Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Virus took over computer. Seems to be gone.


  • This topic is locked This topic is locked
16 replies to this topic

#1 Judoyo13

Judoyo13

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 11:35 AM

Three nights ago, I was infected by a very malicious group of viruses, malware, adware, and ransomware. I made a misclick on a deceiving download and allowed the virus access to make changes to my computer. I spent about seven hours battling this virus. It locked me out of my proxy settings on all accounts. I changed assorted registry files as per instruction by many websites and nothing changed. I realize now that it may not have been wise to do that without specific instruction.  No proxy settings could be changed and thus i could not access the internet. It also disabled all of my antivirus software and downloaded quite an assortment of adware and deep rooted several viruses into my computer. Eventually I was able to reactivate windows defender and I installed malwarebytes from a flash drive after numerous times of being blocked from the installation process by this group of viruses. Windows defender came up with about 30 assorted files, some just PUP's, some serious malware, trojans, and hijack files. The malwarebytes came up with 650 assorted files, and right as the quarantined items were about to be deleted, I was forced out of my computer and was restarted. When I logged back in some sort of ransomware type window blocked me from even entering my desktop. No combination of assorted window closers, including task manager would work. Eventually after spamming several keys, I was able to get past it and went back into windows where I was able to continue my process of deleted malware files manually and with my 2 antivirus softwares. Eventually the viruses logged me out yet again and when I went back in through safe modes I was still locked out until I did it with networking, and I magically got past the ransomware. At that point I had memorized the specific file name. It was a "windows file" and was also called "clear lock". It took a bit of work to fully delete those files. It transferred over to other files and copied itself, but in the end, that ransomware was removed. After that was removed, I took my time and meticulously found a lot of the adware programs and deleted them and did several more scans amongst windows defender and malwarebytes. After this I was able to get my regular internet access back but still couldn't access some antivirus websites,  and the proxy settings were still all greyed out and inaccessible, so I knew it wasn't completely taken care of, but the majority of the problem was removed. After this I did some research into rootkits and how the virus can attach itself in deep files, so I ran malwarebytes rootkit antivirus several times, found about 15-25 of them I believe, including hijack files, and promptly deleted them. After the latest one, and several other antivirus scans that come up with 0 infected files, I found out that I could access my proxy settings were accessible again. I then ran one more malwarebytes scan, and found a couple of PUP  amonetize files in my driver files, so I still have concern that something still lingers in the depths of my computer. Now the most recent scan I did with defender, malwarebytes antivirus, and malwarebytes anti-rootkit, not a single file was discovered. Based off of this information, I would appreciate having some input and advise and instruction on what to do from here. My MSI GE62 is very new. I have little to no important files or progress saved in its files, but also have a couple programs that came with the computer that I may not be able to get back after a hard reset. I am running windows 10 and have office 365, so I am worried that may be un-recoverable. I am leaving for my engineering university in 1 day, where my computer's files are extremely important to me, and if this possible lingering infection somehow sprouted up in the severity that it did the first time, I am afraid I could lose precious work. Is there any way for me to know if all the virus is gone, or at least gone enough to the point where it may not be a huge enough issue to warrant a factory restore/reset? 

 

Used the following steps/software

1) Windows defender

2) Malwarebytes antivirus

3) Malwarebytes anti-rootkit beta

4) changed some registry keys for assorted proxy setting isues

5) deleted and uninstalled a majority of the obvious adware

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by User (administrator) on DESKTOP-RKHS4D4 (16-08-2016 12:23:26)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
() C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.2.10.0_x64__mkdtfchztkfbm\opener-rar.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301056 2015-09-11] (MSI)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-04] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4569840 2015-12-02] (Portrait Displays, Inc.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [695480 2016-05-10] ()
HKLM\...\Run: [cutoauto] => "C:\Program Files (x86)\finance\cuppa.exe"
HKLM-x32\...\Run: [cutoauto] => "C:\Program Files (x86)\finance\cuppa.exe"
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Run: [L] => C:\Program Files (x86)\Power Update\fatalerror.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-08-13]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogled.lnk [2016-08-13]
ShortcutTarget: ogled.lnk -> C:\Program Files (x86)\finance\alabama.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok15647409ogled.lnk [2016-08-13]
ShortcutTarget: ok15647409ogled.lnk -> C:\Program Files (x86)\wallflowers\daydreamer.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}: [DhcpNameServer] 192.168.0.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001 -> hxxp://google.com/
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-11]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-15]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-14] ()
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [613352 2016-03-29] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [240416 2016-06-13] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365032 2016-03-29] (Intel Corporation)
R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-09-11] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [175344 2015-12-02] (Portrait Displays, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247992 2015-09-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 Rainiq; "C:\Users\User\AppData\Roaming\TurqAvofli\Giaenx.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-01] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194624 2016-02-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [412928 2015-11-12] (Realsil Semiconductor Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-08] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [32848 2016-02-02] (SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 12:23 - 2016-08-16 12:23 - 00016295 _____ C:\Users\User\Downloads\FRST.txt
2016-08-16 12:22 - 2016-08-16 12:23 - 00000000 ____D C:\FRST
2016-08-16 12:22 - 2016-08-16 12:22 - 01744896 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-08-16 12:20 - 2016-08-16 12:22 - 02394624 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-08-13 19:03 - 2016-08-13 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-13 19:02 - 2016-08-13 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-13 19:02 - 2016-08-13 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-13 18:56 - 2016-08-13 18:56 - 00003266 _____ C:\Windows\System32\Tasks\{3E3BE351-49D7-4AA6-83CE-DF8A5BCDD4BE}
2016-08-13 00:50 - 2016-08-13 00:50 - 00000000 ____D C:\Malwarebytes Anti-Malware
2016-08-13 00:48 - 2016-08-13 00:48 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-13 00:29 - 2016-08-16 12:18 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-08-13 00:29 - 2016-08-16 12:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-13 00:28 - 2016-08-13 00:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.3.1001.exe
2016-08-12 00:51 - 2016-08-16 08:33 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D6471C6-00E7-42C8-AC00-A54A07BFE321}
2016-08-12 00:36 - 2016-08-16 12:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-12 00:36 - 2016-08-16 08:30 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-12 00:36 - 2016-08-13 01:17 - 00000732 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-12 00:36 - 2016-08-13 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-12 00:36 - 2016-08-13 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-12 00:36 - 2016-08-12 02:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-12 00:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-12 00:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-11 23:59 - 2016-08-12 02:20 - 00000000 ____D C:\Program Files (x86)\Power Update
2016-08-11 21:57 - 2016-08-11 21:57 - 00000000 ____D C:\Users\User\AppData\LocalLow01221658
2016-08-11 21:34 - 2016-08-11 21:34 - 00000000 _____ C:\Users\User\AppData\Local\{58B7168A-27F9-4554-AE9D-B66870FDD7E9}
2016-08-11 21:26 - 2016-08-12 02:36 - 02773246 _____ C:\Windows\ntbtlog.txt
2016-08-11 21:26 - 2016-08-12 02:28 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-11 21:25 - 2016-08-11 21:25 - 00000000 ____D C:\Windows\system32\moct
2016-08-11 21:12 - 2016-08-12 00:20 - 00000000 ____D C:\Users\User\AppData\Local\node-webkit
2016-08-11 21:10 - 2016-08-13 00:44 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-08-11 21:08 - 2016-08-13 01:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Jesla
2016-08-11 21:08 - 2016-08-13 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se
2016-08-11 21:08 - 2016-08-12 00:43 - 00000000 ____D C:\Users\User\AppData\LocalLow\Company
2016-08-11 21:08 - 2016-08-11 21:12 - 00000000 ____D C:\Users\User\AppData\Local\app
2016-08-11 21:08 - 2016-08-11 21:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2016-08-11 21:08 - 2016-08-11 21:08 - 00000000 ____D C:\uninst
2016-08-11 21:07 - 2016-08-13 01:06 - 00000000 ____D C:\Users\User\AppData\Roaming\gplyra
2016-08-11 21:07 - 2016-08-13 00:53 - 00000000 ____D C:\Program Files (x86)\mpck
2016-08-11 21:07 - 2016-08-11 21:17 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2016-08-11 21:07 - 2016-08-11 21:07 - 00004024 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2016-08-11 21:07 - 2016-08-11 21:07 - 00003696 _____ C:\Windows\System32\Tasks\YTDownloader
2016-08-11 21:07 - 2016-08-11 21:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2016-08-11 21:06 - 2016-08-13 00:51 - 00000000 ____D C:\Users\User\AppData\Roaming\QuickCleaner
2016-08-11 21:06 - 2016-08-11 21:09 - 00000000 ____D C:\Program Files (x86)\ShopperPro3
2016-08-11 21:06 - 2016-08-11 21:06 - 00187904 _____ C:\Windows\rsrcs.dll
2016-08-11 21:06 - 2016-08-11 21:06 - 00000000 ____D C:\Users\User\AppData\Local\A
2016-08-11 21:05 - 2016-08-11 21:05 - 00000001 _____ C:\Users\User\AppData\Local\setupsuccessful.txt
2016-08-11 21:05 - 2016-08-11 21:04 - 00001188 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-11 21:04 - 2016-08-13 01:06 - 00000000 ____D C:\Program Files\Caster
2016-08-11 21:04 - 2016-08-13 01:06 - 00000000 ____D C:\Program Files (x86)\pho
2016-08-11 21:04 - 2016-08-13 01:06 - 00000000 ____D C:\Program Files (x86)\judgements
2016-08-11 21:04 - 2016-08-13 01:01 - 00000000 ____D C:\Program Files\COMODO
2016-08-11 21:04 - 2016-08-13 00:55 - 00000000 ____D C:\Program Files (x86)\finance
2016-08-11 21:04 - 2016-08-13 00:53 - 00000000 ____D C:\Program Files (x86)\host
2016-08-11 21:04 - 2016-08-13 00:53 - 00000000 ____D C:\Program Files (x86)\DPower
2016-08-11 21:04 - 2016-08-12 00:43 - 00000000 ____D C:\Program Files (x86)\wallflowers
2016-08-11 21:04 - 2016-08-12 00:01 - 00003888 _____ C:\Windows\System32\Tasks\a51365895136589
2016-08-11 21:04 - 2016-08-12 00:01 - 00003740 _____ C:\Windows\System32\Tasks\dD51365895136589
2016-08-11 21:04 - 2016-08-11 21:09 - 00000000 ____D C:\Program Files (x86)\PC Speed Up
2016-08-11 21:04 - 2016-08-11 21:05 - 00000000 ____D C:\a
2016-08-11 21:04 - 2016-08-11 21:05 - 00000000 _____ C:\Users\User\AppData\Local\stxtname.txt
2016-08-11 21:04 - 2016-08-11 21:04 - 00138240 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-08-11 21:04 - 2016-08-11 21:04 - 00001056 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-08-11 21:04 - 2016-08-11 21:04 - 00000055 _____ C:\Windows\key.ini
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\ProgramData\COMODO
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\MyInternet
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\immodesty
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 _____ C:\Users\User\AppData\Local\run.txt
2016-08-11 20:37 - 2016-08-11 20:39 - 00001249 _____ C:\Users\User\Desktop\desmume.ini
2016-08-11 20:36 - 2016-08-11 20:36 - 00000621 _____ C:\Users\User\Downloads\DeSmuMe WIFI Firmware Replacement.rar
2016-08-11 19:43 - 2016-08-11 19:44 - 00000000 ____D C:\Users\User\Desktop\DESUME 1
2016-08-11 19:36 - 2016-08-11 19:39 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-08-11 19:36 - 2016-08-11 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-08-11 19:35 - 2016-08-11 19:36 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\User\Downloads\WinPcap_4_1_3.exe
2016-08-11 19:33 - 2016-08-11 19:33 - 00000621 _____ C:\Users\User\Desktop\DeSmuMe WIFI Firmware Replacement.rar
2016-08-11 19:32 - 2016-08-11 19:32 - 03156929 _____ C:\Users\User\Desktop\DeSmuMe v.0.9.7 x64 WIFI Capable WinPcap v.4.1.2.rar
2016-08-11 09:43 - 2016-08-11 09:44 - 00513168 _____ C:\Users\User\Downloads\examTicket.pdf
2016-08-10 12:27 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-10 12:27 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-10 12:27 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-10 12:27 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 12:27 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-10 12:27 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 12:27 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-10 12:27 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 12:27 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-10 12:27 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 12:27 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-10 12:27 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-10 12:27 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 12:27 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 12:27 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-10 12:27 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 12:27 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 12:27 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 12:27 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-10 12:27 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-10 12:27 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-10 12:27 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-10 12:27 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-10 12:27 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-10 12:27 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2016-08-10 12:27 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-08-10 12:27 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-10 12:27 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-10 12:27 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2016-08-10 12:27 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-08-10 12:27 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-10 12:27 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 12:27 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-10 12:27 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-10 12:27 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-08-10 12:27 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 12:27 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 12:27 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 12:27 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 12:27 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-10 12:27 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-10 12:27 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-10 12:27 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 12:27 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 12:27 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 12:27 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-08-10 12:27 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-08-10 12:27 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-10 12:27 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-10 12:27 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 12:27 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 12:27 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 12:27 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 12:27 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 12:27 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 12:27 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-10 12:27 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-10 12:27 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 12:27 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 12:27 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-08-10 12:27 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 12:27 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-10 12:27 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-08-10 12:27 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-08-10 12:27 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-08-10 12:27 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 12:27 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 12:27 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-08-10 12:27 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-08-10 12:27 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2016-08-10 12:27 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 12:27 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-08-10 12:27 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 12:27 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-10 12:27 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 12:27 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 12:27 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-08-10 12:27 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 12:27 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-08-10 12:26 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 12:26 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-10 12:26 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-10 12:26 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-10 12:26 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 12:26 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-10 12:26 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-10 12:26 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 12:26 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 12:26 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 12:26 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-10 12:26 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-10 12:26 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 12:26 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 12:26 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 12:26 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 12:26 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-10 12:26 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 12:26 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-10 12:26 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 12:26 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 12:26 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 12:26 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 12:26 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 12:26 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 12:26 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 12:26 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-08-10 12:26 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 12:26 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 12:26 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 12:26 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 12:26 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 12:26 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 12:26 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 12:26 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-09 09:51 - 2016-08-09 09:51 - 00142497 _____ C:\Windows\6e6737e3245a5320317b6a29d0a01e2c.exe
2016-08-05 15:09 - 2016-08-05 15:11 - 00191687 _____ C:\Users\User\Downloads\ModLoader.zip
2016-08-05 14:53 - 2016-08-05 14:53 - 03289729 _____ C:\Users\User\Downloads\forge-1.7.10-10.13.3.1403-1.7.10-installer.jar
2016-08-05 12:39 - 2016-08-05 12:51 - 110780348 _____ C:\Users\User\Desktop\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip
2016-08-05 12:35 - 2016-08-07 23:38 - 00000000 ____D C:\Users\User\Downloads\desmume-0.9.7-win64-1092
2016-08-05 12:22 - 2016-08-05 12:22 - 01419179 _____ C:\Users\User\Downloads\desmume-0.9.7-win64-1092.zip
2016-08-05 09:42 - 2016-08-05 09:42 - 00006380 _____ C:\Users\User\Downloads\Gammabright v3.3 [MC 1.7.10].litemod
2016-08-04 20:42 - 2016-08-04 20:46 - 00000000 ____D C:\Users\User\AppData\Roaming\.technic
2016-08-04 20:42 - 2016-08-04 20:43 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (4).exe
2016-08-04 20:42 - 2016-08-04 20:42 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (3).exe
2016-08-04 20:35 - 2016-08-04 20:35 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\AppData\LocalLow\Sun
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\AppData\Local\YSearchUtil
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Oracle
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-04 20:34 - 2016-08-04 20:34 - 00739904 _____ (Oracle Corporation) C:\Users\User\Downloads\JavaSetup8u101.exe
2016-08-04 20:33 - 2016-08-04 20:45 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (1).exe
2016-08-04 20:33 - 2016-08-04 20:34 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (2).exe
2016-08-04 20:32 - 2016-08-04 20:33 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher.exe
2016-07-24 10:34 - 2016-08-11 23:47 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 12:20 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-08-16 08:40 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 08:40 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-08-16 08:39 - 2016-06-09 22:21 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 12:07 - 2016-06-09 22:21 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 12:07 - 2016-06-03 17:08 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-15 12:07 - 2016-06-03 17:08 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-08-13 19:29 - 2016-06-03 19:01 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-13 19:24 - 2016-06-03 18:57 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-13 19:24 - 2015-10-30 05:13 - 00000000 ____D C:\Windows\ServiceProfiles
2016-08-13 19:22 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-13 01:17 - 2016-07-04 23:31 - 00000675 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-08-13 01:17 - 2016-07-04 23:31 - 00000625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-08-13 01:17 - 2016-06-21 11:57 - 00001851 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-13 01:17 - 2016-06-21 11:57 - 00001845 _____ C:\Users\User\Desktop\Spotify.lnk
2016-08-13 01:17 - 2016-06-18 15:00 - 00000857 _____ C:\Users\Public\Desktop\A3Launcher.lnk
2016-08-13 01:17 - 2016-06-09 22:21 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-13 01:17 - 2016-06-09 18:11 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-08-13 01:17 - 2016-06-03 18:59 - 00002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-13 01:17 - 2016-06-03 17:04 - 00001898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM.lnk
2016-08-12 09:25 - 2016-06-09 22:29 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2016-08-11 23:59 - 2016-06-09 22:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-11 23:25 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-08-11 21:56 - 2016-06-03 17:10 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-08-11 21:56 - 2016-06-03 17:10 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-08-11 21:33 - 2016-06-09 17:10 - 00000000 ____D C:\Users\User\AppData\Local\MicrosoftEdge
2016-08-11 21:12 - 2016-06-09 20:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-11 20:50 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-08-11 19:43 - 2016-06-03 18:57 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-08-11 09:35 - 2016-06-03 18:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 01:48 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 01:48 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-11 01:48 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-10 12:32 - 2016-06-03 17:13 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 12:32 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-10 12:32 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 12:30 - 2016-06-03 17:13 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-04 19:32 - 2016-06-09 22:28 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-08-03 00:11 - 2016-06-17 00:30 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2016-08-02 11:13 - 2016-06-09 18:15 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2016-08-02 11:12 - 2016-06-09 18:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2016-07-27 15:25 - 2016-06-03 17:16 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-24 10:35 - 2016-06-15 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-24 10:35 - 2016-06-15 18:03 - 00000000 ____D C:\Users\User\AppData\Local\Discord
2016-07-24 09:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-07-22 13:42 - 2016-06-09 19:48 - 00000000 ____D C:\Users\User\AppData\Roaming\steelseries-engine-3-client
2016-07-22 11:32 - 2016-07-04 23:31 - 00000002 _____ C:\END
2016-07-22 09:52 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-22 09:51 - 2016-06-09 17:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-22 09:49 - 2016-06-17 00:30 - 00000000 ____D C:\Users\User\Documents\Arma 3
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\PrintDialog
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\oobe
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\Provisioning
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
 
==================== Files in the root of some directories =======
 
2016-08-11 21:04 - 2016-08-11 21:04 - 0001056 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-08-11 21:04 - 2016-08-11 21:04 - 0138240 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-08-11 21:04 - 2016-08-11 21:04 - 0000000 _____ () C:\Users\User\AppData\Local\run.txt
2016-08-11 21:05 - 2016-08-11 21:05 - 0000001 _____ () C:\Users\User\AppData\Local\setupsuccessful.txt
2016-08-11 21:04 - 2016-08-11 21:05 - 0000000 _____ () C:\Users\User\AppData\Local\stxtname.txt
2016-08-11 21:34 - 2016-08-11 21:34 - 0000000 _____ () C:\Users\User\AppData\Local\{58B7168A-27F9-4554-AE9D-B66870FDD7E9}
2016-06-03 17:12 - 2016-06-03 17:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\User\installshield_scm.reg
C:\Users\User\scm.reg
 
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\1654.tmp.exe
C:\Users\User\AppData\Local\Temp\418C.tmp.exe
C:\Users\User\AppData\Local\Temp\7C6E.tmp.exe
C:\Users\User\AppData\Local\Temp\7PPY9OJXY1.exe
C:\Users\User\AppData\Local\Temp\990ZUQBEWV.exe
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\KUIU.EXE
C:\Users\User\AppData\Local\Temp\sbW93VShof.exe
C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\User\AppData\Local\Temp\utils.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-10 12:29
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by User (16-08-2016 12:23:51)
Running from C:\Users\User\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-03 22:57:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3297142376-3490586903-1741990427-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3297142376-3490586903-1741990427-503 - Limited - Disabled)
Guest (S-1-5-21-3297142376-3490586903-1741990427-501 - Limited - Disabled)
User (S-1-5-21-3297142376-3490586903-1741990427-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A3Launcher version 0.1.3.0 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.3.0 - Maca134)
ApoDispatchConfigurator (Version: 2.2.701 - Nahimic) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
AudioLaunchpadConfigurator (Version: 2.2.701 - Nahimic) Hidden
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CheckDevicesConfigurator (Version: 2.2.701 - Nahimic) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
host version 1.1 (HKLM-x32\...\host_is1) (Version: 1.1 - Wizzlabs) <==== ATTENTION
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4416 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LauncherSetup (Version: 2.2.701 - Nahimic) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft RS Import (HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Microsoft RS Import) (Version: 2.4.36.6 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.0.786 - Portrait Displays, Inc.)
Nahimic 2 (HKLM-x32\...\{cd1a71dd-899d-4d40-82bc-0b7ec1a4c72f}) (Version: 2.2.7 - Nahimic)
Nahimic2UISetup (Version: 2.2.701 - Nahimic) Hidden
NahimicSettingsConfigurator (Version: 2.2.701 - Nahimic) Hidden
NVIDIA Graphics Driver 359.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.40 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
ProductDaemonSetup (Version: 2.2.701 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SCM (HKLM\...\{64218232-E7E7-4A82-A822-26925AED1CC8}) (Version: 13.015.09115 - Application)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.2.701 - Nahimic) Hidden
Spotify (HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.22.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
UIInstallUpgrade (Version: 2.2.701 - Nahimic) Hidden
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Utatity (HKLM-x32\...\{0EB1EFFC-E623-4F0E-87A7-EBA41BB4F77A}) (Version: 1.0.0.0 - " ") <==== ATTENTION
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06E1761C-3352-4B94-AF3A-E0818DB7A4E2} - System32\Tasks\a51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {098E42F3-37D5-43D8-A830-AF83186224A6} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-10-22] (YTDownloader) <==== ATTENTION
Task: {0A1B3ED1-56CF-4DC8-BE79-DD812D856600} - System32\Tasks\{3E3BE351-49D7-4AA6-83CE-DF8A5BCDD4BE} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {2047DDD6-6F71-4F7F-93B4-31EF7C1AAD2E} - \{0A7F7947-0A0F-7D09-7911-79790D0A117A} -> No File <==== ATTENTION
Task: {22B552F0-CE1A-47A4-A1A3-1215BC8A86EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2566CD33-0E7E-44C8-B6C5-345D920F72F2} - \Nahimic2Svc32Run -> No File <==== ATTENTION
Task: {29B688E3-F901-4E2C-9BD7-E1105D8EA7BD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {2D2A7731-81B0-449E-841F-EF1B3B2E8A79} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {5B3C06A6-9381-4F66-A485-D38817206809} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-10-22] (Goobzo) <==== ATTENTION
Task: {5C43C966-0424-4805-836B-C2D18B8CA61C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6283F552-B212-4D38-9D78-D64FCA2784CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {6C81171E-D38A-4FA3-9AF1-8FCFBB53058C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {81ADA459-79C7-4186-9404-17B8D3502C8F} - \Nahimic2Svc64Run -> No File <==== ATTENTION
Task: {81C73ED2-59C8-43E6-8EB8-B8753D73BCFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {86F8175D-3ECF-4E2D-B1CD-2BC4145C071E} - \{088B6EE9-E44E-4B6B-8918-72F1071BCDA6} -> No File <==== ATTENTION
Task: {9B8EA8E1-B84D-4352-AFE1-B9551850E304} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {A212C068-8727-4C45-B6F7-B7094F4E7999} - \Nahimic2UILauncherRun -> No File <==== ATTENTION
Task: {A8D17326-E2A9-42D2-814B-73EAF2650D74} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {ACCBCA57-1FD5-49FD-8A49-A468A9C937DA} - System32\Tasks\dD51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {BE0BEBD8-B5DA-4CD1-9F77-7614054914E5} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe <==== ATTENTION
Task: {C2AD76A6-513C-4243-B165-31F1E5696A25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-22] (Microsoft Corporation)
Task: {D328CD04-12FF-4874-BA37-F8714BCCE84E} - \{0F534F07-E897-4CD7-BF05-CB45B22BB635} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-22 05:57 - 2015-10-22 05:57 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2016-04-22 02:07 - 2016-04-22 02:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 02:07 - 2016-04-22 02:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-09 17:30 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-14 20:18 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-05-10 16:01 - 2016-05-10 16:01 - 00215736 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-05-10 16:01 - 2016-05-10 16:01 - 00288952 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-07-14 20:18 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-03 17:20 - 2016-06-03 17:20 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-09 17:33 - 2016-07-03 10:14 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-29 00:48 - 2016-03-29 00:48 - 00394216 _____ () C:\Windows\system32\igfxTray.exe
2016-06-03 17:10 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-14 20:19 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-14 20:18 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-14 20:18 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-14 20:18 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-14 20:18 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-03 17:12 - 2016-02-01 14:55 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-10 15:58 - 2016-05-10 15:58 - 00695480 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-05-10 15:58 - 2016-05-10 15:58 - 01962496 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-05-10 16:01 - 2016-05-10 16:01 - 00500224 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-06-04 04:35 - 2016-06-04 04:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-11 19:43 - 2016-08-11 19:43 - 00015872 _____ () C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.2.10.0_x64__mkdtfchztkfbm\opener-rar.exe
2016-08-11 19:43 - 2016-08-11 19:43 - 06495232 _____ () C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.2.10.0_x64__mkdtfchztkfbm\opener-rar.dll
2016-08-16 08:38 - 2016-08-16 08:38 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 08:38 - 2016-08-16 08:38 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 04:37 - 2016-06-04 04:37 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-06-04 04:31 - 2016-06-04 04:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-08 17:41 - 2016-08-02 19:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 17:41 - 2016-08-02 19:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-08 17:41 - 2016-08-02 19:04 - 31541952 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-06-09 17:33 - 2016-07-03 09:42 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-05-10 15:57 - 2016-05-10 15:57 - 00184504 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-05-10 15:55 - 2016-05-10 15:55 - 00256696 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-06-04 04:35 - 2016-06-04 04:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-04 04:35 - 2016-06-04 04:36 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2016-08-15 10:53 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\StartupApproved\Run: => "Lync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DEF7FBFA-18A7-4822-A726-3EDFF81573F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FB2C3838-4C55-4D34-928B-38599B0B3A9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8371181F-2E01-4AB6-A508-A62E83F731E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{76DF0FFB-D274-4B60-8B8A-D90DB9FCC29D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A85BD1CA-C349-4996-9236-B252B5E16F5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED7535CA-238A-4039-9D59-C6A97DC4FFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0243C8EE-25C0-457E-90E4-F54DFD60F9EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7796A819-27D3-4294-8ED6-80A0AD6A2284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2330A42-3F18-4701-9FCF-516CE0BB463F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC80028E-423C-4A46-BC1A-3E804978708C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8F03904C-E841-46C3-B0F6-A4FE3CEB7C73}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{947170AD-FAE4-4648-8A77-DB04BBC644EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B886D6C-B35D-41CE-98C0-680CB8B443AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C7F9D83-649C-4BD9-ABDD-63B211E268E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A9205E2B-AC4E-4E0D-B262-4F8DB37EE1CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E61CD9E0-85EC-47E8-8850-0377AC8A01F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35ED1B09-105E-4859-A2B1-BD55015291E7}] => (Allow) E:\Apps Edrive\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{085169EA-81FC-482C-BE13-4CC7FB00B579}] => (Allow) E:\Apps Edrive\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{387E2156-1E0D-4E8F-87BC-ABC6048FD98C}] => (Allow) E:\Apps Edrive\steamapps\common\Rust\Rust.exe
FirewallRules: [{BF2B66C1-91BF-4434-904A-747A84D33FD6}] => (Allow) E:\Apps Edrive\steamapps\common\Rust\Rust.exe
FirewallRules: [{A3B9BFD9-B102-4C85-8DA3-6551AA9F7F3E}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{259A064F-CED5-45D6-BB42-1E0107B57BEF}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{9DFCFD11-D080-4B7D-800B-B9F19B284AA5}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{6BE18AF3-FC22-433F-97E9-4405B7B42970}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{68C7F05B-7648-49F6-9F79-079D931C0A76}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{A6BC5E15-DD09-4E3A-BC2F-70B6C4EF79D2}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{9E76CCF5-13D3-42F7-A9F1-CE2D6C0B4300}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B2A601AD-45A8-4F86-8205-61806590440C}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{8E79FE96-4A09-4407-BA82-C6B69B990118}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Allow) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{99640C15-0E6B-4E76-BED0-A2D4DFEB0916}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Allow) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{5D6BADA9-4C46-4BBD-BE78-8D70825198BE}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{69F2C58A-7AF1-4B76-959B-6378A8C856D6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B2EECDD4-3835-4458-A0EC-787B6DC0BAC7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8289E64D-55E3-4C63-9A28-0C312F0D3AD1}] => (Allow) E:\Apps Edrive\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{182A6DF3-426E-4E6B-81B2-8B230E21D726}] => (Allow) E:\Apps Edrive\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{3633480A-5120-4751-93C6-240044D2348B}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Block) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{28A87F0C-B1F4-4007-875A-55FB3C2C6A44}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Block) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [{D1EF7202-5847-4039-A075-82139942FCF8}] => (Allow) E:\Apps Edrive\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{26572B2A-B5FE-4DA6-AF4B-24E52693C9E3}] => (Allow) E:\Apps Edrive\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{76CDEC8D-9BB5-44B2-939B-50A55C249FF5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{335FA467-EB6F-48FC-BE1F-89302D0B8EF4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{815A0CDE-3046-4C35-B871-B7A6F0426B06}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{98B949D8-7ADC-4FB9-B5B0-19807F3C54CE}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{F9988176-67F0-4797-8770-AD97AC740DC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9820A5A3-1CDE-4073-8659-FD00CB06C8E5}C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [UDP Query User{BE3F583B-B53E-40BD-92F3-9C8EF1CB52FA}C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [TCP Query User{EC205995-09E5-4E22-AF86-3461F7AA79AE}C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [UDP Query User{3EEA8233-541A-45DD-9DFE-8480F8D09776}C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [{9A430429-38B8-4589-A417-62F84CD3ABD3}] => (Allow) C:\Users\User\AppData\Local\ddnowyes.exe
FirewallRules: [{A33E06A0-E82D-4346-8B88-140DC20FD2E0}] => (Allow) C:\Users\User\AppData\Local\Temp\nsvE7B.tmp\oksoft12.exe
FirewallRules: [{1D0F6AAF-626A-48C5-9021-E5BAC834AF61}] => (Allow) C:\Users\User\AppData\Local\41404271.exe
FirewallRules: [{12988423-A5D5-4514-BA1C-FE0FBF700AE1}] => (Allow) C:\Users\User\AppData\Local\tinstall.exe
FirewallRules: [{315BCEF0-95D2-4871-A114-1F7273723A93}] => (Allow) C:\Users\User\AppData\Local\cap.exe
FirewallRules: [{5AA59EC2-5DC1-4401-BDAC-563EC542D92B}] => (Allow) C:\Users\User\AppData\Local\ddnow.exe
FirewallRules: [{28B59607-C9B6-432F-B80A-205A901B4104}] => (Allow) C:\Program Files (x86)\finance\alabama.exe
FirewallRules: [{A0531FD3-45B9-465B-B971-16836DF86782}] => (Allow) C:\Program Files (x86)\finance\cuppa.exe
FirewallRules: [{03FE4DA1-F625-47FF-BC00-F96C7778C922}] => (Allow) C:\Program Files (x86)\judgements\faerie.exe
FirewallRules: [{4CDEAC41-1467-4797-B99C-A2858E2841F7}] => (Allow) C:\Program Files (x86)\wallflowers\daydreamer.exe
FirewallRules: [{F3A8372C-C79E-44FD-9147-CDDB0FEA8C27}] => (Allow) C:\Windows\prefatory.exe
FirewallRules: [{7C03423B-4D06-4559-A728-88112781712A}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{18964D08-9004-48FB-8C47-DB74C179EB46}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{64499B0B-87B9-4B81-A5AC-55A1EAA0AAC4}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{D7B2BECF-3FE2-4593-BA9D-A881085B9380}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{E0E89662-D54B-4712-A458-5CD0CFE0854E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6FBBB340-3EBB-472F-B41D-A08EFEB33E83}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{98CA4C32-137C-41A2-8AC0-E883BC458085}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{65D38240-E2F7-417F-A10E-15D26AA4C6B2}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
 
==================== Restore Points =========================
 
15-08-2016 12:43:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10801657
 
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10801657
 
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2016 08:39:40 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (08/15/2016 05:18:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10800937
 
Error: (08/15/2016 05:18:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10800937
 
Error: (08/15/2016 05:18:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/15/2016 12:37:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/15/2016 11:30:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_77d973 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/13/2016 07:31:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_37e25 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/13/2016 07:24:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/13/2016 07:24:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rainiq service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/13/2016 07:22:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RKHS4D4)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/13/2016 07:22:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_bfaf22 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/13/2016 01:19:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_32112 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/13/2016 01:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rainiq service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/13/2016 01:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-16 12:23:40.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 12:23:40.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:15.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:12.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 08:53:12.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16288.32 MB
Available physical RAM: 12341.5 MB
Total Virtual: 33696.32 MB
Available Virtual: 29975.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.69 GB) (Free:84.62 GB) NTFS
Drive e: () (Fixed) (Total:953.74 GB) (Free:843.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 16 August 2016 - 01:32 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
It seems there is still some malware remaining on your machine. I want to run a couple of cleaners to clean up what they can first then we will use FRST to script the rest of it out.

1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • 2.
    ZN3USrZ.png Emsisoft Emergency Kit
    • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
    • Save EmsisoftEmergencyKit.exe to your Desktop.
    • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
      dQVDkTW.png
    • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
    • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
      yEgPemv.png
    • Choose Yes, then wait for EEK to finish updating.
    • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
    • Wait for the scan to finish.
      RUeRoi4.png
    • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
    • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
    • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
      P7FSALs.png
    • Please Copy and Paste the contents of the scan log in your next reply.
    3.
    After running the above tools please run FRST again and post the new FRST.txt log. Make sure the Addition.txt box is checked Before running FRST. Please post the new Addition.txt also.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 03:55 PM

# AdwCleaner v6.000 - Logfile created 16/08/2016 at 16:50:22
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-16.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : User - DESKTOP-RKHS4D4
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: BrsHelper
[-] Service deleted: sbmntr
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\User\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\User\AppData\Roaming\QuickCleaner
[-] Folder deleted: C:\Users\User\AppData\Roaming\gplyra
[-] Folder deleted: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder deleted: C:\Program Files\Caster
[-] Folder deleted: C:\Windows\SysNative\Tasks\TweakBit
[#] Folder deleted on reboot: C:\Windows\SysNative\Tasks\TweakBit
[-] Folder deleted: C:\ProgramData\TweakBit
[-] Folder deleted: C:\ProgramData\WindowsMsg
[#] Folder deleted on reboot: C:\ProgramData\Application Data\TweakBit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WindowsMsg
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Se
[-] Folder deleted: C:\Program Files (x86)\pc speed up
[-] Folder deleted: C:\Program Files (x86)\ShopperPro3
[-] Folder deleted: C:\Program Files (x86)\YTDownloader
[#] Folder deleted on reboot: C:\Program Files (x86)\PC Speed Up
[-] Folder deleted: C:\Program Files (x86)\mpck
[-] Folder deleted: C:\Program Files (x86)\DPower
[-] Folder deleted: C:\Users\User\AppData\Local\Temp\MPC
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\User\AppData\Local\app
[-] Folder deleted: C:\uninst
[-] Folder deleted: C:\Program Files (x86)\host
[#] Folder deleted on reboot: C:\Program Files (x86)\DPower
 
 
***** [ Files ] *****
 
[-] File deleted: C:\END
[-] File deleted: C:\Users\User\AppData\Local\Temp\Utils.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: YTDownloader
[-] Task deleted: YTDownloaderUpd
[-] Task deleted: TweakBit\Driver Updater\Start Driver Updater оn logon
 
 
***** [ Registry ] *****
 
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cutoauto]
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\csdimedia
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\YTDownloader
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\osTip
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\MICROSOFT\OTUT
[-] Key deleted: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\csdimedia
[#] Key deleted on reboot: HKCU\Software\YTDownloader
[#] Key deleted on reboot: HKCU\Software\osTip
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\OTUT
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\csdimedia
[-] Key deleted: HKLM\SOFTWARE\YTDownloader
[-] Key deleted: HKLM\SOFTWARE\WIN
[-] Key deleted: HKLM\SOFTWARE\TWEAKBIT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\host_is1
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\navsmart.info
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dayz.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\modloader-for-minecraft.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\skype-windows-10.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thesmartsearch.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.thesmartsearch.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dayz.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\modloader-for-minecraft.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\skype-windows-10.en.softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thesmartsearch.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.thesmartsearch.net
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [11420 Bytes] - [16/08/2016 16:50:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [11028 Bytes] - [16/08/2016 16:49:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11568 Bytes] ##########


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 16 August 2016 - 04:00 PM

Very nice it got alot of the malware. Now please run Esisoft and post that log along with a new FRST and Addition.txt logs after running Emsisoft.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 04:02 PM

Emsisoft Emergency Kit - Version 11.9
Scan log
 
Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
8/16/2016 4:59:28 PM Malware 79096 9 0:01:00 Manual scan DESKTOP-RKHS4D4


#6 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 04:04 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by User (administrator) on DESKTOP-RKHS4D4 (16-08-2016 17:03:23)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301056 2015-09-11] (MSI)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-04] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4569840 2015-12-02] (Portrait Displays, Inc.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [695480 2016-05-10] ()
HKLM-x32\...\Run: [cutoauto] => "C:\Program Files (x86)\finance\cuppa.exe"
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Run: [L] => C:\Program Files (x86)\Power Update\fatalerror.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-08-13]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogled.lnk [2016-08-13]
ShortcutTarget: ogled.lnk -> C:\Program Files (x86)\finance\alabama.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok15647409ogled.lnk [2016-08-13]
ShortcutTarget: ok15647409ogled.lnk -> C:\Program Files (x86)\wallflowers\daydreamer.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}: [DhcpNameServer] 192.168.0.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001 -> hxxp://google.com/
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-11]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-15]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [613352 2016-03-29] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [240416 2016-06-13] (EasyAntiCheat Ltd)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365032 2016-03-29] (Intel Corporation)
R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-09-11] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [175344 2015-12-02] (Portrait Displays, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247992 2015-09-08] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 Rainiq; "C:\Users\User\AppData\Roaming\TurqAvofli\Giaenx.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-01] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194624 2016-02-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [412928 2015-11-12] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-08] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [32848 2016-02-02] (SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 17:03 - 2016-08-16 17:03 - 00015429 _____ C:\Users\User\Downloads\FRST.txt
2016-08-16 17:01 - 2016-08-16 17:01 - 00000414 _____ C:\Users\User\Desktop\Scan #1 EEK.txt
2016-08-16 16:58 - 2016-08-16 16:58 - 00000672 _____ C:\Users\User\Desktop\EmsisoftEmergencyKit - Shortcut.lnk
2016-08-16 16:57 - 2016-08-16 17:01 - 00000000 ____D C:\EEK
2016-08-16 16:55 - 2016-08-16 16:56 - 248543208 _____ C:\Users\User\Desktop\EmsisoftEmergencyKit.exe
2016-08-16 16:48 - 2016-08-16 16:50 - 00000000 ____D C:\AdwCleaner
2016-08-16 16:48 - 2016-08-16 16:48 - 03784256 _____ C:\Users\User\Downloads\AdwCleaner.exe
2016-08-16 12:23 - 2016-08-16 12:24 - 00050995 _____ C:\Users\User\Desktop\FRST.txt
2016-08-16 12:23 - 2016-08-16 12:24 - 00038200 _____ C:\Users\User\Desktop\Addition.txt
2016-08-16 12:22 - 2016-08-16 17:03 - 00000000 ____D C:\FRST
2016-08-16 12:22 - 2016-08-16 12:22 - 01744896 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-08-16 12:20 - 2016-08-16 12:22 - 02394624 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-08-13 19:03 - 2016-08-13 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-13 19:02 - 2016-08-13 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-13 19:02 - 2016-08-13 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-13 18:56 - 2016-08-13 18:56 - 00003266 _____ C:\Windows\System32\Tasks\{3E3BE351-49D7-4AA6-83CE-DF8A5BCDD4BE}
2016-08-13 00:50 - 2016-08-13 00:50 - 00000000 ____D C:\Malwarebytes Anti-Malware
2016-08-13 00:48 - 2016-08-13 00:48 - 22851472 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-13 00:29 - 2016-08-16 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-13 00:29 - 2016-08-16 12:18 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-08-13 00:28 - 2016-08-13 00:28 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.3.1001.exe
2016-08-12 00:51 - 2016-08-16 08:33 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D6471C6-00E7-42C8-AC00-A54A07BFE321}
2016-08-12 00:36 - 2016-08-16 16:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-12 00:36 - 2016-08-16 08:30 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-12 00:36 - 2016-08-13 01:17 - 00000732 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-12 00:36 - 2016-08-13 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-12 00:36 - 2016-08-13 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-12 00:36 - 2016-08-12 02:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-12 00:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-12 00:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-11 23:59 - 2016-08-12 02:20 - 00000000 ____D C:\Program Files (x86)\Power Update
2016-08-11 21:57 - 2016-08-11 21:57 - 00000000 ____D C:\Users\User\AppData\LocalLow01221658
2016-08-11 21:34 - 2016-08-11 21:34 - 00000000 _____ C:\Users\User\AppData\Local\{58B7168A-27F9-4554-AE9D-B66870FDD7E9}
2016-08-11 21:26 - 2016-08-12 02:36 - 02773246 _____ C:\Windows\ntbtlog.txt
2016-08-11 21:26 - 2016-08-12 02:28 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-11 21:25 - 2016-08-11 21:25 - 00000000 ____D C:\Windows\system32\moct
2016-08-11 21:12 - 2016-08-12 00:20 - 00000000 ____D C:\Users\User\AppData\Local\node-webkit
2016-08-11 21:08 - 2016-08-13 01:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Jesla
2016-08-11 21:08 - 2016-08-12 00:43 - 00000000 ____D C:\Users\User\AppData\LocalLow\Company
2016-08-11 21:08 - 2016-08-11 21:08 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2016-08-11 21:06 - 2016-08-11 21:06 - 00187904 _____ C:\Windows\rsrcs.dll
2016-08-11 21:06 - 2016-08-11 21:06 - 00000000 ____D C:\Users\User\AppData\Local\A
2016-08-11 21:05 - 2016-08-11 21:05 - 00000001 _____ C:\Users\User\AppData\Local\setupsuccessful.txt
2016-08-11 21:05 - 2016-08-11 21:04 - 00001188 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-11 21:04 - 2016-08-13 01:06 - 00000000 ____D C:\Program Files (x86)\pho
2016-08-11 21:04 - 2016-08-13 01:06 - 00000000 ____D C:\Program Files (x86)\judgements
2016-08-11 21:04 - 2016-08-13 01:01 - 00000000 ____D C:\Program Files\COMODO
2016-08-11 21:04 - 2016-08-13 00:55 - 00000000 ____D C:\Program Files (x86)\finance
2016-08-11 21:04 - 2016-08-12 00:43 - 00000000 ____D C:\Program Files (x86)\wallflowers
2016-08-11 21:04 - 2016-08-12 00:01 - 00003888 _____ C:\Windows\System32\Tasks\a51365895136589
2016-08-11 21:04 - 2016-08-12 00:01 - 00003740 _____ C:\Windows\System32\Tasks\dD51365895136589
2016-08-11 21:04 - 2016-08-11 21:05 - 00000000 ____D C:\a
2016-08-11 21:04 - 2016-08-11 21:05 - 00000000 _____ C:\Users\User\AppData\Local\stxtname.txt
2016-08-11 21:04 - 2016-08-11 21:04 - 00138240 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-08-11 21:04 - 2016-08-11 21:04 - 00001056 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-08-11 21:04 - 2016-08-11 21:04 - 00000055 _____ C:\Windows\key.ini
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\ProgramData\COMODO
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\MyInternet
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\immodesty
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 _____ C:\Users\User\AppData\Local\run.txt
2016-08-11 20:37 - 2016-08-11 20:39 - 00001249 _____ C:\Users\User\Desktop\desmume.ini
2016-08-11 20:36 - 2016-08-11 20:36 - 00000621 _____ C:\Users\User\Downloads\DeSmuMe WIFI Firmware Replacement.rar
2016-08-11 19:43 - 2016-08-11 19:44 - 00000000 ____D C:\Users\User\Desktop\DESUME 1
2016-08-11 19:36 - 2016-08-11 19:39 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-08-11 19:36 - 2016-08-11 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-08-11 19:35 - 2016-08-11 19:36 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\User\Downloads\WinPcap_4_1_3.exe
2016-08-11 19:33 - 2016-08-11 19:33 - 00000621 _____ C:\Users\User\Desktop\DeSmuMe WIFI Firmware Replacement.rar
2016-08-11 19:32 - 2016-08-11 19:32 - 03156929 _____ C:\Users\User\Desktop\DeSmuMe v.0.9.7 x64 WIFI Capable WinPcap v.4.1.2.rar
2016-08-11 09:43 - 2016-08-11 09:44 - 00513168 _____ C:\Users\User\Downloads\examTicket.pdf
2016-08-10 12:27 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-10 12:27 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-10 12:27 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-10 12:27 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 12:27 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-10 12:27 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 12:27 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-10 12:27 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 12:27 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-10 12:27 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 12:27 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-10 12:27 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-10 12:27 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 12:27 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 12:27 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-10 12:27 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 12:27 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 12:27 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 12:27 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-10 12:27 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-10 12:27 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-10 12:27 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-10 12:27 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-10 12:27 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-10 12:27 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-10 12:27 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2016-08-10 12:27 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-08-10 12:27 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-10 12:27 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-10 12:27 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2016-08-10 12:27 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-08-10 12:27 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-10 12:27 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 12:27 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-10 12:27 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-10 12:27 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-08-10 12:27 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 12:27 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 12:27 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 12:27 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 12:27 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-10 12:27 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-10 12:27 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-10 12:27 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 12:27 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 12:27 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 12:27 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-08-10 12:27 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-08-10 12:27 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-10 12:27 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-10 12:27 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 12:27 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-10 12:27 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 12:27 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 12:27 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-10 12:27 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 12:27 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 12:27 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 12:27 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-10 12:27 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-10 12:27 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 12:27 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 12:27 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-08-10 12:27 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 12:27 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 12:27 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-10 12:27 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-08-10 12:27 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-08-10 12:27 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-08-10 12:27 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 12:27 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 12:27 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-08-10 12:27 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-08-10 12:27 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2016-08-10 12:27 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 12:27 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 12:27 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-08-10 12:27 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 12:27 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-10 12:27 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 12:27 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 12:27 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-08-10 12:27 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 12:27 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-08-10 12:27 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-08-10 12:26 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 12:26 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-10 12:26 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-10 12:26 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-10 12:26 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 12:26 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-10 12:26 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-10 12:26 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 12:26 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 12:26 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 12:26 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-10 12:26 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-10 12:26 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 12:26 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 12:26 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 12:26 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 12:26 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-10 12:26 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 12:26 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-10 12:26 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 12:26 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 12:26 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 12:26 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 12:26 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 12:26 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 12:26 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 12:26 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-08-10 12:26 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 12:26 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 12:26 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 12:26 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 12:26 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 12:26 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 12:26 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 12:26 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-09 09:51 - 2016-08-09 09:51 - 00142497 _____ C:\Windows\6e6737e3245a5320317b6a29d0a01e2c.exe
2016-08-05 15:09 - 2016-08-05 15:11 - 00191687 _____ C:\Users\User\Downloads\ModLoader.zip
2016-08-05 14:53 - 2016-08-05 14:53 - 03289729 _____ C:\Users\User\Downloads\forge-1.7.10-10.13.3.1403-1.7.10-installer.jar
2016-08-05 12:39 - 2016-08-05 12:51 - 110780348 _____ C:\Users\User\Desktop\5585 - Pokemon - Black Version (DSi Enhanced)(USA) (E).zip
2016-08-05 12:35 - 2016-08-07 23:38 - 00000000 ____D C:\Users\User\Downloads\desmume-0.9.7-win64-1092
2016-08-05 12:22 - 2016-08-05 12:22 - 01419179 _____ C:\Users\User\Downloads\desmume-0.9.7-win64-1092.zip
2016-08-05 09:42 - 2016-08-05 09:42 - 00006380 _____ C:\Users\User\Downloads\Gammabright v3.3 [MC 1.7.10].litemod
2016-08-04 20:42 - 2016-08-04 20:46 - 00000000 ____D C:\Users\User\AppData\Roaming\.technic
2016-08-04 20:42 - 2016-08-04 20:43 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (4).exe
2016-08-04 20:42 - 2016-08-04 20:42 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (3).exe
2016-08-04 20:35 - 2016-08-04 20:35 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\AppData\LocalLow\Sun
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Oracle
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-04 20:34 - 2016-08-04 20:34 - 00739904 _____ (Oracle Corporation) C:\Users\User\Downloads\JavaSetup8u101.exe
2016-08-04 20:33 - 2016-08-04 20:45 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (1).exe
2016-08-04 20:33 - 2016-08-04 20:34 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher (2).exe
2016-08-04 20:32 - 2016-08-04 20:33 - 04734664 _____ () C:\Users\User\Downloads\TechnicLauncher.exe
2016-07-24 10:34 - 2016-08-11 23:47 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-16 16:56 - 2016-06-03 19:01 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-16 16:56 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-08-16 16:51 - 2016-06-09 22:21 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-16 16:51 - 2016-06-09 22:21 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-16 16:51 - 2016-06-03 18:57 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 16:51 - 2016-06-03 17:08 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-16 16:51 - 2016-06-03 17:08 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-08-16 16:51 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-16 08:40 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 08:40 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-08-13 19:24 - 2015-10-30 05:13 - 00000000 ____D C:\Windows\ServiceProfiles
2016-08-13 01:17 - 2016-07-04 23:31 - 00000675 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-08-13 01:17 - 2016-07-04 23:31 - 00000625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-08-13 01:17 - 2016-06-21 11:57 - 00001851 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-13 01:17 - 2016-06-21 11:57 - 00001845 _____ C:\Users\User\Desktop\Spotify.lnk
2016-08-13 01:17 - 2016-06-18 15:00 - 00000857 _____ C:\Users\Public\Desktop\A3Launcher.lnk
2016-08-13 01:17 - 2016-06-09 22:21 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-13 01:17 - 2016-06-09 18:11 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-08-13 01:17 - 2016-06-09 17:33 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-08-13 01:17 - 2016-06-03 18:59 - 00002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-13 01:17 - 2016-06-03 17:04 - 00001898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM.lnk
2016-08-12 09:25 - 2016-06-09 22:29 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2016-08-11 23:59 - 2016-06-09 22:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-11 23:25 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-08-11 21:56 - 2016-06-03 17:10 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-08-11 21:56 - 2016-06-03 17:10 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-08-11 21:33 - 2016-06-09 17:10 - 00000000 ____D C:\Users\User\AppData\Local\MicrosoftEdge
2016-08-11 21:12 - 2016-06-09 20:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-11 20:50 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-08-11 19:43 - 2016-06-03 18:57 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-08-11 09:35 - 2016-06-03 18:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 01:48 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 01:48 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-11 01:48 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-10 12:32 - 2016-06-03 17:13 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 12:32 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-10 12:32 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 12:30 - 2016-06-03 17:13 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-04 19:32 - 2016-06-09 22:28 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-08-03 00:11 - 2016-06-17 00:30 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2016-08-02 11:13 - 2016-06-09 18:15 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2016-08-02 11:12 - 2016-06-09 18:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2016-07-27 15:25 - 2016-06-03 17:16 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-24 10:35 - 2016-06-15 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-24 10:35 - 2016-06-15 18:03 - 00000000 ____D C:\Users\User\AppData\Local\Discord
2016-07-24 09:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-07-22 13:42 - 2016-06-09 19:48 - 00000000 ____D C:\Users\User\AppData\Roaming\steelseries-engine-3-client
2016-07-22 09:52 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-22 09:51 - 2016-06-09 17:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-22 09:49 - 2016-06-17 00:30 - 00000000 ____D C:\Users\User\Documents\Arma 3
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\PrintDialog
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\oobe
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\Provisioning
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-18 20:01 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
 
==================== Files in the root of some directories =======
 
2016-08-11 21:04 - 2016-08-11 21:04 - 0001056 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-08-11 21:04 - 2016-08-11 21:04 - 0138240 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-08-11 21:04 - 2016-08-11 21:04 - 0000000 _____ () C:\Users\User\AppData\Local\run.txt
2016-08-11 21:05 - 2016-08-11 21:05 - 0000001 _____ () C:\Users\User\AppData\Local\setupsuccessful.txt
2016-08-11 21:04 - 2016-08-11 21:05 - 0000000 _____ () C:\Users\User\AppData\Local\stxtname.txt
2016-08-11 21:34 - 2016-08-11 21:34 - 0000000 _____ () C:\Users\User\AppData\Local\{58B7168A-27F9-4554-AE9D-B66870FDD7E9}
2016-06-03 17:12 - 2016-06-03 17:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\User\installshield_scm.reg
C:\Users\User\scm.reg
 
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\1654.tmp.exe
C:\Users\User\AppData\Local\Temp\418C.tmp.exe
C:\Users\User\AppData\Local\Temp\7C6E.tmp.exe
C:\Users\User\AppData\Local\Temp\7PPY9OJXY1.exe
C:\Users\User\AppData\Local\Temp\990ZUQBEWV.exe
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\KUIU.EXE
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\msvcr120.dll
C:\Users\User\AppData\Local\Temp\sbW93VShof.exe
C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-10 12:29
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by User (16-08-2016 17:03:42)
Running from C:\Users\User\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-03 22:57:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3297142376-3490586903-1741990427-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3297142376-3490586903-1741990427-503 - Limited - Disabled)
Guest (S-1-5-21-3297142376-3490586903-1741990427-501 - Limited - Disabled)
User (S-1-5-21-3297142376-3490586903-1741990427-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A3Launcher version 0.1.3.0 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.3.0 - Maca134)
ApoDispatchConfigurator (Version: 2.2.701 - Nahimic) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
AudioLaunchpadConfigurator (Version: 2.2.701 - Nahimic) Hidden
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CheckDevicesConfigurator (Version: 2.2.701 - Nahimic) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4416 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LauncherSetup (Version: 2.2.701 - Nahimic) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft RS Import (HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Microsoft RS Import) (Version: 2.4.36.6 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.0.786 - Portrait Displays, Inc.)
Nahimic 2 (HKLM-x32\...\{cd1a71dd-899d-4d40-82bc-0b7ec1a4c72f}) (Version: 2.2.7 - Nahimic)
Nahimic2UISetup (Version: 2.2.701 - Nahimic) Hidden
NahimicSettingsConfigurator (Version: 2.2.701 - Nahimic) Hidden
NVIDIA Graphics Driver 359.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.40 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
ProductDaemonSetup (Version: 2.2.701 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SCM (HKLM\...\{64218232-E7E7-4A82-A822-26925AED1CC8}) (Version: 13.015.09115 - Application)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.2.701 - Nahimic) Hidden
Spotify (HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.22.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
UIInstallUpgrade (Version: 2.2.701 - Nahimic) Hidden
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Utatity (HKLM-x32\...\{0EB1EFFC-E623-4F0E-87A7-EBA41BB4F77A}) (Version: 1.0.0.0 - " ") <==== ATTENTION
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3297142376-3490586903-1741990427-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06E1761C-3352-4B94-AF3A-E0818DB7A4E2} - System32\Tasks\a51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {0A1B3ED1-56CF-4DC8-BE79-DD812D856600} - System32\Tasks\{3E3BE351-49D7-4AA6-83CE-DF8A5BCDD4BE} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {2047DDD6-6F71-4F7F-93B4-31EF7C1AAD2E} - \{0A7F7947-0A0F-7D09-7911-79790D0A117A} -> No File <==== ATTENTION
Task: {22B552F0-CE1A-47A4-A1A3-1215BC8A86EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2566CD33-0E7E-44C8-B6C5-345D920F72F2} - \Nahimic2Svc32Run -> No File <==== ATTENTION
Task: {29B688E3-F901-4E2C-9BD7-E1105D8EA7BD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {2D2A7731-81B0-449E-841F-EF1B3B2E8A79} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {5C43C966-0424-4805-836B-C2D18B8CA61C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6283F552-B212-4D38-9D78-D64FCA2784CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {6C81171E-D38A-4FA3-9AF1-8FCFBB53058C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {81ADA459-79C7-4186-9404-17B8D3502C8F} - \Nahimic2Svc64Run -> No File <==== ATTENTION
Task: {81C73ED2-59C8-43E6-8EB8-B8753D73BCFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {86F8175D-3ECF-4E2D-B1CD-2BC4145C071E} - \{088B6EE9-E44E-4B6B-8918-72F1071BCDA6} -> No File <==== ATTENTION
Task: {9B8EA8E1-B84D-4352-AFE1-B9551850E304} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-22] (Microsoft Corporation)
Task: {A212C068-8727-4C45-B6F7-B7094F4E7999} - \Nahimic2UILauncherRun -> No File <==== ATTENTION
Task: {A8D17326-E2A9-42D2-814B-73EAF2650D74} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {ACCBCA57-1FD5-49FD-8A49-A468A9C937DA} - System32\Tasks\dD51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {C2AD76A6-513C-4243-B165-31F1E5696A25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-22] (Microsoft Corporation)
Task: {D328CD04-12FF-4874-BA37-F8714BCCE84E} - \{0F534F07-E897-4CD7-BF05-CB45B22BB635} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-06-03 17:12 - 2016-02-01 14:55 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 02:07 - 2016-04-22 02:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 02:07 - 2016-04-22 02:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-09 17:30 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-07-14 20:18 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-05-10 16:01 - 2016-05-10 16:01 - 00215736 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-05-10 16:01 - 2016-05-10 16:01 - 00288952 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-07-14 20:18 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-03 17:20 - 2016-06-03 17:20 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-09 17:33 - 2016-07-03 10:14 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-04 04:35 - 2016-06-04 04:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-29 00:48 - 2016-03-29 00:48 - 00394216 _____ () C:\Windows\system32\igfxTray.exe
2016-06-03 17:10 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-14 20:19 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-14 20:18 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-14 20:18 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-14 20:18 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-14 20:18 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-10 15:58 - 2016-05-10 15:58 - 00695480 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-05-10 15:58 - 2016-05-10 15:58 - 01962496 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-05-10 16:01 - 2016-05-10 16:01 - 00500224 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-08-08 17:41 - 2016-08-02 19:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 17:41 - 2016-08-02 19:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-06-04 04:35 - 2016-06-04 04:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-04 04:35 - 2016-06-04 04:36 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-09 17:33 - 2016-07-03 09:42 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-05-10 15:55 - 2016-05-10 15:55 - 00256696 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-05-10 15:57 - 2016-05-10 15:57 - 00184504 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2016-08-15 10:53 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\StartupApproved\Run: => "Lync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DEF7FBFA-18A7-4822-A726-3EDFF81573F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FB2C3838-4C55-4D34-928B-38599B0B3A9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8371181F-2E01-4AB6-A508-A62E83F731E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{76DF0FFB-D274-4B60-8B8A-D90DB9FCC29D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A85BD1CA-C349-4996-9236-B252B5E16F5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED7535CA-238A-4039-9D59-C6A97DC4FFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0243C8EE-25C0-457E-90E4-F54DFD60F9EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7796A819-27D3-4294-8ED6-80A0AD6A2284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2330A42-3F18-4701-9FCF-516CE0BB463F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EC80028E-423C-4A46-BC1A-3E804978708C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8F03904C-E841-46C3-B0F6-A4FE3CEB7C73}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{947170AD-FAE4-4648-8A77-DB04BBC644EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B886D6C-B35D-41CE-98C0-680CB8B443AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C7F9D83-649C-4BD9-ABDD-63B211E268E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A9205E2B-AC4E-4E0D-B262-4F8DB37EE1CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E61CD9E0-85EC-47E8-8850-0377AC8A01F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35ED1B09-105E-4859-A2B1-BD55015291E7}] => (Allow) E:\Apps Edrive\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{085169EA-81FC-482C-BE13-4CC7FB00B579}] => (Allow) E:\Apps Edrive\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{387E2156-1E0D-4E8F-87BC-ABC6048FD98C}] => (Allow) E:\Apps Edrive\steamapps\common\Rust\Rust.exe
FirewallRules: [{BF2B66C1-91BF-4434-904A-747A84D33FD6}] => (Allow) E:\Apps Edrive\steamapps\common\Rust\Rust.exe
FirewallRules: [{A3B9BFD9-B102-4C85-8DA3-6551AA9F7F3E}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{259A064F-CED5-45D6-BB42-1E0107B57BEF}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{9DFCFD11-D080-4B7D-800B-B9F19B284AA5}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{6BE18AF3-FC22-433F-97E9-4405B7B42970}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{68C7F05B-7648-49F6-9F79-079D931C0A76}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{A6BC5E15-DD09-4E3A-BC2F-70B6C4EF79D2}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{9E76CCF5-13D3-42F7-A9F1-CE2D6C0B4300}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B2A601AD-45A8-4F86-8205-61806590440C}] => (Allow) E:\Apps Edrive\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{8E79FE96-4A09-4407-BA82-C6B69B990118}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Allow) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{99640C15-0E6B-4E76-BED0-A2D4DFEB0916}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Allow) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{5D6BADA9-4C46-4BBD-BE78-8D70825198BE}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{69F2C58A-7AF1-4B76-959B-6378A8C856D6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B2EECDD4-3835-4458-A0EC-787B6DC0BAC7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8289E64D-55E3-4C63-9A28-0C312F0D3AD1}] => (Allow) E:\Apps Edrive\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{182A6DF3-426E-4E6B-81B2-8B230E21D726}] => (Allow) E:\Apps Edrive\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{3633480A-5120-4751-93C6-240044D2348B}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Block) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{28A87F0C-B1F4-4007-875A-55FB3C2C6A44}E:\apps edrive\steamapps\common\arma 3\arma3.exe] => (Block) E:\apps edrive\steamapps\common\arma 3\arma3.exe
FirewallRules: [{D1EF7202-5847-4039-A075-82139942FCF8}] => (Allow) E:\Apps Edrive\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{26572B2A-B5FE-4DA6-AF4B-24E52693C9E3}] => (Allow) E:\Apps Edrive\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{76CDEC8D-9BB5-44B2-939B-50A55C249FF5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{335FA467-EB6F-48FC-BE1F-89302D0B8EF4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{815A0CDE-3046-4C35-B871-B7A6F0426B06}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{98B949D8-7ADC-4FB9-B5B0-19807F3C54CE}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{F9988176-67F0-4797-8770-AD97AC740DC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9820A5A3-1CDE-4073-8659-FD00CB06C8E5}C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [UDP Query User{BE3F583B-B53E-40BD-92F3-9C8EF1CB52FA}C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desume 1\desmume v.0.9.7 x64 wifi capable winpcap v.4.1.2\desmume v.0.9.7 wifi capable\desmume v.0.9.7 wifi capable\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [TCP Query User{EC205995-09E5-4E22-AF86-3461F7AA79AE}C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [UDP Query User{3EEA8233-541A-45DD-9DFE-8480F8D09776}C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe] => (Allow) C:\users\user\desktop\desmume_v.0.9.7_x64_release_wifi.exe
FirewallRules: [{9A430429-38B8-4589-A417-62F84CD3ABD3}] => (Allow) C:\Users\User\AppData\Local\ddnowyes.exe
FirewallRules: [{A33E06A0-E82D-4346-8B88-140DC20FD2E0}] => (Allow) C:\Users\User\AppData\Local\Temp\nsvE7B.tmp\oksoft12.exe
FirewallRules: [{1D0F6AAF-626A-48C5-9021-E5BAC834AF61}] => (Allow) C:\Users\User\AppData\Local\41404271.exe
FirewallRules: [{12988423-A5D5-4514-BA1C-FE0FBF700AE1}] => (Allow) C:\Users\User\AppData\Local\tinstall.exe
FirewallRules: [{315BCEF0-95D2-4871-A114-1F7273723A93}] => (Allow) C:\Users\User\AppData\Local\cap.exe
FirewallRules: [{5AA59EC2-5DC1-4401-BDAC-563EC542D92B}] => (Allow) C:\Users\User\AppData\Local\ddnow.exe
FirewallRules: [{28B59607-C9B6-432F-B80A-205A901B4104}] => (Allow) C:\Program Files (x86)\finance\alabama.exe
FirewallRules: [{A0531FD3-45B9-465B-B971-16836DF86782}] => (Allow) C:\Program Files (x86)\finance\cuppa.exe
FirewallRules: [{03FE4DA1-F625-47FF-BC00-F96C7778C922}] => (Allow) C:\Program Files (x86)\judgements\faerie.exe
FirewallRules: [{4CDEAC41-1467-4797-B99C-A2858E2841F7}] => (Allow) C:\Program Files (x86)\wallflowers\daydreamer.exe
FirewallRules: [{F3A8372C-C79E-44FD-9147-CDDB0FEA8C27}] => (Allow) C:\Windows\prefatory.exe
FirewallRules: [{7C03423B-4D06-4559-A728-88112781712A}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{18964D08-9004-48FB-8C47-DB74C179EB46}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{64499B0B-87B9-4B81-A5AC-55A1EAA0AAC4}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{D7B2BECF-3FE2-4593-BA9D-A881085B9380}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{E0E89662-D54B-4712-A458-5CD0CFE0854E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6FBBB340-3EBB-472F-B41D-A08EFEB33E83}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [TCP Query User{98CA4C32-137C-41A2-8AC0-E883BC458085}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{65D38240-E2F7-417F-A10E-15D26AA4C6B2}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
 
==================== Restore Points =========================
 
15-08-2016 12:43:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2016 04:54:40 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (08/16/2016 02:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219
 
Error: (08/16/2016 02:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219
 
Error: (08/16/2016 02:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10801657
 
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10801657
 
Error: (08/16/2016 12:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
 
Error: (08/16/2016 09:06:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/16/2016 04:51:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rainiq service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/16/2016 04:51:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/16/2016 04:51:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_19af6ee service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/16/2016 04:50:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/16/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-08-16 16:50:46.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:46.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:46.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:46.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:46.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:23.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:23.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:23.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:23.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 16:50:23.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 20%
Total physical RAM: 16288.32 MB
Available physical RAM: 12958.71 MB
Total Virtual: 33696.32 MB
Available Virtual: 30557.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.69 GB) (Free:83.77 GB) NTFS
Drive e: () (Fixed) (Total:953.74 GB) (Free:843.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 16 August 2016 - 04:23 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 08:17 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by User (16-08-2016 21:14:33) Run:2
Running from C:\Users\User\Desktop\New folder
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogled.lnk [2016-08-13]
ShortcutTarget: ogled.lnk -> C:\Program Files (x86)\finance\alabama.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok15647409ogled.lnk [2016-08-13]
ShortcutTarget: ok15647409ogled.lnk -> C:\Program Files (x86)\wallflowers\daydreamer.exe (No File)
HKLM-x32\...\Run: [cutoauto] => "C:\Program Files (x86)\finance\cuppa.exe"
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\...\Run: [L] => C:\Program Files (x86)\Power Update\fatalerror.exe
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies: 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 Rainiq; "C:\Users\User\AppData\Roaming\TurqAvofli\Giaenx.exe" -cms [X]
2016-08-11 23:59 - 2016-08-12 02:20 - 00000000 ____D C:\Program Files (x86)\Power Update
2016-08-11 21:04 - 2016-08-13 00:55 - 00000000 ____D C:\Program Files (x86)\finance
2016-08-11 21:04 - 2016-08-12 00:43 - 00000000 ____D C:\Program Files (x86)\wallflowers
2016-08-11 21:04 - 2016-08-12 00:01 - 00003888 _____ C:\Windows\System32\Tasks\a51365895136589
2016-08-11 21:04 - 2016-08-12 00:01 - 00003740 _____ C:\Windows\System32\Tasks\dD51365895136589
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\MyInternet
2016-08-11 21:04 - 2016-08-11 21:04 - 00000000 ____D C:\Program Files (x86)\immodesty
C:\Users\User\installshield_scm.reg
FirewallRules: [{9A430429-38B8-4589-A417-62F84CD3ABD3}] => (Allow) C:\Users\User\AppData\Local\ddnowyes.exe
FirewallRules: [{A33E06A0-E82D-4346-8B88-140DC20FD2E0}] => (Allow) C:\Users\User\AppData\Local\Temp\nsvE7B.tmp\oksoft12.exe
FirewallRules: [{1D0F6AAF-626A-48C5-9021-E5BAC834AF61}] => (Allow) C:\Users\User\AppData\Local\41404271.exe
FirewallRules: [{12988423-A5D5-4514-BA1C-FE0FBF700AE1}] => (Allow) C:\Users\User\AppData\Local\tinstall.exe
FirewallRules: [{315BCEF0-95D2-4871-A114-1F7273723A93}] => (Allow) C:\Users\User\AppData\Local\cap.exe
FirewallRules: [{5AA59EC2-5DC1-4401-BDAC-563EC542D92B}] => (Allow) C:\Users\User\AppData\Local\ddnow.exe
FirewallRules: [{28B59607-C9B6-432F-B80A-205A901B4104}] => (Allow) C:\Program Files (x86)\finance\alabama.exe
FirewallRules: [{A0531FD3-45B9-465B-B971-16836DF86782}] => (Allow) C:\Program Files (x86)\finance\cuppa.exe
FirewallRules: [{03FE4DA1-F625-47FF-BC00-F96C7778C922}] => (Allow) C:\Program Files (x86)\judgements\faerie.exe
FirewallRules: [{4CDEAC41-1467-4797-B99C-A2858E2841F7}] => (Allow) C:\Program Files (x86)\wallflowers\daydreamer.exe
FirewallRules: [{F3A8372C-C79E-44FD-9147-CDDB0FEA8C27}] => (Allow) C:\Windows\prefatory.exe
C:\Users\User\scm.reg
Emptytemp:
Task: {06E1761C-3352-4B94-AF3A-E0818DB7A4E2} - System32\Tasks\a51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {2047DDD6-6F71-4F7F-93B4-31EF7C1AAD2E} - \{0A7F7947-0A0F-7D09-7911-79790D0A117A} -> No File <==== ATTENTION
Task: {2566CD33-0E7E-44C8-B6C5-345D920F72F2} - \Nahimic2Svc32Run -> No File <==== ATTENTION
Task: {2D2A7731-81B0-449E-841F-EF1B3B2E8A79} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {5C43C966-0424-4805-836B-C2D18B8CA61C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6C81171E-D38A-4FA3-9AF1-8FCFBB53058C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {81ADA459-79C7-4186-9404-17B8D3502C8F} - \Nahimic2Svc64Run -> No File <==== ATTENTION
Task: {A212C068-8727-4C45-B6F7-B7094F4E7999} - \Nahimic2UILauncherRun -> No File <==== ATTENTION
Task: {A8D17326-E2A9-42D2-814B-73EAF2650D74} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {ACCBCA57-1FD5-49FD-8A49-A468A9C937DA} - System32\Tasks\dD51365895136589 => C:\Program Files (x86)\wallflowers\daydreamer.exe
Task: {D328CD04-12FF-4874-BA37-F8714BCCE84E} - \{0F534F07-E897-4CD7-BF05-CB45B22BB635} -> No File <==== ATTENTION
 
 
 
*****************
 
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogled.lnk => not found.
C:\Program Files (x86)\finance\alabama.exe => not found.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok15647409ogled.lnk => not found.
C:\Program Files (x86)\wallflowers\daydreamer.exe => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value not found.
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\Software\Microsoft\Windows\CurrentVersion\Run\\L => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03428fbf-668c-4802-b703-7a6fde1413a4}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8bdf229d-992b-4c05-918d-9753371c3df1}\\NameServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-3297142376-3490586903-1741990427-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
GeekBuddyRSP => service not found.
ibtsiva => service not found.
Rainiq => service not found.
"C:\Program Files (x86)\Power Update" => not found.
"C:\Program Files (x86)\finance" => not found.
"C:\Program Files (x86)\wallflowers" => not found.
"C:\Windows\System32\Tasks\a51365895136589" => not found.
"C:\Windows\System32\Tasks\dD51365895136589" => not found.
"C:\Program Files (x86)\MyInternet" => not found.
"C:\Program Files (x86)\immodesty" => not found.
"C:\Users\User\installshield_scm.reg" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A430429-38B8-4589-A417-62F84CD3ABD3} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A33E06A0-E82D-4346-8B88-140DC20FD2E0} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D0F6AAF-626A-48C5-9021-E5BAC834AF61} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12988423-A5D5-4514-BA1C-FE0FBF700AE1} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{315BCEF0-95D2-4871-A114-1F7273723A93} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AA59EC2-5DC1-4401-BDAC-563EC542D92B} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28B59607-C9B6-432F-B80A-205A901B4104} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0531FD3-45B9-465B-B971-16836DF86782} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03FE4DA1-F625-47FF-BC00-F96C7778C922} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CDEAC41-1467-4797-B99C-A2858E2841F7} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3A8372C-C79E-44FD-9147-CDDB0FEA8C27} => value not found.
"C:\Users\User\scm.reg" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06E1761C-3352-4B94-AF3A-E0818DB7A4E2} => key not found. 
C:\Windows\System32\Tasks\a51365895136589 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a51365895136589 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2047DDD6-6F71-4F7F-93B4-31EF7C1AAD2E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A7F7947-0A0F-7D09-7911-79790D0A117A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2566CD33-0E7E-44C8-B6C5-345D920F72F2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nahimic2Svc32Run => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2A7731-81B0-449E-841F-EF1B3B2E8A79} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C43C966-0424-4805-836B-C2D18B8CA61C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C81171E-D38A-4FA3-9AF1-8FCFBB53058C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81ADA459-79C7-4186-9404-17B8D3502C8F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nahimic2Svc64Run => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A212C068-8727-4C45-B6F7-B7094F4E7999} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nahimic2UILauncherRun => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8D17326-E2A9-42D2-814B-73EAF2650D74} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e02c4bd5-54d5-4470-9ea0-a68d88112c00 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCBCA57-1FD5-49FD-8A49-A468A9C937DA} => key not found. 
C:\Windows\System32\Tasks\dD51365895136589 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dD51365895136589 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D328CD04-12FF-4874-BA37-F8714BCCE84E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F534F07-E897-4CD7-BF05-CB45B22BB635} => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1393732 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5371033 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -5904 B
Edge => 4608 B
Chrome => 19355785 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -658 B
User => 24371 B
 
RecycleBin => 0 B
EmptyTemp: => 24.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:14:35 ====


#9 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 August 2016 - 08:27 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/16/2016
Scan Time: 9:19 PM
Logfile: MALWAREBYTES LOG.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.16.12
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300576
Time Elapsed: 5 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 17 August 2016 - 07:22 AM

How is your computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 17 August 2016 - 06:14 PM

It's doing well. I have full ability to enter proxy settings etc. no VISIBLE problems

#12 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 18 August 2016 - 06:50 AM

So.... Is it fixed? Is there still malware present?

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 18 August 2016 - 10:39 AM

Please run FRST as you did the first time you ran it and post the FRST.txt for my review. I will look at it. I believe it is clean but will know for sure after I see the new FRST log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Judoyo13

Judoyo13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 19 August 2016 - 06:47 AM

Alrighty... I will when I get time. Moving into my new college dorm today :)

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:09 PM

Posted 19 August 2016 - 01:03 PM

Congrats on moving in. As soon as you can post it. I can look at it it and make sure your clean. Then we can clean up our tools and get you on your way.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users