:18 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-06-07 17:29 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-05 22:10 - 2016-02-26 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-05 21:42 - 2016-04-16 23:36 - 00000000 ____D C:\Users\Kc\AppData\Local\Glyph
2016-06-05 21:38 - 2016-04-16 23:36 - 00000000 ____D C:\ProgramData\Glyph
2016-06-05 20:34 - 2015-12-29 19:23 - 00000000 ____D C:\Users\Kc\AppData\Local\Battle.net
2016-06-05 19:44 - 2015-12-29 19:23 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-05 14:33 - 2015-12-28 21:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-06-05 10:53 - 2015-12-28 21:07 - 00000000 ____D C:\Program Files\Google
2016-06-05 10:53 - 2015-12-28 21:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-05 10:27 - 2015-12-28 21:06 - 00000000 ____D C:\Users\Kc\AppData\Local\Google
2016-06-05 10:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-05 10:11 - 2016-03-04 20:10 - 00000000 ____D C:\Users\Kc\AppData\Local\Apps\2.0
2016-06-04 23:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-06-04 23:37 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-06-03 23:53 - 2015-12-30 01:41 - 00000000 ____D C:\Users\Kc\AppData\Roaming\TS3Client
2016-06-03 21:57 - 2016-01-09 05:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-01 16:23 - 2016-03-08 23:10 - 00000000 ____D C:\Users\Kc\Desktop\Friend stuff
2016-06-01 13:42 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-30 17:47 - 2015-12-29 01:57 - 00000000 ____D C:\Users\Kc\Documents\My Games
2016-05-30 11:17 - 2016-03-08 20:59 - 00000000 ____D C:\Users\Kc\AppData\Local\Spotify
2016-05-30 11:16 - 2016-03-08 20:59 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Spotify
2016-05-29 13:46 - 2015-12-29 12:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 15:32 - 2015-12-28 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 17:20 - 2015-12-28 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 17:20 - 2015-12-28 21:15 - 00000000 ____D C:\ProgramData\Skype
2016-05-25 19:57 - 2016-03-06 00:36 - 00000000 ____D C:\Users\Kc\AppData\Local\Origin
2016-05-25 19:57 - 2016-03-06 00:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-05-25 17:27 - 2016-03-06 00:36 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Origin
2016-05-23 14:35 - 2015-12-29 12:50 - 00002358 _____ C:\Users\Kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 14:35 - 2015-12-29 12:50 - 00000000 ___RD C:\Users\Kc\OneDrive
2016-05-22 17:02 - 2016-02-22 18:16 - 13509184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-21 17:09 - 2016-02-22 18:16 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-05-20 04:03 - 2016-02-22 18:16 - 20305768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-20 04:03 - 2016-02-22 18:16 - 17662432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-05-20 04:03 - 2016-02-22 18:16 - 14410024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-20 04:03 - 2016-02-22 18:16 - 03811440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-20 04:03 - 2016-02-22 18:16 - 03371648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-20 04:03 - 2016-02-22 18:16 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-19 22:08 - 2016-03-08 16:03 - 06348344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-19 22:08 - 2016-03-08 16:03 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-19 22:08 - 2016-03-08 16:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-19 22:08 - 2016-03-08 16:03 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-19 22:08 - 2016-03-08 16:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-19 22:08 - 2016-03-08 16:03 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-19 22:08 - 2016-02-26 16:27 - 00533560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-19 22:08 - 2016-02-26 16:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-18 04:37 - 2016-03-08 16:03 - 06448223 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-17 22:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-15 14:24 - 2016-01-23 20:08 - 00000000 ____D C:\Users\Kc\Documents\Diablo III
2016-05-15 10:50 - 2015-12-29 12:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-15 10:47 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-15 10:47 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 10:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-15 10:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-15 10:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-15 10:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-14 10:04 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 22:50 - 2015-12-29 12:49 - 00000000 ____D C:\Users\Kc\AppData\Local\Packages
2016-05-11 16:18 - 2015-12-28 21:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 16:14 - 2015-12-28 21:08 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-04-10 22:05 - 2016-04-10 22:05 - 0011838 _____ () C:\Users\Kc\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Kc\AppData\Local\Temp\0S1T7XGKOR.exe
C:\Users\Kc\AppData\Local\Temp\5wjPlbhU5Fqy.exe
C:\Users\Kc\AppData\Local\Temp\Gw2.exe
C:\Users\Kc\AppData\Local\Temp\HYsjHKoEwS3r.exe
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kc\AppData\Local\Temp\nvStInst.exe
C:\Users\Kc\AppData\Local\Temp\NVz32kvKd2Wy.exe
C:\Users\Kc\AppData\Local\Temp\NWN3PisDOAyo.exe
C:\Users\Kc\AppData\Local\Temp\S0TKKS3YEI.exe
C:\Users\Kc\AppData\Local\Temp\setup25024.exe
C:\Users\Kc\AppData\Local\Temp\sonarinst.exe
C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe
C:\Users\Kc\AppData\Local\Temp\X9Z1V5E6TO.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-01 22:00
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by Kc (2016-06-10 22:19:24)
Running from C:\Users\Kc\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-08 20:06:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2888130912-4148248216-2714598515-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2888130912-4148248216-2714598515-503 - Limited - Disabled)
Guest (S-1-5-21-2888130912-4148248216-2714598515-501 - Limited - Disabled)
Kc (S-1-5-21-2888130912-4148248216-2714598515-1001 - Administrator - Enabled) => C:\Users\Kc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Apowersoft Phone Manager version 2.6.9 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.6.9 - APOWERSOFT LIMITED)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Battleborn Open Beta (HKLM\...\Steam App 451070) (Version: - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blender 2.76b (HKLM-x32\...\Steam App 365670) (Version: - Blender Foundation)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version: - 2K Australia)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version: - Corsair Components, Inc.)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 3.2.5742 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version: - Corsair Memory, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version: - Visceral Games)
Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dragon's Dogma: Dark Arisen (HKLM-x32\...\Steam App 367500) (Version: - Capcom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Dying Light: The Following - Enhanced Edition (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
Ear Trumpet (HKLM-x32\...\BA8684A3-9834-4D78-A666-04E88FF0EC82_is1) (Version: 1.3.0.0 - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Factorio version 0.12.22 (HKLM\...\Factorio_is1) (Version: - )
GameLooper (HKLM-x32\...\Steam App 435060) (Version: - GameLooper)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Grim Dawn (HKLM-x32\...\1449651388_is1) (Version: 2.0.0.5 - GOG.com)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version: - Dennaton Games)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.472 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.472 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.029 - MSI)
My.com Game Center (HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\MyComGames) (Version: 3.182 - My.com B.V.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.6.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7534 - Realtek Semiconductor Corp.)
Reign Of Kings (HKLM-x32\...\Steam App 344760) (Version: - Code}{atch)
Relic Hunters Zero (HKLM-x32\...\Steam App 382490) (Version: - Rogue Snail)
RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.)
RIFT (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.5 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Sheltered (HKLM-x32\...\Sheltered_is1) (Version: - Team17 Digital Ltd)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shower With Your Dad Simulator 2015: Do You Still Shower With Your Dad (HKLM-x32\...\Steam App 359050) (Version: - marbenx)
Sid Meiers Civilization Beyond Earth v.1.1.0.1043 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: - )
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skyforge MyCom (HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Skyforge MyCom) (Version: 1.87 - My.com B.V.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Soul Axiom (HKLM-x32\...\Soul Axiom_is1) (Version: - )
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.08 - Creative Technology Limited)
spacedesk (HKLM\...\{81F99289-55DD-487C-BA8A-EA6F24B1495A}) (Version: 0.9.918.0 - datronicsoft Inc.)
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
Spotify (HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
Stellaris (HKLM-x32\...\Stellaris_is1) (Version: - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version: - Ubisoft)
Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - )
Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds)
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version: - Trion Worlds, Inc.)
UnHackMe 8.00 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Unity Web Player (HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
VEGA Conflict (HKLM-x32\...\Steam App 339600) (Version: - KIXEYE)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WebOptimum (x32 Version: 1.0.0.0 - bscodecs.com) Hidden
What's under your blanket !? (HKLM-x32\...\Steam App 432020) (Version: - One Game Studio)
WildStar (HKLM\...\Steam App 376570) (Version: - Carbine Studios)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kc\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A42797-C944-4A0F-B9BF-6809CD4DA295} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-09] (Dropbox, Inc.)
Task: {2918B744-5AF2-4F7A-AD54-F9A766F35BA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {45929837-9A46-48FF-B19A-D0A332AA1CA0} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {58141957-2D23-46C7-83FE-483A860A2A1C} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {63A7D1C0-C9F4-4D74-A012-4B62834CBCDD} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {76425342-5676-41D5-85E2-8D049C534D14} - System32\Tasks\Start Corsair Link => D:\CorsairLINK.exe
Task: {827BFA4B-6205-4FE4-A1E7-88FA5AD08242} - System32\Tasks\VirusRemover => C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe [2016-06-04] ( ) <==== ATTENTION
Task: {8B23A509-0830-4C29-9B66-6917CEE9E9D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {8C917F58-0E19-48FD-B087-D73FAFF3C548} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {9288C86E-DEF4-4843-B331-2729BAAC1F7E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-09] (Dropbox, Inc.)
Task: {C3DB06D3-8885-47D5-9422-3ED82CE37E66} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {CE74BE20-0F3A-4DF5-A891-8D06E00206FB} - System32\Tasks\AdBlock => AdBlock.exe <==== ATTENTION
Task: {E4F806D4-CD29-4375-898E-66B3B7109A93} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {F1C567AA-A281-4721-AFC3-D5805946C6BD} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-04-05] (Greatis Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 19:28 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-02-26 16:28 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-13 19:28 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-13 19:28 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-25 20:10 - 2016-05-25 20:10 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2015-11-04 20:11 - 2015-11-04 20:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-04-13 19:28 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-13 19:28 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-13 19:28 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-26 16:28 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-12 16:39 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:39 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-23 14:35 - 2016-05-23 14:35 - 00959168 _____ () C:\Users\Kc\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Kc\AppData\Local\MEGAsync\ShellExtX64.dll
2016-03-08 19:00 - 2016-03-08 19:00 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:10 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-19 13:52 - 2016-04-19 13:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-09 13:32 - 2016-06-03 21:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-09 13:32 - 2016-06-03 21:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-06-09 13:32 - 2016-06-03 21:01 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll
2015-12-21 03:55 - 2015-12-21 03:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-05-25 19:40 - 2016-06-10 20:59 - 00226168 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-11 13:10 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:10 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:10 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:10 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 13:52 - 2016-04-19 13:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 13:52 - 2016-04-19 13:52 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-11 03:37 - 2015-07-11 03:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-03 15:39 - 2015-07-03 12:12 - 04962816 _____ () D:\SteamLibrary\v8.dll
2016-05-06 14:35 - 2016-04-29 16:10 - 00785920 _____ () D:\SteamLibrary\SDL2.dll
2016-06-10 16:48 - 2016-06-09 18:24 - 02387024 _____ () D:\SteamLibrary\video.dll
2016-02-03 15:39 - 2015-07-03 12:12 - 01556992 _____ () D:\SteamLibrary\icui18n.dll
2016-02-03 15:39 - 2015-07-03 12:12 - 01187840 _____ () D:\SteamLibrary\icuuc.dll
2016-03-10 15:44 - 2016-02-08 19:14 - 02549760 _____ () D:\SteamLibrary\libavcodec-56.dll
2016-03-10 15:44 - 2016-02-08 19:14 - 00491008 _____ () D:\SteamLibrary\libavformat-56.dll
2016-03-10 15:44 - 2016-02-08 19:14 - 00332800 _____ () D:\SteamLibrary\libavresample-2.dll
2016-03-10 15:44 - 2016-02-08 19:14 - 00442880 _____ () D:\SteamLibrary\libavutil-54.dll
2016-03-10 15:44 - 2016-02-08 19:14 - 00485888 _____ () D:\SteamLibrary\libswscale-3.dll
2016-06-10 16:48 - 2016-06-09 18:24 - 00829008 _____ () D:\SteamLibrary\bin\chromehtml.DLL
2016-03-10 15:44 - 2016-02-17 18:25 - 00281088 _____ () D:\SteamLibrary\openvr_api.dll
2016-06-10 16:48 - 2016-05-31 20:21 - 49826080 _____ () D:\SteamLibrary\bin\libcef.dll
2016-02-03 15:39 - 2015-09-24 19:56 - 00119208 _____ () D:\SteamLibrary\winh264.dll
2016-02-26 04:29 - 2016-02-26 04:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-01-13 18:45 - 2015-10-06 15:26 - 50656768 _____ () C:\Users\Kc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-01-13 18:45 - 2015-10-06 15:26 - 01874944 _____ () C:\Users\Kc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-01-13 18:45 - 2015-10-06 15:26 - 00075264 _____ () C:\Users\Kc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 01016832 _____ () D:\Origin\platforms\qwindows.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00028160 _____ () D:\Origin\imageformats\qgif.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00029696 _____ () D:\Origin\imageformats\qico.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00256000 _____ () D:\Origin\imageformats\qjpeg.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00266240 _____ () D:\Origin\imageformats\qmng.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00023552 _____ () D:\Origin\imageformats\qtga.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00346112 _____ () D:\Origin\imageformats\qtiff.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00023552 _____ () D:\Origin\imageformats\qwbmp.dll
2016-06-10 20:56 - 2016-06-10 20:55 - 00243200 _____ () D:\Origin\mediaservice\wmfengine.dll
2016-05-30 14:48 - 2016-05-30 14:48 - 00144896 _____ () C:\Users\Kc\AppData\Local\MyComGames\zlib1.dll
2016-05-30 14:48 - 2016-05-30 14:48 - 00062464 _____ () C:\Users\Kc\AppData\Local\MyComGames\pxd.dll
2016-05-30 14:48 - 2016-05-30 14:48 - 00186224 _____ () C:\Users\Kc\AppData\Local\MyComGames\LightUpdate.dll
2016-05-30 14:48 - 2016-05-30 14:48 - 02318224 _____ () C:\Users\Kc\AppData\Local\MyComGames\BigUp2.dll
2015-08-26 05:18 - 2015-08-26 05:18 - 50425344 _____ () C:\Users\Kc\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-11-23 19:36 - 2015-11-23 19:36 - 01339984 _____ () C:\Program Files (x86)\OBS\OBS.exe
2015-07-10 04:14 - 2015-07-10 04:14 - 01960016 _____ () C:\Program Files (x86)\OBS\OBSApi.dll
2014-09-10 03:12 - 2014-09-10 03:12 - 00150528 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin.dll
2016-03-11 15:36 - 2016-03-11 15:36 - 00160256 _____ () C:\Users\Kc\AppData\Local\assembly\dl3\YTQAQTW0.GK0\QJZPPOZB.0J7\f80cd484\007290a2_c6cccf01\CLRHost.Interop.DLL
2014-09-10 02:42 - 2014-09-10 02:42 - 01379328 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\libGLESv2.dll
2014-09-10 02:42 - 2014-09-10 02:42 - 00176128 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\libEGL.dll
2014-08-30 01:49 - 2014-08-30 01:49 - 01660232 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\ffmpegsumo.dll
2014-09-10 02:42 - 2014-09-10 02:42 - 39160320 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\libcef.dll
2015-11-23 19:36 - 2015-11-23 19:36 - 00214096 _____ () C:\Program Files (x86)\OBS\plugins\DShowPlugin.dll
2015-07-10 04:14 - 2015-07-10 04:14 - 00157264 _____ () C:\Program Files (x86)\OBS\plugins\GraphicsCapture.dll
2015-07-10 04:14 - 2015-07-10 04:14 - 00155728 _____ () C:\Program Files (x86)\OBS\plugins\NoiseGate.dll
2015-07-10 04:14 - 2015-07-10 04:14 - 00100944 _____ () C:\Program Files (x86)\OBS\plugins\PSVPlugin.dll
2014-09-10 03:03 - 2014-09-10 03:03 - 00006656 _____ () C:\Program Files (x86)\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\CLRBrowserSourceClient.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65027580.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65027580.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2016-06-04 23:44 - 00001188 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kc\Desktop\Pictures\Backgrounds\EFB18F_fullsize.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run: => "WINCOMV2U"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "sun21"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "Clownfish"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\...\StartupApproved\Run: => "KSS"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41FA53E2-DEBB-4122-97A2-307391F543F3}] => (Allow) D:\SteamLibrary\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{A2B99A67-AC47-495C-B31F-DAD3F5EB906A}] => (Allow) D:\SteamLibrary\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{0B1C4DC1-B8C0-4BDD-B70A-B1452CC557E1}] => (Allow) D:\SteamLibrary\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [{5FE9E4F9-A9D6-4B93-856B-A83E1F455E31}] => (Allow) D:\SteamLibrary\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [{BBE292F6-320C-44FD-8184-8211DBC29668}] => (Allow) D:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{83F31695-1319-4F8B-992C-FBA8B1F45686}] => (Allow) D:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{F00FC7FB-87E1-4BAF-932C-5317BF507F2D}] => (Allow) D:\SteamLibrary\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{080A70F1-960C-4AED-BF9F-95EBADAF6D17}] => (Allow) D:\SteamLibrary\steamapps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{AE137BAA-4189-43D6-AE54-4CFB061FCE7A}] => (Allow) D:\SteamLibrary\steamapps\common\Spore\runme.exe
FirewallRules: [{077B52B4-7193-4E12-891D-83242C242C75}] => (Allow) D:\SteamLibrary\steamapps\common\Spore\runme.exe
FirewallRules: [{B36D00FE-DD35-407F-BD15-8191C3D713CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81B280AB-F8A7-4B9F-97ED-BC45F25D57B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3B33327-AC06-4508-8AB7-12C9AFB79582}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FD077AEE-BE5B-4A12-8E27-247813458FDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AF9E7BEE-2FE0-4FEF-923D-83D9636710EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1828A9DA-3C93-487C-BA24-597ADF3B05B2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BB71E8FB-4673-4E86-90CA-3A3949C48227}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7F69C70-FBE2-4077-8600-F49F1A390214}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy's The Division Beta\TheDivision.exe
FirewallRules: [{4A16E700-7F05-4943-B19A-9137B871BB04}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{BEDEEFDE-C63B-46A2-B69B-2B25F11DA2D6}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{978B18DA-4BEF-48AB-9D34-BF317CD62F8D}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3EA60834-B342-4E8C-A040-A82E8E891DB9}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{74EB98FB-18E8-431A-AF7C-956BD424F539}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{69EE74E3-889E-49D1-88F5-1071345C929F}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F5727423-5790-4AB7-9DBD-1F74B92668D7}] => (Allow) D:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{4F053183-FFB2-469C-85A8-2BCFDCDEA78A}] => (Allow) D:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{9224FB3D-40A5-4DE8-8986-4A03B838B78E}] => (Allow) D:\SteamLibrary\steamapps\common\Blender\blender.exe
FirewallRules: [{2D5AFD9C-BA52-46A0-ABF8-9F18611A9600}] => (Allow) D:\SteamLibrary\steamapps\common\Blender\blender.exe
FirewallRules: [{CB69E7D9-077E-4794-A09A-F1F8945720A8}] => (Allow) D:\SteamLibrary\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [{0FB73B72-47CF-4A2C-86AE-165054E6C543}] => (Allow) D:\SteamLibrary\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [{700CCA2B-FA04-4D9C-8DE1-D927C41D6760}] => (Allow) D:\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{4A290DB0-1D21-4531-A953-CE3FF171B3B1}] => (Allow) D:\SteamLibrary\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{49380341-5373-445C-AA2F-B83ED515A3FC}] => (Allow) D:\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{751738B4-F619-41F2-877E-91A5306DA71A}] => (Allow) D:\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{052899CA-9C26-478B-BC5E-F7C91F68B4FF}] => (Allow) D:\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{33700DA6-5B37-496F-85FA-1EDFD4FFD784}] => (Allow) D:\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{CD02BD24-3DF5-4BFA-B864-AC81F7F869EC}] => (Allow) D:\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{5520F461-E143-4EE9-BF70-F29AC16BD652}] => (Allow) D:\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{516EFE18-7D4F-4FE6-9CB1-9121225D3DA6}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1B285C83-EA0E-4212-93D3-EA1853A3A473}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{46D1B5B6-C123-448A-8DC9-C4A7241B7E98}] => (Allow) D:\SteamLibrary\steamapps\common\RIFT\riftpatchlive.exe
FirewallRules: [{EE369D0F-D988-4FA7-98F3-8EA3994F9A75}] => (Allow) D:\SteamLibrary\steamapps\common\RIFT\riftpatchlive.exe
FirewallRules: [{2634118C-328C-4F95-B1F3-5803C4CDAEEB}] => (Allow) D:\SteamLibrary\steamapps\common\Dragomon Hunter\Game.bin
FirewallRules: [{988095DE-EBE4-4DAB-89F4-607528C2399F}] => (Allow) D:\SteamLibrary\steamapps\common\Dragomon Hunter\Game.bin
FirewallRules: [{DF609521-1855-401E-9502-442669CBDF5B}] => (Allow) D:\SteamLibrary\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{20714801-8565-4802-BB98-209BD899E18C}] => (Allow) D:\SteamLibrary\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{164CCFAF-20F7-4BB8-A52A-C9CAA889F0D8}] => (Allow) D:\SteamLibrary\steamapps\common\What'sunderyourblanket!\game.exe
FirewallRules: [{3FA3409C-C57C-40B6-A8D9-ED802FC09014}] => (Allow) D:\SteamLibrary\steamapps\common\What'sunderyourblanket!\game.exe
FirewallRules: [{37259358-8F52-4783-A778-0FD2A7A14470}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{5F450B1D-1AC3-47CD-9AB5-B9C79DF03ABB}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{DB52BB40-EE6B-4583-9D6A-9A4671578D8D}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{4455A65B-B1D6-4C0A-80C7-3A056B7F7B99}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7C691110-4931-4151-AFBD-B4B8EC06025B}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{F450F0CB-C092-449E-8CA4-4A63D71DED78}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{1C49B9C1-9829-43FD-AB4C-6B5D6C556658}] => (Allow) D:\SteamLibrary\steamapps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{BAD2B3A0-E2B7-4361-A18E-0FDBA1815901}] => (Allow) D:\SteamLibrary\steamapps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{A3AC840A-C357-4F91-A3DC-A0DACA860290}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{18EF86ED-4308-49AC-9CDB-D9209A7C5CCB}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{CD3613B1-B5B0-4366-A45C-B6A72F3761A1}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{EABD2794-DD74-41A6-ABA2-3BC860FE727C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{3C71E560-F16B-4568-B818-450418FC14AB}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{9A83F692-BD0B-4E4C-9A8F-674C8907020B}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DD6BB52A-8766-40EC-AF75-B93A72E6B399}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{24A988E3-923A-47AB-9FA5-2F7AEB9A920C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{27C4C9F0-A69C-4132-BFFD-5A7ECF417C4C}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{1B0FCE38-9263-440A-88A8-5809D6BBD662}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{D7A5C3FF-0E9B-414A-B59E-32C0B042CB26}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{0D8D7DCB-7D90-4AA8-BC88-8F7D73C693BE}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{60177880-5BB6-4F8A-8D3A-4AC293F903C5}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D9B2CB2E-219E-47FE-9F7C-5C963CE74973}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{1573583A-495F-499E-A5D4-A819BCBEC50A}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{D5F322A4-5F7E-488A-92CB-C2A4FAE1A42F}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{DDD563AC-9632-4BDB-9644-9AC250D6A8B2}] => (Allow) D:\SteamLibrary\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{CB4014F8-28F4-41D2-B93A-178E7575A5CB}] => (Allow) D:\SteamLibrary\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{2C19BCE5-8736-4E97-97D7-614747CAE503}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{83D98428-41CF-456A-865B-22F8CF317F53}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{25403ABB-68AA-45AD-83C8-389F675605E0}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{04A906E0-CE25-4C11-AD8E-79588B11A475}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{BF5217F9-55D6-4386-9835-75DE48B3BD7B}] => (Allow) D:\SteamLibrary\bin\steamwebhelper.exe
FirewallRules: [{6193E27C-6C39-45D8-8063-53F4AC7CA5B5}] => (Allow) D:\SteamLibrary\bin\steamwebhelper.exe
FirewallRules: [{85FCEABC-7AC7-4AF8-90D0-AD73C5F7129D}] => (Allow) D:\SteamLibrary\Steam.exe
FirewallRules: [{AC8CCF69-34F5-4D44-8272-8F9130D3B72D}] => (Allow) D:\SteamLibrary\Steam.exe
FirewallRules: [{8EFB754A-4A8E-4077-90A6-1EB6230DC565}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{512A1149-1108-435B-BA5A-77248AF8A596}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E26131EB-1A53-45DB-ACA1-334C44FDC194}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02D056F2-4DC7-4DCC-92FE-B6CE73F87037}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{92B7E458-B29D-4AEE-ABE1-D019320FF3AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{37FCA004-4DF0-46CF-9C29-F4C022AFDA61}] => (Allow) C:\WINDOWS\system32\spacedeskService.exe
FirewallRules: [TCP Query User{45B1F782-179F-40CA-8164-22950F0E633E}C:\users\kc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E225ADB4-E822-44C2-882E-DD969F6832EE}C:\users\kc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9249F3C3-F41C-4504-B82E-E4747FA1A38E}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{59A4CC86-9AB6-4F13-BA0D-98C431E82616}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{89D563F0-67DC-4E8E-9D33-309A285BE1E6}C:\users\kc\appdata\local\temp\rar$exa0.644\igg-democracy.3.africa\democracy3africa.exe] => (Block) C:\users\kc\appdata\local\temp\rar$exa0.644\igg-democracy.3.africa\democracy3africa.exe
FirewallRules: [UDP Query User{FD7F5AB9-C62A-4EEC-85A0-B1F4C7C28197}C:\users\kc\appdata\local\temp\rar$exa0.644\igg-democracy.3.africa\democracy3africa.exe] => (Block) C:\users\kc\appdata\local\temp\rar$exa0.644\igg-democracy.3.africa\democracy3africa.exe
FirewallRules: [{900DA020-5E62-4105-8696-C310242056FF}] => (Allow) D:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{BAD6D6D3-9751-41D6-9654-262132724321}] => (Allow) D:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{25CD3345-4C7F-4D18-A1BD-C84C104669F0}] => (Allow) D:\SteamLibrary\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{7D1B2422-2F3E-40A5-8E30-34F319A84325}] => (Allow) D:\SteamLibrary\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{3D9195BD-5575-4507-B9A3-CC51EC83E2A8}] => (Allow) D:\SteamLibrary\steamapps\common\Battleborn Open Beta\Binaries\Win64\Battleborn.exe
FirewallRules: [{3D45AD70-8CB5-4A95-B0C4-944D78E4FFF5}] => (Allow) D:\SteamLibrary\steamapps\common\Battleborn Open Beta\Binaries\Win64\Battleborn.exe
FirewallRules: [TCP Query User{A66F7D44-D812-4B0B-B99A-19844DC19E2C}D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{54EE858F-0B5B-4D0C-80D7-866FFE757C03}D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{BE2AAE42-B76B-4C56-B45E-0A8104F3FFFC}] => (Allow) D:\SteamLibrary\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{83752225-2590-4A82-9730-26FFB703F4B8}] => (Allow) D:\SteamLibrary\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{C05D51A2-C1E1-4C27-8AE5-65E23A5D5688}D:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{D331546C-D8A6-46A1-8C8B-56D5CD9F433A}D:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steamlibrary\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{B5F8C492-6752-491B-90B4-CA39D4E8B6D0}C:\users\kc\appdata\local\temp\rar$exa0.547\igg-bossmonsterv15.02.2016\dbmgamesteam.exe] => (Allow) C:\users\kc\appdata\local\temp\rar$exa0.547\igg-bossmonsterv15.02.2016\dbmgamesteam.exe
FirewallRules: [UDP Query User{E1CBE5D8-53F3-4E06-B40C-020867E224C3}C:\users\kc\appdata\local\temp\rar$exa0.547\igg-bossmonsterv15.02.2016\dbmgamesteam.exe] => (Allow) C:\users\kc\appdata\local\temp\rar$exa0.547\igg-bossmonsterv15.02.2016\dbmgamesteam.exe
FirewallRules: [TCP Query User{EF3FF339-3932-4CBF-81D2-02615EEBD23B}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F85C12BF-A00E-4597-867C-5A96F3DF7D8D}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{77D406D6-D977-49BB-BC04-CEC8E589C804}C:\users\kc\desktop\new folder\igg-everspace.alpha\rsg\binaries\win64\rsg-win64-shipping.exe] => (Allow) C:\users\kc\desktop\new folder\igg-everspace.alpha\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [UDP Query User{203C27AE-52D2-4BD4-AF50-C7982366CCFE}C:\users\kc\desktop\new folder\igg-everspace.alpha\rsg\binaries\win64\rsg-win64-shipping.exe] => (Allow) C:\users\kc\desktop\new folder\igg-everspace.alpha\rsg\binaries\win64\rsg-win64-shipping.exe
FirewallRules: [TCP Query User{09319C83-516D-4744-8E16-C97A8841E8D6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{CB3EC086-67AA-47A5-AFF4-C278EE77F0DF}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{5473FA9E-5F77-4D7C-8A1B-F4A547CF554F}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{307DFD1D-2849-4980-9E7A-2B32EFB389AF}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{CE8A5396-5732-4D9D-905D-262A0C3BA438}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{028A8C49-46BA-4806-BDB1-C5154CB2A2A6}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{55AEA418-CD84-46F0-8A84-40D50D3E4579}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{24870201-DCEB-4A1F-820B-FA1D2E0F5C78}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{988C360D-0FD5-4429-B193-ADC2BCC246F8}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{387B3160-732F-4E13-BA5A-686B1012428E}] => (Allow) D:\SteamLibrary\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{328FFE3C-EB79-4081-AC92-BFBF57E6AB49}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2A0F001C-742D-468A-B835-AAA4A8B413E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D1BD8641-5128-40ED-82F3-C225306B0F5F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3495AB4C-17DF-4CE0-96DB-AE822D4C22D1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{456DEB16-6507-4F8A-AF62-424E36D44B22}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FB6CB42C-0FE3-4DB8-A57E-C4C995A512C0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{33682154-F775-4610-9047-1FCAF7340DFD}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{10E8F556-7C81-4CD7-A5C7-8A8A5E4C9558}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{0FF3DA71-6747-4CC5-9FCA-17F95CC3DBA6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{D21C5A68-A9F3-4A8A-81DF-D9BD71876F2A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{B1858539-4914-4CE8-8717-0A18968DF063}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{895ABC25-3E33-40B9-92CC-1BA6E6C360AD}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{22BD0441-68AF-4191-B7B9-B51EAA8B0009}] => (Allow) D:\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{273453DC-1D39-4CD1-B361-8CB7975664E9}] => (Allow) D:\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{A88BCC0C-CC62-41A4-B49E-BA1D257A1F8A}] => (Allow) D:\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{3C38D86A-280B-40EE-8FA6-8D0544905D41}] => (Allow) D:\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{A420BBD8-055B-4BA2-9D49-C34D527FDAE2}] => (Allow) D:\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{7ABE8DD8-B838-424F-A9D1-83CF9D132E34}] => (Allow) D:\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{A85B687C-91EE-45DC-81E4-F5002B1F3F94}] => (Allow) C:\Users\Kc\Downloads\gamenet.exe
FirewallRules: [{10AD56D5-9956-475A-A70D-5BAE90D86F96}] => (Allow) C:\Users\Kc\Downloads\gamenet.exe
FirewallRules: [{7A51595A-933D-4EBA-94DC-ADC48B8FE40C}] => (Allow) C:\Users\Kc\AppData\Local\Temp\is-3HT9C.tmp\setup25024.tmp
FirewallRules: [{E2F80BFF-6A51-40E3-984A-BD628703AE24}] => (Allow) C:\Users\Kc\AppData\Local\Temp\is-3HT9C.tmp\setup25024.tmp
FirewallRules: [{202572A7-BB05-48A2-A30E-C82FCC4E3F40}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{2D302740-E23B-4F0C-8F14-EF5F5928603B}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{8AAF1DAD-6154-4DD9-81F7-E0DFDB23D1DF}] => (Allow) LPort=16997
FirewallRules: [{E1179E22-0787-4493-80D5-B1BA0A38FDB3}] => (Allow) LPort=16997
FirewallRules: [TCP Query User{47A3A325-9C8F-404D-9C49-52AF7C6B033F}C:\program files\bitcomet\bitcomet.exe] => (Block) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{DA759CC3-BFFF-4859-8038-465FC4DC37AD}C:\program files\bitcomet\bitcomet.exe] => (Block) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [TCP Query User{210A9675-05BF-48BB-AED6-8216F13B44D2}C:\users\kc\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\kc\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{BC57B9C4-0D4E-4279-9297-A3BB7038F74C}C:\users\kc\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\kc\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{4AC64A87-41CF-4D4B-866C-10AB25E5B4FD}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3EDB518E-6325-4FC1-A920-25F2CDFD9848}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{BD59A06D-43E1-479D-BF58-69CD99C6FBB2}D:\program files (x86)\origin games\battlefield 4\bf4_x86.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4_x86.exe
FirewallRules: [UDP Query User{212777F6-7C49-4B4A-B566-C2D59678116E}D:\program files (x86)\origin games\battlefield 4\bf4_x86.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4_x86.exe
FirewallRules: [{559D7673-2AA7-486D-AC58-4E49C2AA6401}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{DB65C287-4AA3-4C6C-A9F3-0CAA0E162526}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B06A28F5-678A-4202-A575-29DEF0E59669}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BB73A4D-C113-4BDA-B094-849C4CB94C4C}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6DA6B397-BDAC-4BB5-B7EB-BD0AB229E1A0}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DE572B8-4F62-43BC-A3CC-4B9F3DD4B761}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F2C5E2D0-31E5-4F28-A6E0-D6C8241ECD97}] => (Allow) C:\Users\Kc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{51A88F23-35CF-4BB8-84FE-E3DC24DD77D1}D:\dying light\dyinglightgame.exe] => (Allow) D:\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{8F09406D-716B-4695-B3DB-43955BCE06C8}D:\dying light\dyinglightgame.exe] => (Allow) D:\dying light\dyinglightgame.exe
FirewallRules: [{D7777235-5820-4884-81F3-050FED831F85}] => (Allow) 㩃啜敳獲䭜屣灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e
FirewallRules: [{1054EEE8-F741-4A76-AB34-EC1235490857}] => (Allow) 㩃啜敳獲䭜屣灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數
FirewallRules: [{4301CCF0-5207-431E-BAE3-961921639604}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{66B5BC25-3E4B-40BF-8029-E079C0433993}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e
FirewallRules: [{E32EBA9C-B98F-4E4F-98EF-A34F87CD3C84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6861B514-BB1C-4E3F-8711-94EBFDF1B81C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{97FA63F8-DB66-4F8F-A1BA-963887658D89}] => (Allow) LPort=2869
FirewallRules: [{CCD4E93C-2400-4579-94F4-30B1C73A3562}] => (Allow) LPort=1900
FirewallRules: [{0B3D196D-B396-44AD-905F-0727329E9977}] => (Allow) D:\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{C1CAFA6C-48B8-4149-A127-3180BD7B2A17}] => (Allow) D:\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{365041B4-77FD-43AC-ACDA-AB6826714033}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D57E3BE7-139D-4CB2-AACB-1B9351987FC9}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{261E1BC6-169F-4522-9CE2-2EC4C7D4BAE8}] => (Allow) D:\SteamLibrary\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [{89FCD6FA-3F43-4054-B9BE-70B9EF0A818E}] => (Allow) D:\SteamLibrary\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [{133D82BD-DBD4-40CF-8FEC-E237E0539576}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{47B03CE9-49D6-4701-8880-C48D9376D9E9}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{FBF6801B-44E7-4568-B021-72051F3D9AA8}] => (Allow) D:\SteamLibrary\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{9CBDE93E-6947-486F-8788-B64E3C304032}] => (Allow) D:\SteamLibrary\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{B32C7572-249D-4F44-A8E1-C21EA6A01F5C}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9BDDADB8-52BB-43F9-8476-5E208C2D87E4}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2016 09:06:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skyforge.exe, version: 1.0.0.0, time stamp: 0x57485d0c
Faulting module name: ddraw.dll_unloaded, version: 10.0.10586.0, time stamp: 0x5632d58e
Exception code: 0xc0000005
Fault offset: 0x00011750
Faulting process id: 0x39fc
Faulting application start time: 0xSkyforge.exe0
Faulting application path: Skyforge.exe1
Faulting module path: Skyforge.exe2
Report Id: Skyforge.exe3
Faulting package full name: Skyforge.exe4
Faulting package-relative application ID: Skyforge.exe5

Error: (06/10/2016 08:38:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CivilizationV_DX11.exe, version: 1.0.3.279, time stamp: 0x546cd0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x133c
Faulting application start time: 0xCivilizationV_DX11.exe0
Faulting application path: CivilizationV_DX11.exe1
Faulting module path: CivilizationV_DX11.exe2
Report Id: CivilizationV_DX11.exe3
Faulting package full name: CivilizationV_DX11.exe4
Faulting package-relative application ID: CivilizationV_DX11.exe5

Error: (06/10/2016 08:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CivilizationV.exe, version: 1.0.3.279, time stamp: 0x546ccb59
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0xfd4
Faulting application start time: 0xCivilizationV.exe0
Faulting application path: CivilizationV.exe1
Faulting module path: CivilizationV.exe2
Report Id: CivilizationV.exe3
Faulting package full name: CivilizationV.exe4
Faulting package-relative application ID: CivilizationV.exe5

Error: (06/10/2016 08:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CivilizationV_DX11.exe, version: 1.0.3.279, time stamp: 0x546cd0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x2778
Faulting application start time: 0xCivilizationV_DX11.exe0
Faulting application path: CivilizationV_DX11.exe1
Faulting module path: CivilizationV_DX11.exe2
Report Id: CivilizationV_DX11.exe3
Faulting package full name: CivilizationV_DX11.exe4
Faulting package-relative application ID: CivilizationV_DX11.exe5

Error: (06/10/2016 06:08:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00000000
Stack:

Error: (06/10/2016 05:53:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe, version: 0.0.0.0, time stamp: 0x51092c84
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0xe14
Faulting application start time: 0xWarThunderLauncher_1.0.1.646_updQNFTREEL.exe0
Faulting application path: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe1
Faulting module path: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe2
Report Id: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe3
Faulting package full name: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe4
Faulting package-relative application ID: WarThunderLauncher_1.0.1.646_updQNFTREEL.exe5

Error: (06/10/2016 05:24:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CivilizationV_DX11.exe, version: 1.0.3.279, time stamp: 0x546cd0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x1360
Faulting application start time: 0xCivilizationV_DX11.exe0
Faulting application path: CivilizationV_DX11.exe1
Faulting module path: CivilizationV_DX11.exe2
Report Id: CivilizationV_DX11.exe3
Faulting package full name: CivilizationV_DX11.exe4
Faulting package-relative application ID: CivilizationV_DX11.exe5

Error: (06/10/2016 05:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WildStar.exe, version: 1.5.2.13578, time stamp: 0x574f2859
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x15e0
Faulting application start time: 0xWildStar.exe0
Faulting application path: WildStar.exe1
Faulting module path: WildStar.exe2
Report Id: WildStar.exe3
Faulting package full name: WildStar.exe4
Faulting package-relative application ID: WildStar.exe5

Error: (06/09/2016 10:01:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WildStar.exe, version: 1.4.1.12652, time stamp: 0x56c52904
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x41c
Faulting application start time: 0xWildStar.exe0
Faulting application path: WildStar.exe1
Faulting module path: WildStar.exe2
Report Id: WildStar.exe3
Faulting package full name: WildStar.exe4
Faulting package-relative application ID: WildStar.exe5

Error: (06/09/2016 09:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WildStar.exe, version: 1.4.1.12652, time stamp: 0x56c52904
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71ae0000
Faulting process id: 0x2cec
Faulting application start time: 0xWildStar.exe0
Faulting application path: WildStar.exe1
Faulting module path: WildStar.exe2
Report Id: WildStar.exe3
Faulting package full name: WildStar.exe4
Faulting package-relative application ID: WildStar.exe5


System errors:
=============
Error: (06/10/2016 10:03:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 10:03:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kc\AppData\Local\Temp\ehdrv.sys

Error: (06/10/2016 10:03:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kc\AppData\Local\Temp\ehdrv.sys

Error: (06/10/2016 10:03:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 10:03:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 10:03:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kc\AppData\Local\Temp\ehdrv.sys

Error: (06/10/2016 10:03:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 10:03:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kc\AppData\Local\Temp\ehdrv.sys

Error: (06/10/2016 10:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 10:03:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kc\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
Date: 2016-06-09 14:50:50.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:57:53.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:57:53.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:57:29.620
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:56:13.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:56:12.670
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:56:08.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:56:08.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:55:51.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-04 23:55:21.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 32%
Total physical RAM: 16332.62 MB
Available physical RAM: 10977 MB
Total Virtual: 22476.62 MB
Available Virtual: 16612.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:17.49 GB) NTFS
Drive d: (Internal Drive) (Fixed) (Total:1862.89 GB) (Free:1090.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 3047C4F7)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 12 June 2016 - 08:44 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 12 June 2016 - 08:52 AM

Greetings Isszr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
2016-06-09 17:27 - 2016-06-09 17:27 - 00000000 ____D C:\ProgramData\Gaijin
2016-06-04 23:45 - 2016-06-04 23:59 - 00000000 ____D C:\ProgramData\1465098313
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Roaming\c
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Unity
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Local\Unity
2016-06-04 23:45 - 2016-06-04 23:44 - 00001188 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-04 23:43 - 2016-06-10 22:19 - 00003658 _____ C:\WINDOWS\System32\Tasks\VirusRemover
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Vigomooi
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\BajlobFex
2016-06-04 23:43 - 2016-06-05 10:54 - 00003334 _____ C:\WINDOWS\System32\Tasks\AdBlock
2016-06-04 23:43 - 2016-06-05 10:11 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Company
2016-06-04 23:43 - 2016-06-04 23:59 - 00000000 ____D C:\Program Files\GarxhokoeUn
2016-06-04 23:42 - 2016-06-05 20:35 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-04 23:42 - 2016-06-04 23:42 - 00000000 ____D C:\Users\Kc\AppData\Local\Вoйти в Интeрнет
2016-06-04 23:40 - 2016-06-04 23:59 - 00000000 ____D C:\Users\Kc\AppData\Local\svshost
2016-06-04 23:38 - 2016-06-04 23:38 - 00000000 ____D C:\Users\Kc\AppData\Local\Поиcк в Интeрнете
2016-05-30 13:14 - 2016-05-30 13:14 - 00920399 _____ C:\Users\Kc\Downloads\Unconfirmed 898745.crdownload
2016-05-30 13:01 - 2016-05-30 13:01 - 00000000 ____D C:\Users\Kc\AppData\Local\Vebanaul
2016-05-30 12:57 - 2016-05-30 12:59 - 00500272 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\gamenet.exe
2016-05-30 12:52 - 2016-05-30 13:00 - 00478768 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\PlayBlackDesert.exe
C:\Users\Kc\AppData\Local\Temp\0S1T7XGKOR.exe
C:\Users\Kc\AppData\Local\Temp\5wjPlbhU5Fqy.exe
C:\Users\Kc\AppData\Local\Temp\Gw2.exe
C:\Users\Kc\AppData\Local\Temp\HYsjHKoEwS3r.exe
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kc\AppData\Local\Temp\nvStInst.exe
C:\Users\Kc\AppData\Local\Temp\NVz32kvKd2Wy.exe
C:\Users\Kc\AppData\Local\Temp\NWN3PisDOAyo.exe
C:\Users\Kc\AppData\Local\Temp\S0TKKS3YEI.exe
C:\Users\Kc\AppData\Local\Temp\setup25024.exe
C:\Users\Kc\AppData\Local\Temp\sonarinst.exe
C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe
C:\Users\Kc\AppData\Local\Temp\X9Z1V5E6TO.exe
Task: {827BFA4B-6205-4FE4-A1E7-88FA5AD08242} - System32\Tasks\VirusRemover => C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe [2016-06-04] ( ) <==== ATTENTION
Task: {CE74BE20-0F3A-4DF5-A891-8D06E00206FB} - System32\Tasks\AdBlock => AdBlock.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 12 June 2016 - 08:03 PM

Hello there Gary you can call me Kc so here is everything you asked for, and i also have school from 7 am to 3 pm EST so i wont be able to respond at this times and i also liked your usage of smörgåsbord

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by Kc (2016-06-12 20:54:28) Run:1
Running from C:\Users\Kc\Desktop
Loaded Profiles: Kc (Available Profiles: Kc)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2888130912-4148248216-2714598515-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
2016-06-09 17:27 - 2016-06-09 17:27 - 00000000 ____D C:\ProgramData\Gaijin
2016-06-04 23:45 - 2016-06-04 23:59 - 00000000 ____D C:\ProgramData\1465098313
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Roaming\c
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Unity
2016-06-04 23:45 - 2016-06-04 23:45 - 00000000 ____D C:\Users\Kc\AppData\Local\Unity
2016-06-04 23:45 - 2016-06-04 23:44 - 00001188 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-04 23:43 - 2016-06-10 22:19 - 00003658 _____ C:\WINDOWS\System32\Tasks\VirusRemover
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\Vigomooi
2016-06-04 23:43 - 2016-06-09 14:13 - 00000000 ____D C:\Users\Kc\AppData\Roaming\BajlobFex
2016-06-04 23:43 - 2016-06-05 10:54 - 00003334 _____ C:\WINDOWS\System32\Tasks\AdBlock
2016-06-04 23:43 - 2016-06-05 10:11 - 00000000 ____D C:\Users\Kc\AppData\LocalLow\Company
2016-06-04 23:43 - 2016-06-04 23:59 - 00000000 ____D C:\Program Files\GarxhokoeUn
2016-06-04 23:42 - 2016-06-05 20:35 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-04 23:42 - 2016-06-04 23:42 - 00000000 ____D C:\Users\Kc\AppData\Local\?o??? ? ???e????
2016-06-04 23:40 - 2016-06-04 23:59 - 00000000 ____D C:\Users\Kc\AppData\Local\svshost
2016-06-04 23:38 - 2016-06-04 23:38 - 00000000 ____D C:\Users\Kc\AppData\Local\???c? ? ???e?????
2016-05-30 13:14 - 2016-05-30 13:14 - 00920399 _____ C:\Users\Kc\Downloads\Unconfirmed 898745.crdownload
2016-05-30 13:01 - 2016-05-30 13:01 - 00000000 ____D C:\Users\Kc\AppData\Local\Vebanaul
2016-05-30 12:57 - 2016-05-30 12:59 - 00500272 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\gamenet.exe
2016-05-30 12:52 - 2016-05-30 13:00 - 00478768 _____ (Global Gamers Solutions Ltd. ©) C:\Users\Kc\Downloads\PlayBlackDesert.exe
C:\Users\Kc\AppData\Local\Temp\0S1T7XGKOR.exe
C:\Users\Kc\AppData\Local\Temp\5wjPlbhU5Fqy.exe
C:\Users\Kc\AppData\Local\Temp\Gw2.exe
C:\Users\Kc\AppData\Local\Temp\HYsjHKoEwS3r.exe
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kc\AppData\Local\Temp\nvStInst.exe
C:\Users\Kc\AppData\Local\Temp\NVz32kvKd2Wy.exe
C:\Users\Kc\AppData\Local\Temp\NWN3PisDOAyo.exe
C:\Users\Kc\AppData\Local\Temp\S0TKKS3YEI.exe
C:\Users\Kc\AppData\Local\Temp\setup25024.exe
C:\Users\Kc\AppData\Local\Temp\sonarinst.exe
C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe
C:\Users\Kc\AppData\Local\Temp\X9Z1V5E6TO.exe
Task: {827BFA4B-6205-4FE4-A1E7-88FA5AD08242} - System32\Tasks\VirusRemover => C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe [2016-06-04] ( ) <==== ATTENTION
Task: {CE74BE20-0F3A-4DF5-A891-8D06E00206FB} - System32\Tasks\AdBlock => AdBlock.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2888130912-4148248216-2714598515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
C:\ProgramData\Gaijin => moved successfully
C:\ProgramData\1465098313 => moved successfully
C:\Users\Kc\AppData\Roaming\c => moved successfully
C:\Users\Kc\AppData\LocalLow\Unity => moved successfully
C:\Users\Kc\AppData\Local\Unity => moved successfully
C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully
C:\WINDOWS\System32\Tasks\VirusRemover => moved successfully
C:\Users\Kc\AppData\Roaming\Vigomooi => moved successfully
C:\Users\Kc\AppData\Roaming\BajlobFex => moved successfully
C:\WINDOWS\System32\Tasks\AdBlock => moved successfully
C:\Users\Kc\AppData\LocalLow\Company => moved successfully
C:\Program Files\GarxhokoeUn => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
"C:\Users\Kc\AppData\Local\?o??? ? ???e????" => not found.
C:\Users\Kc\AppData\Local\svshost => moved successfully
"C:\Users\Kc\AppData\Local\???c? ? ???e?????" => not found.
C:\Users\Kc\Downloads\Unconfirmed 898745.crdownload => moved successfully
C:\Users\Kc\AppData\Local\Vebanaul => moved successfully
C:\Users\Kc\Downloads\gamenet.exe => moved successfully
C:\Users\Kc\Downloads\PlayBlackDesert.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\0S1T7XGKOR.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\5wjPlbhU5Fqy.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\Gw2.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\HYsjHKoEwS3r.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Kc\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Kc\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\NVz32kvKd2Wy.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\NWN3PisDOAyo.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\S0TKKS3YEI.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\setup25024.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\sonarinst.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\VirusRemover.exe => moved successfully
C:\Users\Kc\AppData\Local\Temp\X9Z1V5E6TO.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{827BFA4B-6205-4FE4-A1E7-88FA5AD08242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{827BFA4B-6205-4FE4-A1E7-88FA5AD08242}" => key removed successfully
C:\WINDOWS\System32\Tasks\VirusRemover => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VirusRemover" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE74BE20-0F3A-4DF5-A891-8D06E00206FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE74BE20-0F3A-4DF5-A891-8D06E00206FB}" => key removed successfully
C:\WINDOWS\System32\Tasks\AdBlock => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdBlock" => key removed successfully
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:54:33 ====

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 12 June 2016 - 08:17 PM

Greetings Kc,

Thanks for letting me know of your availability.

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 12 June 2016 - 08:56 PM

so far i haven't noticed it at all thanks for your help Mr. gary



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 12 June 2016 - 09:04 PM

Thank you, please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security Check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 12 June 2016 - 10:31 PM

Emsisoft Emergency Kit - Version 11.0
Last update: 6/12/2016 11:18:54 PM
User account: BIGBOOTYRUBY_I\Kc
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 6/12/2016 11:19:16 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SVSHOST detected: Trojan.Win32.Injector (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} detected: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} detected: Application.AdInstall (A)
C:\Users\Kc\AppData\Local\Temp\nslEF71.tmp detected: Gen:Variant.Adware.ConvertAd.74 (B)
C:\WINDOWS\system32\bitst.exe detected: Gen:Variant.Razy.63156 (B)
 
Scanned 94609
Found 7
 
Scan end: 6/12/2016 11:21:47 PM
Scan time: 0:02:31
 
C:\WINDOWS\system32\bitst.exe Gen:Variant.Razy.63156 (B)
C:\Users\Kc\AppData\Local\Temp\nslEF71.tmp Gen:Variant.Adware.ConvertAd.74 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SVSHOST Trojan.Win32.Injector (A)
 
Quarantined 6
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security    
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 73  
 Java version 32-bit out of Date! 
 Google Chrome (51.0.2704.79) 
 Google Chrome (51.0.2704.84) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Windows Defender MpCmdRun.exe   
 Windows Defender msascui.exe   
 Kaspersky Lab Kaspersky Security Scan kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 13 June 2016 - 08:46 AM

That looks good. Do you have any other concerns before I post some closing information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 13 June 2016 - 01:40 PM

other then the original problem everything seems to work fine now Thanks Gary



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 13 June 2016 - 02:00 PM

Which original problem are you referring to? The download of the virus?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 13 June 2016 - 07:47 PM

the program that opened and closes and i guess that to



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 13 June 2016 - 08:05 PM

Thanks Kc, we are not done yet.

I can't really read any of the information on the screen shot you provided. What does it say on the very top line to the left of the X? I am trying to get some identifying information about what is popping up.

Please do this.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Copy and paste the following into the main white box

startupall;
process;
autoruns;
installedprogs;;

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report

Edited by Oh My!, 13 June 2016 - 08:13 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Isszr

Isszr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 13 June 2016 - 09:57 PM

ill give you the logs tomorrow because i have to goto bed now


Edited by Isszr, 13 June 2016 - 10:12 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 13 June 2016 - 10:21 PM

:thumbsup2:

Sometimes the program takes awhile to launch.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 PM

Posted 15 June 2016 - 01:54 PM

Greetings,

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users