Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran exe, got a virus. Not sure if it is gone yet, still get adware.


  • This topic is locked This topic is locked
62 replies to this topic

#1 Nebula_99

Nebula_99

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 23 August 2016 - 04:21 PM

I recently ran a suspicious exe that gave me a virus immediately. When it happend most of the trojans were blocked by windows defender and I ran malwarebytes, hitman, ESET, adwarecleaner, Zemana, etc. Most of the symptoms that I could see were a change in my default chrome browser, a random program got pinned to my taskbar, chrome installed a random extension, my desktop constantly refreshes itself and even my steam client had adware on it.

I opened a topic on the Am I Infected? forum and I got some help. After I thought it was gone for good I decided to play a video game called Osu. The video game shouldn't be the problem as I have played it many times before. Anyways while playing it, the game randomly tabbed out and all of the adware that I previously removed appeared again. I want to find out what this malware is and get rid of it for good, I will format my drives if need be.

 

Here is the Farbar Scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01

Ran by Ben (administrator) on BENSBUILD (23-08-2016 16:07:55)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.295\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.295\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.295\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [ic-0.2ac9e8bd99920c.exe -start] => C:\Users\Ben\AppData\Local\Temp\442746687\ic-0.2ac9e8bd99920c.exe -start <===== ATTENTION
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Discord] => C:\Users\Ben\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{aabf9828-cc28-485a-bd18-830b382338a9}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oexkkvkx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2241758850-542122872-3492692867-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G8Lzftpbl0cshmoBU,1244ecf3-7804-4f53-9478-5365bce3bd28,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Hide Fedora) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-21]
CHR Extension: (BetterTTV) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skyrim: Book of the Dragonborn Theme) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioigkhgefneinlgdahhpddckbpofpnfi [2016-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-12-12] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-04] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2014-12-12] (DTS, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-01-30] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-07-23] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-06-20] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UkcQZkVU; C:\Program Files (x86)\WebShield\WebShield.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-06-19] (Echobit, LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\ManyCam_x64.sys [27136 2011-09-29] (ManyCam LLC.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-08-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-21] (Zemana Ltd.)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 16:07 - 2016-08-23 16:07 - 00018435 _____ C:\Users\Ben\Desktop\FRST.txt
2016-08-23 16:07 - 2016-08-23 16:07 - 00000000 ____D C:\FRST
2016-08-23 16:06 - 2016-08-23 16:06 - 02396672 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-08-22 20:12 - 2016-08-22 20:12 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 19:30 - 2016-08-22 19:30 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-08-22 19:28 - 2016-08-22 19:28 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-08-22 14:29 - 2016-08-22 14:29 - 03784256 _____ C:\Users\Ben\Desktop\AdwCleaner.exe
2016-08-21 22:54 - 2016-08-21 22:54 - 00003362 _____ C:\Users\Ben\Desktop\malwarereport.txt
2016-08-21 19:30 - 2016-08-21 19:30 - 00000831 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-21 18:53 - 2016-08-21 18:53 - 02870984 _____ (ESET) C:\Users\Ben\Desktop\esetsmartinstaller_enu.exe
2016-08-21 18:47 - 2016-08-21 18:47 - 00000646 _____ C:\Users\Ben\Desktop\JRT.txt
2016-08-21 18:45 - 2016-08-21 18:45 - 01610560 _____ (Malwarebytes) C:\Users\Ben\Desktop\JRT.exe
2016-08-21 15:41 - 2016-08-22 14:31 - 00000000 ____D C:\AdwCleaner
2016-08-21 15:41 - 2016-08-21 15:41 - 03784256 _____ C:\Users\Ben\Desktop\adwcleaner_6.000.exe
2016-08-21 15:38 - 2016-08-22 14:35 - 00000432 _____ C:\Users\Ben\Desktop\MTB.txt
2016-08-21 15:37 - 2016-08-21 15:37 - 00892416 _____ (Farbar) C:\Users\Ben\Desktop\MiniToolBox.exe
2016-08-21 14:59 - 2016-08-21 14:59 - 00001188 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-21 14:56 - 2016-08-21 14:58 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-21 14:54 - 2016-08-23 16:08 - 00111968 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-21 14:54 - 2016-08-23 16:07 - 00035110 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-21 14:54 - 2016-08-21 14:54 - 05700024 _____ ( ) C:\Users\Ben\Desktop\Zemana.AntiMalware.Setup.exe
2016-08-21 14:54 - 2016-08-21 14:54 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-08-21 14:54 - 2016-08-21 14:54 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\Users\Ben\AppData\Local\Zemana
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-21 05:04 - 2016-08-21 05:04 - 00003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-08-21 05:04 - 2016-08-21 05:04 - 00000708 _____ C:\DelFix.txt
2016-08-21 05:04 - 2016-08-21 05:04 - 00000000 ____D C:\WINDOWS\ERUNT
2016-08-20 23:29 - 2016-08-20 23:29 - 00003308 _____ C:\WINDOWS\system32\.crusader
2016-08-20 23:26 - 2016-08-20 23:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-20 23:25 - 2016-08-20 23:25 - 11438608 _____ (SurfRight B.V.) C:\Users\Ben\Desktop\hitmanpro_x64.exe
2016-08-20 23:06 - 2016-08-20 23:06 - 00000000 ____D C:\$SysReset
2016-08-20 22:23 - 2016-08-20 22:23 - 06334848 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-08-20 22:23 - 2016-08-20 22:23 - 06334848 _____ (AVAST Software) C:\Users\Ben\Downloads\avast_free_antivirus_setup_online.exe
2016-08-20 21:12 - 2016-08-20 22:40 - 00000000 ____D C:\EEK
2016-08-20 21:01 - 2016-08-20 21:04 - 248801536 _____ C:\Users\Ben\Downloads\EmsisoftEmergencyKit.exe
2016-08-20 20:46 - 2016-08-23 16:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-20 20:46 - 2016-08-21 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-20 20:46 - 2016-08-21 14:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-20 20:46 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-20 20:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-20 20:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-20 20:45 - 2016-08-20 20:45 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-20 20:32 - 2016-08-20 22:13 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\uTorrent
2016-08-20 20:25 - 2016-08-20 20:25 - 00007550 _____ C:\WINDOWS\system32\hst.pcm
2016-08-20 20:23 - 2016-08-21 19:47 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-08-20 20:23 - 2016-08-20 20:27 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-08-20 20:21 - 2016-08-20 20:19 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-08-20 18:51 - 2016-08-20 18:51 - 00000000 ____D C:\Users\Ben\AppData\Roaming\StepMania 5
2016-08-20 18:46 - 2016-08-20 18:47 - 51650644 _____ C:\Users\Ben\Downloads\StepMania-5.0.11-win32.exe
2016-08-18 00:24 - 2016-08-18 00:24 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\Adobe
2016-08-17 20:42 - 2016-08-18 08:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-17 20:42 - 2016-08-18 00:25 - 00000000 ____D C:\ProgramData\Adobe
2016-08-17 20:42 - 2016-08-17 20:42 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-17 20:42 - 2016-08-17 20:42 - 00002141 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-17 20:42 - 2016-08-17 20:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-14 19:14 - 2016-08-14 19:15 - 04734664 _____ () C:\Users\Ben\Downloads\TechnicLauncher.exe
2016-08-09 20:44 - 2016-08-09 20:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\DarkSoulsII
2016-08-09 16:51 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 16:51 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 16:51 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 16:51 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 16:51 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 16:51 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 16:51 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 16:51 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 16:51 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 16:51 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 16:51 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 16:51 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 16:51 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 16:51 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 16:51 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 16:51 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 16:51 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 16:51 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 16:51 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 16:51 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 16:51 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 16:51 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 16:51 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 16:51 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 16:51 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 16:51 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 16:51 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 16:51 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 16:51 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 16:51 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 16:51 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 16:51 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 16:51 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 16:51 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 16:51 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 16:51 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 16:51 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 16:51 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 16:51 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 16:51 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 16:51 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 16:51 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 16:51 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 16:51 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 16:51 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 16:51 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 16:51 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 16:51 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 16:51 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 16:51 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 16:51 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 16:51 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 16:51 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 16:51 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 16:51 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 16:51 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 16:51 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 16:51 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 16:51 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 16:51 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 16:51 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 16:51 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 16:51 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 16:51 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 16:51 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 16:51 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 16:51 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 16:51 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 16:51 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 16:51 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 16:51 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 16:51 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 16:51 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 16:51 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 16:51 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 16:51 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 16:51 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 16:51 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 16:51 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 16:51 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 16:51 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 16:51 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 16:51 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 16:51 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 16:51 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 16:51 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 16:51 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 16:51 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 16:51 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 16:51 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 16:51 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 16:51 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 16:51 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 16:51 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 16:51 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 16:51 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 16:51 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-06 05:46 - 2016-08-06 05:46 - 00000000 ____D C:\Users\Ben\AppData\Roaming\fltk.org
2016-08-06 05:46 - 2016-08-06 05:46 - 00000000 ____D C:\ProgramData\fltk.org
2016-08-06 05:35 - 2016-08-06 05:36 - 02456576 _____ C:\Users\Ben\Downloads\Frozlunky.exe
2016-08-01 03:47 - 2016-08-01 03:47 - 00000000 ____D C:\Users\Ben\AppData\Local\DunDefLauncher
2016-07-30 22:02 - 2016-07-30 22:02 - 00080662 _____ C:\Users\Ben\Downloads\Wulf's Dark Souls Connectivity Mod 2.1-1047-2-1.zip
2016-07-29 18:17 - 2016-07-29 18:17 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders
2016-07-29 16:40 - 2016-07-29 16:40 - 00000000 ____D C:\Users\Ben\Documents\Dungeon of the Endless
2016-07-29 16:40 - 2016-07-29 16:40 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\AMPLITUDE Studios
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 16:04 - 2016-03-12 05:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-23 16:04 - 2016-03-12 05:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-23 16:04 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-23 16:04 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-22 23:24 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-22 23:24 - 2014-12-12 23:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-22 20:39 - 2014-12-12 13:31 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC48F1AC-C5B9-4709-9008-EF0A983062CA}
2016-08-22 20:12 - 2016-03-12 14:43 - 00002374 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 20:12 - 2015-01-29 23:46 - 00000000 ___RD C:\Users\Ben\OneDrive
2016-08-22 14:38 - 2016-03-12 05:59 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-22 14:38 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-21 22:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-08-21 20:10 - 2015-06-24 01:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-21 19:48 - 2014-12-12 23:30 - 00001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-21 15:38 - 2015-03-21 22:32 - 00000000 ____D C:\Users\Ben\AppData\Local\Battle.net
2016-08-21 05:10 - 2014-12-12 23:31 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
2016-08-21 05:09 - 2015-08-29 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-21 05:09 - 2014-12-12 23:29 - 00000000 ____D C:\ProgramData\Skype
2016-08-20 20:56 - 2015-06-04 07:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Apps\2.0
2016-08-20 20:39 - 2016-03-12 05:51 - 00000000 ____D C:\Users\Ben
2016-08-20 20:19 - 2013-08-22 08:25 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\Hosts.old
2016-08-20 00:53 - 2014-12-28 20:06 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-08-20 00:53 - 2014-12-12 23:28 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-08-18 23:18 - 2015-08-25 22:14 - 00000000 ____D C:\Users\Ben\Desktop\School Stuff
2016-08-18 00:31 - 2015-04-19 22:25 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-08-18 00:24 - 2014-12-12 13:08 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-08-16 20:22 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 20:21 - 2015-01-29 23:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-11 00:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 13:53 - 2016-03-12 14:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 05:12 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 05:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 05:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 20:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-09 20:57 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-09 20:57 - 2014-12-14 02:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 20:54 - 2014-12-14 02:52 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-07 00:48 - 2015-12-25 03:22 - 00000000 ____D C:\Users\Ben\BrawlhallaReplays
2016-08-01 16:58 - 2016-04-17 00:39 - 00002240 _____ C:\Users\Ben\Desktop\Discord.lnk
2016-08-01 16:58 - 2016-04-17 00:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Discord
2016-08-01 16:58 - 2015-12-09 21:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-01 16:58 - 2015-12-09 21:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\discord
2016-07-30 21:52 - 2016-01-10 23:09 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-07-28 23:58 - 2014-12-15 17:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\OBS
2016-07-27 14:25 - 2014-12-13 19:28 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-01-24 21:43 - 2015-01-26 17:47 - 0000300 _____ () C:\Users\Ben\AppData\Roaming\BreakingPoint_Login.ini
2015-01-24 21:43 - 2015-01-26 18:03 - 0001408 _____ () C:\Users\Ben\AppData\Roaming\BreakingPoint_Options.ini
2015-06-26 17:16 - 2015-06-26 17:17 - 1065984 _____ () C:\Users\Ben\AppData\Local\file__0.localstorage
2016-03-12 05:50 - 2016-03-12 05:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\ads.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\tu17p84.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-15 20:26
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 27 August 2016 - 07:43 PM

Greetings Nebula_99 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rerun a FRST scan and make sure Addition.txt is checked. Copy and paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 August 2016 - 08:03 PM

Thank you for taking the time to assist me.

You can call me Ben.

Here is the FRST Scan:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
Ran by Ben (administrator) on BENSBUILD (27-08-2016 20:01:37)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ben\AppData\Local\Discord\app-0.0.296\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_19.20.24006.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [ic-0.2ac9e8bd99920c.exe -start] => C:\Users\Ben\AppData\Local\Temp\442746687\ic-0.2ac9e8bd99920c.exe -start <===== ATTENTION
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-27] (Spotify Ltd)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-27] (Spotify Ltd)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Run: [Discord] => C:\Users\Ben\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{aabf9828-cc28-485a-bd18-830b382338a9}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oexkkvkx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2241758850-542122872-3492692867-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G8Lzftpbl0cshmoBU,1244ecf3-7804-4f53-9478-5365bce3bd28,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Hide Fedora) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2016-03-21]
CHR Extension: (BetterTTV) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skyrim: Book of the Dragonborn Theme) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioigkhgefneinlgdahhpddckbpofpnfi [2016-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-12-12] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-04] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2014-12-12] (DTS, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-01-30] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-07-23] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-06-20] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UkcQZkVU; C:\Program Files (x86)\WebShield\WebShield.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-06-19] (Echobit, LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\ManyCam_x64.sys [27136 2011-09-29] (ManyCam LLC.) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-08-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-21] (Zemana Ltd.)
U0 aswVmm; no ImagePath
R4 EuMusDesignVirtualAudioCableWdm; \SystemRoot\system32\DRIVERS\vrtaucbl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 19:59 - 2016-08-27 19:59 - 00000000 ____D C:\Users\Ben\Desktop\FRST-OlderVersion
2016-08-26 22:59 - 2016-08-27 18:30 - 00000000 ____D C:\Users\Ben\Desktop\osu bmaps
2016-08-26 21:33 - 2016-08-26 21:33 - 00000545 _____ C:\Users\Ben\Desktop\osu!.lnk
2016-08-26 21:33 - 2016-08-26 21:33 - 00000545 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-08-26 21:28 - 2016-08-26 21:32 - 00000000 ____D C:\Users\Ben\AppData\Local\osu!
2016-08-26 21:28 - 2016-08-26 21:28 - 04513336 _____ (ppy) C:\Users\Ben\Desktop\osu!install.exe
2016-08-23 16:08 - 2016-08-23 16:08 - 00072680 _____ C:\Users\Ben\Desktop\Addition.txt
2016-08-23 16:07 - 2016-08-27 20:01 - 00019004 _____ C:\Users\Ben\Desktop\FRST.txt
2016-08-23 16:07 - 2016-08-27 20:01 - 00000000 ____D C:\FRST
2016-08-23 16:06 - 2016-08-27 19:59 - 02396672 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-08-22 20:12 - 2016-08-22 20:12 - 00003322 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-22 19:30 - 2016-08-22 19:30 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-08-22 19:28 - 2016-08-22 19:28 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-08-22 14:29 - 2016-08-22 14:29 - 03784256 _____ C:\Users\Ben\Desktop\AdwCleaner.exe
2016-08-21 22:54 - 2016-08-21 22:54 - 00003362 _____ C:\Users\Ben\Desktop\malwarereport.txt
2016-08-21 19:30 - 2016-08-21 19:30 - 00000831 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-21 18:53 - 2016-08-21 18:53 - 02870984 _____ (ESET) C:\Users\Ben\Desktop\esetsmartinstaller_enu.exe
2016-08-21 18:47 - 2016-08-21 18:47 - 00000646 _____ C:\Users\Ben\Desktop\JRT.txt
2016-08-21 18:45 - 2016-08-21 18:45 - 01610560 _____ (Malwarebytes) C:\Users\Ben\Desktop\JRT.exe
2016-08-21 15:41 - 2016-08-22 14:31 - 00000000 ____D C:\AdwCleaner
2016-08-21 15:41 - 2016-08-21 15:41 - 03784256 _____ C:\Users\Ben\Desktop\adwcleaner_6.000.exe
2016-08-21 15:38 - 2016-08-22 14:35 - 00000432 _____ C:\Users\Ben\Desktop\MTB.txt
2016-08-21 15:37 - 2016-08-21 15:37 - 00892416 _____ (Farbar) C:\Users\Ben\Desktop\MiniToolBox.exe
2016-08-21 14:59 - 2016-08-21 14:59 - 00001188 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-21 14:56 - 2016-08-21 14:58 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-21 14:54 - 2016-08-27 20:01 - 01609148 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-21 14:54 - 2016-08-27 20:01 - 00384526 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-21 14:54 - 2016-08-21 14:54 - 05700024 _____ ( ) C:\Users\Ben\Desktop\Zemana.AntiMalware.Setup.exe
2016-08-21 14:54 - 2016-08-21 14:54 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-08-21 14:54 - 2016-08-21 14:54 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\Users\Ben\AppData\Local\Zemana
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-08-21 14:54 - 2016-08-21 14:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-21 05:04 - 2016-08-21 05:04 - 00003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-08-21 05:04 - 2016-08-21 05:04 - 00000708 _____ C:\DelFix.txt
2016-08-21 05:04 - 2016-08-21 05:04 - 00000000 ____D C:\WINDOWS\ERUNT
2016-08-20 23:29 - 2016-08-20 23:29 - 00003308 _____ C:\WINDOWS\system32\.crusader
2016-08-20 23:26 - 2016-08-20 23:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-20 23:25 - 2016-08-20 23:25 - 11438608 _____ (SurfRight B.V.) C:\Users\Ben\Desktop\hitmanpro_x64.exe
2016-08-20 23:06 - 2016-08-20 23:06 - 00000000 ____D C:\$SysReset
2016-08-20 22:23 - 2016-08-20 22:23 - 06334848 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-08-20 22:23 - 2016-08-20 22:23 - 06334848 _____ (AVAST Software) C:\Users\Ben\Downloads\avast_free_antivirus_setup_online.exe
2016-08-20 21:12 - 2016-08-20 22:40 - 00000000 ____D C:\EEK
2016-08-20 21:01 - 2016-08-20 21:04 - 248801536 _____ C:\Users\Ben\Downloads\EmsisoftEmergencyKit.exe
2016-08-20 20:46 - 2016-08-27 15:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-20 20:46 - 2016-08-21 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-20 20:46 - 2016-08-21 14:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-20 20:46 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-20 20:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-20 20:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-20 20:45 - 2016-08-20 20:45 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-20 20:32 - 2016-08-20 22:13 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\uTorrent
2016-08-20 20:25 - 2016-08-20 20:25 - 00007550 _____ C:\WINDOWS\system32\hst.pcm
2016-08-20 20:23 - 2016-08-21 19:47 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-08-20 20:23 - 2016-08-20 20:27 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-08-20 20:21 - 2016-08-20 20:19 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-08-20 18:51 - 2016-08-20 18:51 - 00000000 ____D C:\Users\Ben\AppData\Roaming\StepMania 5
2016-08-20 18:46 - 2016-08-20 18:47 - 51650644 _____ C:\Users\Ben\Downloads\StepMania-5.0.11-win32.exe
2016-08-18 00:24 - 2016-08-18 00:24 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\Adobe
2016-08-17 20:42 - 2016-08-18 08:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-17 20:42 - 2016-08-18 00:25 - 00000000 ____D C:\ProgramData\Adobe
2016-08-17 20:42 - 2016-08-17 20:42 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-17 20:42 - 2016-08-17 20:42 - 00002141 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-17 20:42 - 2016-08-17 20:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-14 19:14 - 2016-08-14 19:15 - 04734664 _____ () C:\Users\Ben\Downloads\TechnicLauncher.exe
2016-08-09 20:44 - 2016-08-09 20:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\DarkSoulsII
2016-08-09 16:51 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 16:51 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 16:51 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 16:51 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 16:51 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 16:51 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 16:51 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 16:51 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 16:51 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 16:51 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 16:51 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 16:51 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 16:51 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 16:51 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 16:51 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 16:51 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 16:51 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 16:51 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 16:51 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 16:51 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 16:51 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 16:51 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 16:51 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 16:51 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 16:51 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 16:51 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 16:51 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 16:51 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 16:51 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 16:51 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 16:51 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 16:51 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 16:51 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 16:51 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 16:51 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 16:51 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 16:51 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 16:51 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 16:51 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 16:51 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 16:51 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 16:51 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 16:51 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 16:51 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 16:51 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 16:51 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 16:51 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 16:51 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 16:51 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 16:51 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 16:51 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 16:51 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 16:51 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 16:51 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 16:51 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 16:51 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 16:51 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 16:51 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 16:51 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 16:51 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 16:51 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 16:51 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 16:51 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 16:51 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 16:51 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 16:51 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 16:51 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 16:51 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 16:51 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 16:51 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 16:51 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 16:51 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 16:51 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 16:51 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 16:51 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 16:51 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 16:51 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 16:51 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 16:51 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 16:51 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 16:51 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 16:51 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 16:51 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 16:51 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 16:51 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 16:51 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 16:51 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 16:51 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 16:51 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 16:51 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 16:51 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 16:51 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 16:51 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 16:51 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 16:51 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 16:51 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 16:51 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 16:51 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 16:51 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 16:51 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 16:51 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 16:51 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 16:51 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 16:51 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 16:51 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 16:51 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 16:51 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-06 05:46 - 2016-08-06 05:46 - 00000000 ____D C:\Users\Ben\AppData\Roaming\fltk.org
2016-08-06 05:46 - 2016-08-06 05:46 - 00000000 ____D C:\ProgramData\fltk.org
2016-08-06 05:35 - 2016-08-06 05:36 - 02456576 _____ C:\Users\Ben\Downloads\Frozlunky.exe
2016-08-01 03:47 - 2016-08-01 03:47 - 00000000 ____D C:\Users\Ben\AppData\Local\DunDefLauncher
2016-07-30 22:02 - 2016-07-30 22:02 - 00080662 _____ C:\Users\Ben\Downloads\Wulf's Dark Souls Connectivity Mod 2.1-1047-2-1.zip
2016-07-29 18:17 - 2016-07-29 18:17 - 00000000 ____D C:\Program Files (x86)\Dungeon Defenders
2016-07-29 16:40 - 2016-07-29 16:40 - 00000000 ____D C:\Users\Ben\Documents\Dungeon of the Endless
2016-07-29 16:40 - 2016-07-29 16:40 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\AMPLITUDE Studios
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 19:41 - 2014-12-12 23:28 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-08-27 18:42 - 2014-12-12 13:31 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC48F1AC-C5B9-4709-9008-EF0A983062CA}
2016-08-27 17:15 - 2015-03-21 22:32 - 00000000 ____D C:\Users\Ben\AppData\Local\Battle.net
2016-08-27 15:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 15:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 14:21 - 2014-12-28 20:06 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-08-27 04:46 - 2014-12-12 23:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-26 21:23 - 2015-02-07 17:56 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2016-08-26 21:22 - 2014-12-14 02:35 - 00000000 ____D C:\Users\Ben\AppData\Local\Ubisoft Game Launcher
2016-08-26 21:21 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-26 14:38 - 2016-03-12 05:59 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-26 14:32 - 2016-03-12 05:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-26 14:32 - 2016-03-12 05:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-25 16:56 - 2015-12-09 21:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\discord
2016-08-24 21:53 - 2016-04-17 00:39 - 00002240 _____ C:\Users\Ben\Desktop\Discord.lnk
2016-08-24 21:53 - 2016-04-17 00:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Discord
2016-08-24 21:53 - 2015-12-09 21:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-22 23:24 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-22 20:12 - 2016-03-12 14:43 - 00002374 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 20:12 - 2015-01-29 23:46 - 00000000 ___RD C:\Users\Ben\OneDrive
2016-08-21 22:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-08-21 20:10 - 2015-06-24 01:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-21 19:48 - 2014-12-12 23:30 - 00001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-21 05:10 - 2014-12-12 23:31 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
2016-08-21 05:09 - 2015-08-29 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-21 05:09 - 2014-12-12 23:29 - 00000000 ____D C:\ProgramData\Skype
2016-08-20 20:56 - 2015-06-04 07:39 - 00000000 ____D C:\Users\Ben\AppData\Local\Apps\2.0
2016-08-20 20:39 - 2016-03-12 05:51 - 00000000 ____D C:\Users\Ben
2016-08-20 20:19 - 2013-08-22 08:25 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\Hosts.old
2016-08-18 23:18 - 2015-08-25 22:14 - 00000000 ____D C:\Users\Ben\Desktop\School Stuff
2016-08-18 00:31 - 2015-04-19 22:25 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-08-18 00:24 - 2014-12-12 13:08 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-08-16 20:22 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 20:21 - 2015-01-29 23:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-11 00:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 13:53 - 2016-03-12 14:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 05:12 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 05:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 05:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 20:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-09 20:57 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-09 20:57 - 2014-12-14 02:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 20:54 - 2014-12-14 02:52 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-07 00:48 - 2015-12-25 03:22 - 00000000 ____D C:\Users\Ben\BrawlhallaReplays
2016-07-30 21:52 - 2016-01-10 23:09 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-07-28 23:58 - 2014-12-15 17:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\OBS
 
==================== Files in the root of some directories =======
 
2015-01-24 21:43 - 2015-01-26 17:47 - 0000300 _____ () C:\Users\Ben\AppData\Roaming\BreakingPoint_Login.ini
2015-01-24 21:43 - 2015-01-26 18:03 - 0001408 _____ () C:\Users\Ben\AppData\Roaming\BreakingPoint_Options.ini
2015-06-26 17:16 - 2015-06-26 17:17 - 1065984 _____ () C:\Users\Ben\AppData\Local\file__0.localstorage
2016-03-12 05:50 - 2016-03-12 05:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\ads.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\tu17p84.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-25 18:38
 
==================== End of FRST.txt ============================


And here is the addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Ben (27-08-2016 20:01:53)
Running from C:\Users\Ben\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-12 19:41:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2241758850-542122872-3492692867-500 - Administrator - Disabled)
Ben (S-1-5-21-2241758850-542122872-3492692867-1001 - Administrator - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-2241758850-542122872-3492692867-503 - Limited - Disabled)
Guest (S-1-5-21-2241758850-542122872-3492692867-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Blue Satin Skin (HKLM-x32\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version:  - FromSoftware, Inc)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dungeon Defenders (HKLM\...\Steam App 65800) (Version:  - Trendy Entertainment)
Dungeon of the Endless (HKLM\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 3 Patch v1.8 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.8 - )
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fantasy Voice Pack (HKLM-x32\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version:  - RobTop Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Halo Combat Evolved (HKLM-x32\...\Halo Combat Evolved) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 4.64 (HKLM\...\HWiNFO64_is1) (Version: 4.64 - Martin Malík - REALiX)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Modern War Sounds (x32 Version: 4.4.21 - Screaming Bee Inc.) Hidden
Modern War Sounds for MorphVOX (HKLM-x32\...\{c8bc883e-e88f-441e-83b3-4018ed97a0de}) (Version: 4.4.21 - Screaming Bee Inc.)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.15 - MSI)
MSI Kombustor 3.5.1 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.91 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{caac6227-8b9b-4b0e-86f5-c19a860bc9f2}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.13.2948.1 - Hi-Rez Studios)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spelunky (HKLM\...\Steam App 239350) (Version:  - )
Spotify (HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
STAR WARS™ Jedi Knight II: Jedi Outcast™ (HKLM\...\Steam App 6030) (Version:  - Raven Software)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
Unity Web Player (HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM\...\Steam App 201810) (Version:  - Machine Games)
Worms Revolution (HKLM\...\Steam App 200170) (Version:  - Team17 Digital Ltd)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2241758850-542122872-3492692867-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {022D5C40-A341-44B3-B81C-66A5229C912C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19D22E9B-2F7E-4E93-BD02-180EF7A93B1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {21FFEBFA-B767-4264-AC14-DA72076C1067} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {24F6D6D3-6B43-44BD-86FF-FA16E83071BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {258099DF-0C96-4A59-A2C8-683510812A8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3E718261-709A-4D4B-92A7-ABFBFA64B083} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {452BDA21-775F-441C-BD7A-AD4BB98DE923} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-22] (Microsoft Corporation)
Task: {4F9CB23E-5626-49CB-8B57-ED82631CD80F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7448AB74-D1CD-4E20-A349-F49B758B29F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {7977CEB8-76FD-4399-A72E-08F1720C0EDC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7E912E02-A446-437A-B81A-1C8446A1D7CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8114FB91-F4F3-439D-B72B-D870D4D968BB} - System32\Tasks\CCleanerSkipUAC => D:\CONTROLS\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {9A86339F-CCFB-450C-951E-2FC4198EE1A0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A8B756EB-2AAA-4FD6-B777-7BE64E003B2E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {AE3B5D46-6C50-4559-A1D1-2B4DB578C7CE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AFBCE10A-73E2-4159-A82D-8C97E51C2794} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B8F2E756-5C7B-49E3-94E4-48CBA929D0E5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {BA07E985-D9E4-466B-A867-BB942846F00A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BA9AEB42-A566-4F87-AC77-9C618FDD928E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {C45E9C94-B633-4E9C-83CA-62BCAFB4AD60} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {ED0E216B-6211-4137-A5CC-0A0F10FB1314} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EE485BE2-5FD0-4B78-8A53-32349411C73A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EF906622-600B-4EF0-BA0A-FE06865E72CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {EFFC3502-51C2-479C-955E-56D62F001E88} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F2A3F48E-08C7-4A1B-8F4D-C106FC7115B3} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {F8D70894-5684-495A-982A-6D3A1FF7CC6C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FE4C441D-B0DB-4530-A06D-273EE751D24F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-12 14:43 - 2014-12-12 14:42 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-02-04 18:24 - 2015-02-04 18:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-01-29 23:40 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-12 05:50 - 2013-07-04 06:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-01-10 19:02 - 2016-03-08 05:27 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-12 16:47 - 2016-03-08 05:27 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-12 16:47 - 2016-03-08 05:27 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2014-12-26 02:55 - 2015-07-23 18:29 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-12 05:50 - 2016-03-08 01:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 17:59 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 17:59 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-22 20:12 - 2016-08-22 20:12 - 01864384 _____ () C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-26 17:43 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-12 07:47 - 2016-03-12 07:47 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 18:00 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 17:59 - 2016-06-30 22:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 17:59 - 2016-06-30 22:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 17:59 - 2016-06-30 22:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 17:59 - 2016-06-30 22:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-27 12:13 - 2016-08-27 12:13 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_19.20.24006.0_x64__8wekyb3d8bbwe\XboxApp.exe
2016-08-27 12:13 - 2016-08-27 12:13 - 30085120 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_19.20.24006.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-07-29 18:21 - 2016-07-29 18:22 - 01651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_19.20.24006.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2016-03-12 05:50 - 2016-08-26 14:32 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-03-12 05:50 - 2013-07-04 06:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-04-03 19:48 - 2014-04-03 19:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-30 21:22 - 2016-03-08 05:27 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-22 20:12 - 2016-08-22 20:12 - 01383616 _____ () C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-22 20:12 - 2016-08-22 20:12 - 00118976 _____ () C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-24 21:53 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Ben\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 16:56 - 2016-08-25 16:56 - 01050296 _____ () \\?\C:\Users\Ben\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 16:56 - 2016-08-25 16:56 - 03793080 _____ () \\?\C:\Users\Ben\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 16:56 - 2016-08-25 16:56 - 00894136 _____ () \\?\C:\Users\Ben\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 16:56 - 2016-08-25 16:56 - 01119416 _____ () \\?\C:\Users\Ben\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2015-10-30 02:17 - 2015-10-30 02:17 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2016-08-24 21:53 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Ben\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-24 21:53 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Ben\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-08-27 12:09 - 2016-08-27 12:09 - 00170496 _____ () \\?\C:\Users\Ben\AppData\Local\Temp\9B19.tmp.node
2015-03-20 01:12 - 2016-08-27 14:21 - 51330160 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libcef.dll
2015-03-20 01:12 - 2016-08-27 14:21 - 01763952 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libglesv2.dll
2015-03-20 01:12 - 2016-08-27 14:21 - 00088176 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libegl.dll
2016-08-08 15:34 - 2016-08-02 19:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 15:34 - 2016-08-02 19:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\Desktop\Wallpapers\BFOBhDx.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "ic-0.2ac9e8bd99920c.exe -start"
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\...\StartupApproved\Run: => "EvolveClient"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E44FC652-8FBE-48ED-9285-E94D7ED342F1}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{988CB386-11A2-4AD4-8DE0-FE0957099462}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1FA28E15-A05B-44CB-AE9C-B3D14D6602D2}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{590CD1D6-AEBC-4729-9EFD-17F94B96BA36}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1D14AD1A-D070-4D39-A561-29F9E7C5F48B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1EF32CF3-ACF5-4440-B1E0-F994FA5B7507}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0AE759CA-A0CD-4A59-A917-B1920F777B80}] => (Allow) D:\SteamLibrary\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{AE891607-99A3-450E-97EB-918AE280D90B}] => (Allow) D:\SteamLibrary\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{9309424F-5316-4E0A-A354-83678F22A460}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{271B4C18-D794-43CB-A68A-F96392A1DE74}] => (Allow) D:\SteamLibrary\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F91F200A-C8F6-4656-A492-7193ACD5B537}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{CBDCEBD3-AE06-406C-8D1F-98D1B97485C9}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{DF3EDE47-A7E9-4C24-BC11-183961CD307D}] => (Allow) D:\EvolveClient.exe
FirewallRules: [{8386BC78-D51F-4150-936F-ED53AD467712}] => (Allow) D:\EvoSvc.exe
FirewallRules: [{DE702516-58CA-41A9-AB40-D0F4B3F207FB}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{0634F17E-DDF0-464B-BD93-AA2629A95FB0}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F850D973-198D-4B42-99CE-9FA26D51311C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{23B10C7C-29DF-47F2-ACDB-E19B6980055D}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{55FB32CE-F702-4013-8D1C-352992787E69}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{12734C55-9A4B-4189-9B7A-E9622DD18031}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{8E5486A9-192C-43DF-B133-12E2E60B449F}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{DBD98FFC-7635-4B03-AC73-349942B87601}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{5D031CE1-9616-499B-BD3C-7A4D19E8D732}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8593E2B9-9AF9-455D-B318-9FB14DB79D68}] => (Allow) D:\SteamLibrary\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{7DECDE31-135C-4D34-8062-A3B674DEBF73}] => (Allow) D:\SteamLibrary\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{588E6828-E8E2-44C3-89D1-C0E38CC46DFF}] => (Allow) D:\SteamLibrary\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{600222B2-A4C4-4492-B62C-15DE71CCEAC9}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B049E0F5-3605-4D53-AC89-99469ACCEBAA}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{0E9F26B7-AAAA-4339-9D6B-0014420D31DD}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{AEB92359-F17A-4BD8-A30E-EDBCF191FE6A}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{F8309B80-F56C-40A2-BC49-9C2671A70D5A}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{DB5EFF4A-EA07-4249-8543-E3166BDEE737}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{19263AAB-A77B-4F34-AD9A-8EBA758E1291}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{19E4F54B-2A09-4888-812E-43A3E8355E94}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{93C77BBB-9750-4684-8CB8-A1CCD3CB8A2E}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9884EA19-5AF1-4194-B401-61F3E8E959C8}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{96AE2860-693F-48EC-AF2C-6B308F9FF58E}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{8F922CCF-286E-4E47-904C-4FC2FB3CD678}D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{8CF2A43F-67EC-4B0D-B3BF-EB302428C22C}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{C01D10D2-FE4E-4065-A23A-E6ED4C825561}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{9C42DF66-4A7A-42D3-9BF3-9A5871D55AE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{593D8303-3B84-4DCC-9B3B-FDC4ACF31674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A9FE481F-C441-4667-BB47-285CD9979295}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2C3AD5C1-5FA0-450D-AE24-5591517F6B36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F0CD12A7-5E63-4DF0-84D9-DA58011D1BB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A5B76D68-6DEA-40B8-B3B4-C348873BA7BA}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{BECC4B09-534B-41B5-82FA-8E3187BDB7C4}] => (Allow) D:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{843C7951-0637-4787-ACC6-A0297AF7C0E6}] => (Allow) D:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{F75D8309-2B15-4391-84FB-F3E843FE240A}] => (Allow) D:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{C4DA5A6B-D837-42E8-8C25-3FA7C3BAD2DE}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4719FD58-E8DE-4B0A-A859-DEB621F64CDA}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2C63DD95-5E90-4EC4-AC5B-45172A11FE15}] => (Allow) D:\BattleNet\Diablo III\Hearthstone\Hearthstone.exe
FirewallRules: [{EDF0CE0A-732E-48C5-A7CF-F70ACA059A06}] => (Allow) D:\BattleNet\Diablo III\Hearthstone\Hearthstone.exe
FirewallRules: [{299A0AC8-F1F4-43F3-B8BB-C8AD2686FBF7}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{E7DC46A1-C130-49C7-B7D1-0499D3F5B6E4}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [UDP Query User{1FA38544-36CE-4BCC-B6C6-4D30F2D72B5B}D:\halo.exe] => (Allow) D:\halo.exe
FirewallRules: [TCP Query User{795C1A95-89D5-4BD4-B3BD-D2FA0DA4AB84}D:\halo.exe] => (Allow) D:\halo.exe
FirewallRules: [UDP Query User{0E3413BE-021A-4F2D-9796-715BBE22CEBD}C:\users\ben\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ben\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{BF6E2771-5459-4B75-83E1-619F61140F1F}C:\users\ben\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\ben\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{2AAE589C-6AB0-4DED-BBAE-179C48EF3FA4}D:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{E2F33B91-D6C3-4A80-8D51-0E599E0BB6E5}D:\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{806F558B-9045-4348-BBF6-A130B941D7EE}D:\battlenet\diablo iii\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\battlenet\diablo iii\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{60E20797-8871-4ACD-BDDD-8BE99593DCA1}D:\battlenet\diablo iii\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\battlenet\diablo iii\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{851A34BB-CC47-4E78-A78F-86CD39610B21}] => (Block) D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{E579EE77-589D-4452-B329-C147D2AA1225}] => (Block) D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{BE1DDC07-515D-430F-B88B-C63D23DA5060}D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{0CAB1E8E-4693-4995-B748-1FEAAD964265}D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{9A092F89-803B-4EC8-87FE-677513C8234B}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{21D39AFF-E0F3-46F7-9DA9-24E1B1CCBF03}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{929D4F8D-DDDC-4DDB-A495-02799EB9EB14}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{649B6312-55C6-4A48-BAEE-E9AC22111F9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6EB48D45-FD8C-4CA6-B488-3CC530469959}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B6C5EAFC-4D84-4730-B659-8E986B71F14B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C3DD6B88-7929-4911-9FC9-0E2C9515D3BD}] => (Allow) D:\Evolve\EvolveClient.exe
FirewallRules: [{AED818E2-3F7F-4B99-A9F3-091ED8B53B7F}] => (Allow) D:\Evolve\EvoSvc.exe
FirewallRules: [{840C0515-E5C0-48CE-A468-7965A94E7C98}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{0AD93B18-26CE-4392-B186-0D1CA77B312A}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [UDP Query User{41361B22-7F6B-40DB-AE25-787141044248}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{70139E9A-E5A4-408F-9A08-F404BF36BF5E}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A5342E45-4500-4473-B755-6CE5899053D9}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{8BA980D0-FB34-42EB-B54B-674B78F968F0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6A7A0482-C6A2-4BAE-AA9B-216A5E2F1B8A}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7AD3002D-119B-4F8E-AD95-57068D3EFFD0}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B4DBB06E-2EFB-47A8-9DA7-E26A8B0B3051}] => (Allow) D:\BattleNet\Diablo III\Diablo III\Diablo III.exe
FirewallRules: [{B3416EFA-EFC9-4513-90C1-CCA32923ED63}] => (Allow) D:\BattleNet\Diablo III\Diablo III\Diablo III.exe
FirewallRules: [{DD038DC6-5B61-482E-BFB6-3CE6103E44DC}] => (Allow) D:\BattleNet\Battle.net\Battle.net.exe
FirewallRules: [{E26063EB-F360-462E-B593-58723398A723}] => (Allow) D:\BattleNet\Battle.net\Battle.net.exe
FirewallRules: [{7068AE3E-1438-4C1C-A879-D2F035EA6D01}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{9FDB0730-1074-4EC7-9512-8A1EED7CFA96}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B1852B91-57E2-4C40-833B-0F59CDC4861F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B1A94BF4-71E1-45FB-B66F-D9AEB123450F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7A5039D4-C0D4-4AF0-A82B-773E836699B5}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{57AEFC4F-162B-4806-9132-577454ED04B0}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3AD2C8AA-26DE-4836-A8FD-07A1DFD73EDB}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5953FD76-B408-40BD-ACD1-4B4AC67D75D3}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B9A3C625-68EF-4EA7-AF92-943873C7B0B7}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0141D691-38B1-4853-8ABE-4F1C6B3AB9CF}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{BFF36B19-E225-4710-AEDA-0150B4C473A2}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1A11B9B4-846D-4D3C-833C-5099225F7538}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{21686680-DA60-461A-AAD6-8C6836B3FF00}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{C37A4EC0-3A10-4D55-97B8-2CC6E07A11B4}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [UDP Query User{80334B7E-5549-4D88-8B19-FDEED3A99240}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F340F3CF-0DEB-4C66-B9DB-99012CA7E5E4}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{19915EC9-A652-4FC2-BAC2-22D23251CF5E}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C89C6EA6-4647-4C42-9903-321069834302}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{E37E0CBC-B3BF-4472-8E3B-6A91A8A65D25}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{952C5030-5205-4218-84B6-EBE7CE1631E5}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{9F96F4C2-139D-42CC-9276-D1EFD5523782}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E684FC45-664B-44B5-B796-D5CD9EB2EDA9}] => (Allow) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{EBC44C1C-A16D-43F0-8A3A-965877FB570D}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [TCP Query User{328871AE-976D-4AE7-AC50-B4307E697766}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{4B428B46-D8FA-4312-BCF5-4494D993A53D}] => (Allow) D:\SteamLibrary\steamapps\common\Elsword\data\x2.exe
FirewallRules: [{6011A959-C312-4039-9705-E76D70ADEEDF}] => (Allow) D:\SteamLibrary\steamapps\common\Elsword\data\x2.exe
FirewallRules: [{5AF65861-F41D-452B-956E-FDDF25CCACEA}] => (Allow) C:\Users\Ben\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7C4488ED-D106-45D8-9545-8F8DB843C117}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [{D53166DC-C229-45AF-A7E1-6154F24495CF}] => (Allow) D:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [UDP Query User{8AF342FA-37B9-4421-B28F-200BCEB62D23}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{931308F8-1A09-4AFB-A3B9-A3BDEFE340DD}D:\steamlibrary\steamapps\common\dayz\dayz.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{C8EE0635-EEEB-4D59-817A-B80956B237D0}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9F0FF0B4-1D87-46CC-A7B3-5987F9164537}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2B56CB4B-2C45-4731-AE2B-5B60B2AFD5DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9E311B54-0F4D-43CF-9E52-227428C5904C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{27857ECC-BF5D-4FF1-B9F6-B5A1344C15B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CC62071D-CE9D-41E8-9364-EFE50C093771}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{E0096A77-7CA0-494E-9793-15A44D30296F}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{70F5FFCF-29E8-4B16-A72B-BFD6FEC28D8F}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2C544BF3-6E12-4D2F-BD7A-EBAA3F10D67A}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{AF07687C-3E43-439F-940A-8F933F0C45DC}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{CAD327D3-4AA8-48C9-BCC6-B8571AA0C4B6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{79BCC9CA-F7A4-42A7-9081-DCD843D2F979}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{F4BDC8E4-2963-48F8-96EF-DA3DC285FF5A}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{1B81716C-8411-4A39-B1D0-6F75235E9604}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{03BC7743-9A7D-49C8-AE76-6E650DA75DF1}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{419D4A5E-59D6-4B48-9379-49C6CEE30CCA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B27CB15-ED27-4CEB-90B4-4472B98E9A35}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{55145A92-4124-4FEA-8189-094F8277303E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DAE0FD06-9762-4BAB-BDFB-5E83FEC03756}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3C109CBE-B91D-4A32-BD10-D644F8EE20DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D8D2E38F-7C98-463A-9053-C779E9CADFCE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D004BD17-CF05-4A4D-B57B-EC093FA7F1A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{91E2ED01-B8D7-4BCD-A7FE-C3D6A74D1E0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1F75F644-745E-4CBA-9309-23EE76C5671D}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{66D01A98-3153-47EA-8B21-C24D02F1B563}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1892D1F3-3097-4B89-9E43-21C35D0A035C}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{78F2ACEE-1362-4DA6-85CE-765F44C43151}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [TCP Query User{9333B15F-2E70-4649-A1CD-C942BECA5A16}D:\battlenet\diablo iii\overwatch\overwatch.exe] => (Allow) D:\battlenet\diablo iii\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E0D71A9E-1ED3-49FA-AB59-66DF8E1912E4}D:\battlenet\diablo iii\overwatch\overwatch.exe] => (Allow) D:\battlenet\diablo iii\overwatch\overwatch.exe
FirewallRules: [{C18D203B-415E-4332-AD4A-A96CDFD047AF}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD05AA5B-B13E-4835-8C3A-3F70DBD4C6A4}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{730639DC-455D-42A7-8C2A-91C136C1BB52}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C70C054D-EB06-4EC2-8249-DE679DC896CB}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B4CDD9EA-B4F4-49F2-AE82-744D33262893}] => (Allow) D:\SteamLibrary\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{2A556B63-7C3D-4EB5-B1C9-F8544D80D9E0}] => (Allow) D:\SteamLibrary\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{A76B306B-8725-4412-A924-60F79427BC65}] => (Allow) D:\SteamLibrary\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{7508D98C-9112-4F8A-B13F-3B8392312832}] => (Allow) D:\SteamLibrary\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{B63E4EAE-5B43-439F-B8FF-B6ABD7D89DD8}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{5F1605AD-E2EF-4545-9283-4C4BFE53C941}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{7E1591DC-8C50-460D-BDE0-514E62727A3C}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{29C1E424-E114-4A4B-B140-34FBE8DE145E}] => (Allow) D:\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{2B76F001-A2BE-49FF-B387-E3F883DEBB67}] => (Allow) D:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{FBC6F025-B4F1-4521-885C-2977899B79CD}] => (Allow) D:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{246F024A-1172-479E-9A18-025033E2C485}] => (Allow) D:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{CCFF7CF3-A183-478A-83AD-0911A8D1B5C1}] => (Allow) D:\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{2003F28C-258F-4BE5-A3AA-AD6B3677DB1B}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E05DE35A-AB77-45A4-B9B4-6DA1FAE4EACC}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{245B7550-2F7F-4D12-AD44-9D6B2F3EF076}] => (Allow) D:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{0A432ED6-4DE4-4B6D-AB5F-9946FE9CAA37}] => (Allow) D:\SteamLibrary\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{DC8C8316-AC3D-4C15-88FF-85D84FE5CCE0}] => (Allow) D:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{F11CC8FE-1655-4B6E-B056-B7B2FDA9EBB5}] => (Allow) D:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{04F32946-49D7-411A-9C4C-9482C73B833E}] => (Allow) D:\EvoSvc.exe
FirewallRules: [{17AD1854-2B42-4E91-988C-DD540DE35495}] => (Allow) D:\EvolveClient.exe
FirewallRules: [{974FD459-94AB-46F1-A325-D881BCD40D0B}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{6BF2AA42-C527-41AE-ADEB-175CC93F81CB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{36E0BB99-2433-4C81-A583-F284FF640B90}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{A21A60D0-EF12-4D9C-8272-C357E1169E18}] => (Allow) D:\SteamLibrary\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{CBEFBFDC-4522-4700-A182-420F6808BB15}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{74DFF863-8B31-468C-8384-529F0686E3CF}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{D80E5219-1653-4ADC-BF04-08F2FB07BEA3}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{E3071BA3-614E-470E-A630-14BC199E30BE}] => (Allow) D:\SteamLibrary\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [TCP Query User{331E199F-1D7A-4D6C-A01C-A9E15A20B2B1}D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{E8A58C99-C210-4989-AFA4-CFD2234ACAEE}D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{A3DC9C1F-3886-45AE-BEF7-555A8A279603}] => (Block) D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{B83C959B-867D-4760-843D-33621C84CB1A}] => (Block) D:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{5FAD93C1-321D-431D-ADF5-D9C77AB5B807}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{93E32C2D-DE43-479B-A284-197F7ED2441B}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{C964FC47-656C-46F4-A7B4-A6E7C2402687}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7810BB99-B0A0-47AB-A913-50BCC91B6DC0}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{18C0D015-FC8F-431D-9E45-DA69FA4B48A7}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{D730DA77-BFB8-49EE-B0B8-6673366CE97F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{AB45A60D-5989-4B37-9235-08239F2BA6CB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{D6FDD022-5E67-4434-98B4-48CF79121A1F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{B5627F40-32ED-4C69-9433-3ADF44217B95}] => (Allow) D:\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{8557956E-B1D6-4F37-89BA-B940E19F0C08}] => (Allow) D:\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [TCP Query User{9F62A1BF-0918-47D7-8724-200BB379DF06}C:\users\ben\downloads\frozlunky.exe] => (Allow) C:\users\ben\downloads\frozlunky.exe
FirewallRules: [UDP Query User{0B93CC00-E91B-4FDC-888A-31A9C5C614B7}C:\users\ben\downloads\frozlunky.exe] => (Allow) C:\users\ben\downloads\frozlunky.exe
FirewallRules: [{CB4EB49B-9768-4A60-A8E8-6D2ACE1A69A3}] => (Block) C:\users\ben\downloads\frozlunky.exe
FirewallRules: [{AC1C2BF0-0E8D-4ACE-A6AD-1145D7BAB1C1}] => (Block) C:\users\ben\downloads\frozlunky.exe
FirewallRules: [{3EA266AF-9180-4063-98DA-7CCAED96034F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{13778D1D-1070-4E7A-A884-3273CF1586C6}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{7A646D33-8040-4C8A-9200-E7ACE638F490}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{8A7D0679-16C9-434C-9922-6AC7B7676496}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{5E74B9EC-3D96-4523-BD0D-E59DA2756205}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [TCP Query User{CB2CEADA-0DB5-4F17-8CDF-E68E20B80D99}D:\stepmania 5\program\stepmania.exe] => (Allow) D:\stepmania 5\program\stepmania.exe
FirewallRules: [UDP Query User{5AB05F32-4DD4-46EF-A64F-066978A42D82}D:\stepmania 5\program\stepmania.exe] => (Allow) D:\stepmania 5\program\stepmania.exe
FirewallRules: [{2DB5F279-42BF-44A1-A1D3-AA456F9CB04F}] => (Block) D:\stepmania 5\program\stepmania.exe
FirewallRules: [{9E4D4612-E771-4F0C-8F55-A75CF1F46467}] => (Block) D:\stepmania 5\program\stepmania.exe
FirewallRules: [{37774E25-A44F-4D9E-BD7E-C0703510BA79}] => (Allow) C:\Users\Ben\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{019297BE-2797-4C05-8CCF-3501A0B93643}] => (Allow) C:\Users\Ben\AppData\Local\Temp\MPCOnline\MPCDownload.exe
 
==================== Restore Points =========================
 
26-08-2016 21:23:23 Removed Furry Voices for Second Life
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2016 09:23:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/23/2016 04:11:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BENSBUILD)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 04:10:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BENSBUILD)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 04:04:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ben\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/22/2016 07:30:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/22/2016 07:30:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1240fa72-8efb-4e7e-bdca-aa94ba737d3a}
 
Error: (08/21/2016 08:13:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/21/2016 08:11:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ben\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/21/2016 08:10:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/21/2016 06:55:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
 
System errors:
=============
Error: (08/27/2016 12:20:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/27/2016 04:47:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_17184c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 04:47:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_17184c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 04:47:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_17184c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 04:47:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_17184c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 03:26:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/26/2016 09:24:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/26/2016 09:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/26/2016 02:34:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/26/2016 02:32:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-20 20:43:55.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 13:53:20.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 04:58:17.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 03:40:03.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 14:56:12.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 04:18:50.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-17 03:55:27.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 16:19:06.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 04:18:23.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-14 14:36:32.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 51%
Total physical RAM: 8135.06 MB
Available physical RAM: 3959.74 MB
Total Virtual: 9517.4 MB
Available Virtual: 4147.23 MB
 
==================== Drives ================================
 
Drive c: (Solid State Drive) (Fixed) (Total:111.01 GB) (Free:60.91 GB) NTFS
Drive d: (Hard Drive) (Fixed) (Total:931.51 GB) (Free:381.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: FEBA7FE8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 349AA132)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 27 August 2016 - 08:59 PM

Thank you Ben, nice to meet you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ic-0.2ac9e8bd99920c.exe -start] => C:\Users\Ben\AppData\Local\Temp\442746687\ic-0.2ac9e8bd99920c.exe -start
C:\Users\Ben\AppData\Local\Temp\442746687
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UkcQZkVU; C:\Program Files (x86)\WebShield\WebShield.exe [X]
U0 aswVmm; no ImagePath
R4 EuMusDesignVirtualAudioCableWdm; \SystemRoot\system32\DRIVERS\vrtaucbl.sys [X]
C:\Users\Ben\AppData\Local\Temp\ads.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\tu17p84.exe
Task: {022D5C40-A341-44B3-B81C-66A5229C912C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {19D22E9B-2F7E-4E93-BD02-180EF7A93B1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d 
Task: {21FFEBFA-B767-4264-AC14-DA72076C1067} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d 
Task: {258099DF-0C96-4A59-A2C8-683510812A8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d 
Task: {4F9CB23E-5626-49CB-8B57-ED82631CD80F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d 
Task: {7977CEB8-76FD-4399-A72E-08F1720C0EDC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime 
Task: {7E912E02-A446-437A-B81A-1C8446A1D7CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess 
Task: {9A86339F-CCFB-450C-951E-2FC4198EE1A0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent 
Task: {AE3B5D46-6C50-4559-A1D1-2B4DB578C7CE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d 
Task: {BA07E985-D9E4-466B-A867-BB942846F00A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B 
Task: {ED0E216B-6211-4137-A5CC-0A0F10FB1314} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime 
Task: {EE485BE2-5FD0-4B78-8A53-32349411C73A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d 
Task: {EFFC3502-51C2-479C-955E-56D62F001E88} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent 
2016-08-27 12:09 - 2016-08-27 12:09 - 00170496 _____ () \\?\C:\Users\Ben\AppData\Local\Temp\9B19.tmp.node
File: C:\WINDOWS\system32\hst.pcm
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
ic-0.2ac9e8bd99920c.exe
  • Click Search Registry button
  • When completed click OK and a Searchreg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • searchreg.txt
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 August 2016 - 09:24 PM

I would just like to say that I haven't seen any signs of malware since I posted this topic.

I'm just paranoid that something is still in my system that will trigger eventually.

I am able to play video games fine now, the adware hasn't come back. If you don't notice any signs of malware throughout this process and believe that my computer is fine I will take your word on it. (I'm just saying this because I really haven't seen any issues since I posted this, which is strange.)

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Ben (27-08-2016 21:14:55) Run:1
Running from C:\Users\Ben\Desktop\FRST things
Loaded Profiles: Ben (Available Profiles: Ben)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ic-0.2ac9e8bd99920c.exe -start] => C:\Users\Ben\AppData\Local\Temp\442746687\ic-0.2ac9e8bd99920c.exe -start
C:\Users\Ben\AppData\Local\Temp\442746687
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-2241758850-542122872-3492692867-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 UkcQZkVU; C:\Program Files (x86)\WebShield\WebShield.exe [X]
U0 aswVmm; no ImagePath
R4 EuMusDesignVirtualAudioCableWdm; \SystemRoot\system32\DRIVERS\vrtaucbl.sys [X]
C:\Users\Ben\AppData\Local\Temp\ads.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\tu17p84.exe
Task: {022D5C40-A341-44B3-B81C-66A5229C912C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {19D22E9B-2F7E-4E93-BD02-180EF7A93B1B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d 
Task: {21FFEBFA-B767-4264-AC14-DA72076C1067} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d 
Task: {258099DF-0C96-4A59-A2C8-683510812A8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d 
Task: {4F9CB23E-5626-49CB-8B57-ED82631CD80F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d 
Task: {7977CEB8-76FD-4399-A72E-08F1720C0EDC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime 
Task: {7E912E02-A446-437A-B81A-1C8446A1D7CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess 
Task: {9A86339F-CCFB-450C-951E-2FC4198EE1A0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent 
Task: {AE3B5D46-6C50-4559-A1D1-2B4DB578C7CE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d 
Task: {BA07E985-D9E4-466B-A867-BB942846F00A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B 
Task: {ED0E216B-6211-4137-A5CC-0A0F10FB1314} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime 
Task: {EE485BE2-5FD0-4B78-8A53-32349411C73A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d 
Task: {EFFC3502-51C2-479C-955E-56D62F001E88} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent 
2016-08-27 12:09 - 2016-08-27 12:09 - 00170496 _____ () \\?\C:\Users\Ben\AppData\Local\Temp\9B19.tmp.node
File: C:\WINDOWS\system32\hst.pcm
hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ic-0.2ac9e8bd99920c.exe -start => value removed successfully
C:\Users\Ben\AppData\Local\Temp\442746687 => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2241758850-542122872-3492692867-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
UkcQZkVU => service removed successfully
aswVmm => service removed successfully
EuMusDesignVirtualAudioCableWdm => service removed successfully
C:\Users\Ben\AppData\Local\Temp\ads.exe => moved successfully
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe => moved successfully
C:\Users\Ben\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Ben\AppData\Local\Temp\tu17p84.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{022D5C40-A341-44B3-B81C-66A5229C912C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{022D5C40-A341-44B3-B81C-66A5229C912C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19D22E9B-2F7E-4E93-BD02-180EF7A93B1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19D22E9B-2F7E-4E93-BD02-180EF7A93B1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21FFEBFA-B767-4264-AC14-DA72076C1067}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21FFEBFA-B767-4264-AC14-DA72076C1067}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{258099DF-0C96-4A59-A2C8-683510812A8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258099DF-0C96-4A59-A2C8-683510812A8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F9CB23E-5626-49CB-8B57-ED82631CD80F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F9CB23E-5626-49CB-8B57-ED82631CD80F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7977CEB8-76FD-4399-A72E-08F1720C0EDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7977CEB8-76FD-4399-A72E-08F1720C0EDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E912E02-A446-437A-B81A-1C8446A1D7CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E912E02-A446-437A-B81A-1C8446A1D7CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A86339F-CCFB-450C-951E-2FC4198EE1A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A86339F-CCFB-450C-951E-2FC4198EE1A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE3B5D46-6C50-4559-A1D1-2B4DB578C7CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE3B5D46-6C50-4559-A1D1-2B4DB578C7CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA07E985-D9E4-466B-A867-BB942846F00A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA07E985-D9E4-466B-A867-BB942846F00A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED0E216B-6211-4137-A5CC-0A0F10FB1314}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED0E216B-6211-4137-A5CC-0A0F10FB1314}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE485BE2-5FD0-4B78-8A53-32349411C73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE485BE2-5FD0-4B78-8A53-32349411C73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFFC3502-51C2-479C-955E-56D62F001E88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFFC3502-51C2-479C-955E-56D62F001E88}" => key removed successfully
C:\Users\Ben\AppData\Local\Temp\9B19.tmp.node => moved successfully
 
========================= File: C:\WINDOWS\system32\hst.pcm ========================
 
File not signed
MD5: 758F3EC544F8F642FB7DAF169733A8BE
Creation and modification date: 2016-08-20 20:25 - 2016-08-20 20:25
Size: 0007550
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:14:56 ====


Here is the searchreg:

Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Ben (27-08-2016 21:24:19)
Running from C:\Users\Ben\Desktop\FRST things
Boot Mode: Normal
 
================== Search Registry: "ic-0.2ac9e8bd99920c.exe" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"ic-0.2ac9e8bd99920c.exe -start"="0x03000000812C992B4CFBD101"
 
====== End of Search ======

 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 27 August 2016 - 09:43 PM

Hi Ben.

Though you may not be experiencing symptoms there were some entries which needed to be removed. Hopefully their removal will stop any reoccurrences.

Please do these things for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\WINDOWS\system32\hst.pcm
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"ic-0.2ac9e8bd99920c.exe -start"=-
EndRegedit:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 August 2016 - 10:02 PM

Not sure if it matters but while I was updating the Emsisoft program, windows defender said it detected and removed some malware.

Anyways here is the Fixlog:
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Ben (27-08-2016 21:47:46) Run:2
Running from C:\Users\Ben\Desktop\FRST things
Loaded Profiles: Ben (Available Profiles: Ben)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\system32\hst.pcm
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"ic-0.2ac9e8bd99920c.exe -start"=-
EndRegedit:
emptytemp:
*****************
 
C:\WINDOWS\system32\hst.pcm => moved successfully
 
====> Registry
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16936453 B
Java, Flash, Steam htmlcache => 401316727 B
Windows/system/drivers => 95397066 B
Edge => 462569 B
Chrome => 96496994 B
Firefox => 6332022 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 107326 B
NetworkService => 0 B
Ben => 1992734002 B
 
RecycleBin => 2001515 B
EmptyTemp: => 2.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:48:04 ====

Here is the Emsisoft Log:

Emsisoft Emergency Kit - Version 11.9
Last update: 8/27/2016 9:54:46 PM
User account: BENSBUILD\Ben
Computer name: BENSBUILD
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 8/27/2016 9:56:08 PM
 
Scanned 96721
Found 0
 
Scan end: 8/27/2016 9:58:01 PM
Scan time: 0:01:53


Here is the Security Check log:

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Zemana AntiMalware    
  Adobe Flash Player 17.0.0.169 Flash Player out of Date!  
 Google Chrome (51.0.2704.103) 
 Google Chrome (52.0.2743.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Zemana AntiMalware ZAM.exe   
 Windows Defender MpCmdRun.exe   
 Windows Defender msascui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 27 August 2016 - 10:20 PM

Did Windows Defender identify the entry?

Please do this.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"ic-0.2ac9e8bd99920c.exe -start"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer
===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck optional offers
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click the Desktop icon
  • Select Allow Adobe to install updates (recommended)
  • When completed click Finish
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Defender detection
  • Did the registry file merge?
  • Did Adobe update properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 27 August 2016 - 10:31 PM

Hi Ben,

Just wanted you to know I am ending for the night but will check back in first thing in the morning. Didn't want to just slam the door in your face.

G'nite.......
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 28 August 2016 - 02:30 AM

The file was merged properly and my adobe has updated

As for the windows defender detection I'm not exactly sure where I'm supposed to look but it says that it quarantined these items today at 9:54PM my time:

Trojan:Win32/Skeeyah.A!rfn
Trojan:Win32/Dynamer!ac
Adware:Win32/EoRezo



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 28 August 2016 - 08:14 AM

Greetings and thank you for the information. Unfortunately that is not good news. Let me advise you of the following before we do anything else and you can tell me how you want to proceed.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 28 August 2016 - 02:09 PM

Alright well thanks for all of the insight and information. I was already considering reformatting my computer so lets do that. 

If you don't mind could you tell me or link me on the proper way to do this because after looking it up I really haven't found any clear directions on how to reformat.

Other than that I have a few questions:

  • I don't really know of any personal files on this computer that I NEED to save. I was wondering if there is any files that you think I would 100% need to backup?
  • Do my video game saves get deleted?
  • Are there any risks to reformatting?

Thanks for all the help Gary, I truly appreciate it.


 


Edited by Nebula_99, 28 August 2016 - 02:10 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 28 August 2016 - 02:26 PM

Hi Ben.

Sorry about the bad news and I think you are wise to reformat.

Here is how we should go about this. First, back up all of your data files, video game saves, pictures, music, documents, etc. onto an external drive. Depending on how much data that is you can use a USB or a regular external drive. Once that is done I will provide instructions for you to scan all of that information to make sure it is safe to put back on your clean machine.

Let's start with a few questions then we will go from there.

  • Do you know if you have a Recovery Partition on your hard drive? It appears that you do not but I need to be sure.
  • Was your original Operating System Windows 10 or did you upgrade to that. If an Upgrade what other Operating System(s) did you have?
  • Do you have the full installation disks from your original Operating System (Windows 10, 8, 7, etc.)?
  • Do you have access to the Product Key number for your original Windows Operating System on your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Nebula_99

Nebula_99
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 29 August 2016 - 04:30 PM

Hi Gary sorry for the late reply. Honestly after looking through my files I do not have much that I want to keep. I found out that steam automatically backs up my game saves via the could. So I should be ready.

Answers to questions:
 

  • Do you know if you have a Recovery Partition on your hard drive? It appears that you do not but I need to be sure.
    I'm not sure, if it doesn't look like it I probably don't. I looked up what it is and I believe I don't but I could be looking at the wrong thing.
  • Was your original Operating System Windows 10 or did you upgrade to that. If an Upgrade what other Operating System(s) did you have?
     I started on Windows 8.1 and upgraded to Windows 10.
  • Do you have the full installation disks from your original Operating System (Windows 10, 8, 7, etc.)?
     No I didn't use installation disks to install my OS. I used the USB method.
  • Do you have access to the Product Key number for your original Windows Operating System on your computer?
     Not that I know of. Where would I look, or is there a way to find it on my computer?

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 AM

Posted 29 August 2016 - 05:48 PM

OK.

Do you still have a USB device with the software to install the full version of Windows 8.1?

Look for a Windows sticker either on the back or the bottom of your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users