Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something keeps reseting windows settings of hidden folders


  • Please log in to reply
15 replies to this topic

#1 Destroyer140

Destroyer140

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 14 October 2016 - 09:57 PM

Hi!
 
What happened:
Today I've been backing up data for a relative because she said that her "laptop is acting weird, all the icons gone missing etc...", and since she got the laptop from her grand daughter who's a psychologist and had tons of must have data on it, my task was to back everything up since "the laptop might be dying".

Knowing how easily elderly ppl can over exaggerate problems I did the first thing that came to mind and checked if desktop icons were hidden on the laptop and that was it, just as I suspected. But shortly after that I noticed that the laptop indeed behaving weird, like the entire keyboard didn't work and despite that, it's as if the ctrl key would been being held non stop, no matter what I tried to solve that.

But to actually waste no more time and get to the point:

So I quickly got frustrated trying to copy paste ~60gb of data dating back to something over a whole decade and moving all it by 7GB pendrive, while having to create every folder name by virtual keyboard, and I did the thing that any lazy ppl would have done: "Pop the laptop's HDD out of it, and attach it to my PC to get over the whole thing faster and don't go insane in the process"

Or so did I thought...

 

Detailing of the infected PC in question begins from here:

So while copying the files over at a much more bearable speed and enjoying the luxury of having a keyboard under my hands that "actually works" I could easily set up the folders I wanted to neatly, categorisedly back stuff up and started copying over everything, during which Bitdefender Total Security 2016 screamed at me about 4 time about infected files, which I could promptly quarantine/delete.

The whole thing finished, and that was that I thought. But since I copied over the first few gigs on pendrive, and since it came from a seemingly infected laptop I did (or at least tried) to do the smart thing and turned on "Show hidden files, folders and drives" and uncheck "Hide protected operating system files (Recommended)".

Since I seen nothing ordinary I decided to revert the previously changed settings, only to my surprise that despite me making the above mentioned changes not even half a minute ago, the OS file specific option was already re checked while the hidden files/folders/drives option is seemingly set to an invalid value as neither hide or show is checked (attacment 001.jpg)

Not liking the look of that (for obvious reason) I did try again only to realize that the setting keeps revert back to that no matter what I do, and from previous experiences, this is obviously something unwanted that has real time access to my windows settings under the nose of my top of the line AV that haven't failed me for 2 year straight and also something that's trying it's damnest to remain hidden and utterly fails/refuses to remain discrete about it.

Fast forward about 10 hour:

After trying my "if all else fails" train of powerful tools: Rkill-->TDSS Killer-->Combofix-->MBAM(only on demand scanner so as to avoid conflicting AVs)-->AdwCleaner (Sidenote: I'm aware that without a trained expert's supervision I'm running Combofix at my own risk) only to have them come up clean/only the usual false positives, and trying new things like Rogue Killer, and going as far as to just carefully run a gmer scan (that's one tool I'm still rather uncomfortable with) to see if anything comes up "red" (nothing was marked with red on finishing a quick scan) I'm feeling utterly defeated... This is just about an accurate depiction of my expression as more and more stuff came up without results as time gone by, despite something obviously being very wrong.

 

So here I am too terrified to turn my PC off in fear that "whatever it is on it, will very likely just dig it self in even harder on the first reboot after infection" and decided it's time to ask for help from actual professionals.

 

Small update before even creating the new topic:

By the time I finised typeing all this and generating and attaching the Farbar logs I also noticed that things are progressively slowing down, like I get 15-30 sec freezes at seemingly random intervals, gmer which I ran and closed hours ago still seems to show up in process explorer while being bloated to 545.9MB ram and it's seems impossible to kill the process.

Update 1:

Whatever this is, it completely break Bitdefender, it's not even possible to run a quick scan anymore because the quick scan window just counting the time that passed since it's start second by second and it sits on "0 Scanned Items"

 

Update 2:

I did ended up shutting down the pc for the night after all ,considering that it has slowed down to a kind of un useable pace and it was impossible to sleep next to. But here is a thing: I'm not sure which scanner/security tool did that, but upon turning on the PC the next day, it booted fine and after the usual windows 7 loading screen finished instead of the "Greetings" screen there was a black screen with white letters on it saying something I'm unable to recall since of just waking up and still staring half asleep at the screen, but it was something along the lines of "the antivirus that's installed on this pc is performing (some kind of) scan" which it promptly did for about 30 second then my os finished booting at a speed which completely defy the state I shut it down in yesterday.

Also nothing seems to mess with folder setting anymore so I'd (very tentatively) say the issue looks resolved, however I'd like to go for sure so I'd appreciate if someone would guide me through running tools that create logs that might indicate traces of leftover stuff if there is any.

 

But one thing is absolutely sure: Never in my life I will ever connect a hard drive to my PC that's coming from untrusted sources, 2 out of 2 time it didn't go well, and it seems messing with windows settings to prevent windows touching anything that has an autorun file on it didn't help at all...

 

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Mothership Zeta (administrator) on MOTHERSHIP-ZETA (15-10-2016 04:18:36)
Running from C:\Users\Mothership Zeta\Desktop
Loaded Profiles: Mothership Zeta (Available Profiles: Mothership Zeta)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(VMware, Inc.) D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Piotr Pawlowski) D:\Program Files (x86)\foobar2000\foobar2000.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Disc Soft Ltd) D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Sysinternals - www.sysinternals.com) C:\Users\Mothership Zeta\Desktop\Security\TCPView\Tcpview.exe
(Sysinternals - www.sysinternals.com) C:\Users\Mothership Zeta\Desktop\Security\Process Explorer\procexp64.exe
() C:\Users\Mothership Zeta\Desktop\gmer.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2015-01-06] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2015-01-06] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2015-01-06] (InstallShield Software Corporation)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [Foobar2000] => D:\Program Files (x86)\foobar2000\foobar2000.exe [1854928 2015-01-14] (Piotr Pawlowski)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [EVEMon] => D:\Program Files (x86)\EVEMon\EVEMon.exe [2420736 2016-10-14] (EVEMon Development Team)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [3345408 2012-08-17] ()
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [qTox - tox_save] => D:\Program Files\qTox\bin\qtox.exe [19758592 2016-08-10] ()
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [DAEMON Tools Lite Automount] => D:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Mothership Zeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deluge.lnk [2016-05-28]
ShortcutTarget: Deluge.lnk -> D:\Program Files (x86)\Deluge\deluge.exe (Deluge Team)
BootExecute: autocheck autochk * bddel.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{B7D70898-39AB-452C-BE77-A0C2158FBB69}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default [2016-10-15]
FF Extension: (Firebug) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (MEGA) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\firefox@mega.co.nz.xpi [2016-10-12]
FF Extension: (Hungarian dictionary) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\hu@dictionaries.addons.mozilla.org [2015-12-17]
FF Extension: (HV Statistics, Tracking, and Analysis Tool) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\jid1-axIJszhAx5CUPA@jetpack.xpi [2016-03-16] [not signed]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\marcoagpinto@mail.telepac.pt [2016-09-27]
FF Extension: (uBlock) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-01-10]
FF Extension: (NoScript) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09]
FF Extension: (WOT) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: (Video DownloadHelper) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Cookies Manager+) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2016-09-15]
FF Extension: (Adblock Plus) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (Greasemonkey) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-21]
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-02-02]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2023354540-3781334245-3500207766-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mothership Zeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin2.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin3.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin4.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin5.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Opera:
=======
OPR Extension: (HV Statistics, Tracking, and Analysis Tool) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\endmimaaaphhlnajbpnhcoehdplphbff [2015-09-18]
OPR Extension: (Download Chrome Extension) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2016-04-08]
OPR Extension: (gera2ld) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-08-25]
OPR Extension: (Adblock Plus) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2015-01-06] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-17] (EasyAntiCheat Ltd)
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [245312 2016-06-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-08] (GOG.com)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2015-01-06] (Intel Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2015-01-06] (Microsoft Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2016-07-01] (Electronic Arts)
S3 OverwolfUpdater; D:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009904 2016-02-11] (Overwolf LTD)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-18] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
R2 VMAuthdService; D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [97864 2016-04-14] (VMware, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2015-01-06] ()
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [60120 2013-10-07] (Asmedia Technology)
S3 asstor64; C:\Windows\system32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-23] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-31] (Disc Soft Ltd)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-06] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-13] (Etron Technology Inc)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-17] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
S3 iaStorB; C:\Windows\system32\drivers\iaStorB.sys [580592 2014-05-07] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28144 2014-05-07] (Intel Corporation)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
U0 jnqcqbva; C:\Windows\System32\drivers\gashgw.sys [79064 2016-10-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-10-14] (Malwarebytes)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0094.sys [38432 2016-06-20] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-09-17] (NVIDIA Corporation)
R3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2015-01-06] (Realtek Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-31] (Duplex Secure Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2015-01-06] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33584 2016-01-25] (Windows ® Win 7 DDK provider)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2015-01-06] (VIA Technologies, Inc.)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-01-07] (SplitmediaLabs Limited)
U3 a015fdl6; C:\Windows\System32\Drivers\a015fdl6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 CmdAgent; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver64; \??\D:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
U3 kwdcikod; \??\C:\Users\MOTHER~1\AppData\Local\Temp\kwdcikod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-15 04:18 - 2016-10-15 04:19 - 00029548 _____ C:\Users\Mothership Zeta\Desktop\FRST.txt
2016-10-15 04:15 - 2016-10-15 04:18 - 00000000 ____D C:\FRST
2016-10-15 04:13 - 2016-10-15 04:15 - 02406912 _____ (Farbar) C:\Users\Mothership Zeta\Desktop\FRST64.exe
2016-10-15 01:50 - 2016-03-11 14:53 - 00380928 _____ C:\Users\Mothership Zeta\Desktop\gmer.exe
2016-10-15 00:12 - 2016-10-15 00:12 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-15 00:11 - 2016-10-15 00:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-15 00:11 - 2016-10-15 00:11 - 25240136 _____ C:\Users\Mothership Zeta\Desktop\RogueKillerX64.exe
2016-10-14 23:54 - 2016-10-15 00:08 - 00003840 _____ C:\Users\Mothership Zeta\Desktop\unhide.txt
2016-10-14 23:51 - 2016-10-14 23:51 - 00040426 _____ C:\ComboFix.txt
2016-10-14 23:31 - 2016-10-14 23:31 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\gashgw.sys
2016-10-14 22:13 - 2016-10-14 22:13 - 00000218 _____ C:\Users\Mothership Zeta\AppData\Local\recently-used.xbel
2016-10-14 21:55 - 2016-10-14 21:55 - 00027624 _____ C:\Windows\system32\bddel.exe
2016-10-14 21:55 - 2016-10-14 21:55 - 00007048 _____ C:\Windows\system32\bddel.dat
2016-10-14 01:28 - 2016-10-14 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-12 22:40 - 2016-10-12 22:41 - 00000000 ____D C:\Users\Mothership Zeta\Documents\Visual Studio 2015
2016-10-12 22:34 - 2016-10-12 22:34 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-10-12 22:29 - 2016-10-12 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-10-12 22:21 - 2016-10-12 22:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-10-12 22:21 - 2016-10-12 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-10-12 22:18 - 2016-10-12 22:18 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-10-12 22:18 - 2016-10-12 22:18 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-10-12 22:15 - 2016-10-12 22:15 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-10-12 22:15 - 2016-10-12 22:15 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-10-12 22:13 - 2016-10-12 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files\IIS Express
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\ProgramData\NuGet
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-10-12 22:02 - 2016-10-12 22:02 - 00000000 ____D C:\Program Files\IIS
2016-10-12 22:02 - 2016-10-12 22:02 - 00000000 ____D C:\Program Files (x86)\IIS
2016-10-12 22:00 - 2016-10-12 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-10-12 21:59 - 2016-10-12 21:59 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-10-12 21:58 - 2016-10-12 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-10-12 21:58 - 2016-10-12 21:58 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-10-12 21:55 - 2016-10-12 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-10-12 21:54 - 2016-10-12 21:54 - 00000000 ____D C:\Windows\symbols
2016-10-12 21:54 - 2016-10-12 21:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-10-12 21:47 - 2016-10-12 22:30 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-12 21:47 - 2016-10-12 22:30 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-12 21:47 - 2016-10-12 21:56 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-10-12 21:47 - 2016-10-12 21:47 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-10-12 21:40 - 2016-10-12 21:48 - 00000000 ____D C:\Windows\system32\1033
2016-10-12 21:38 - 2016-10-12 21:38 - 00000000 ____D C:\Users\Mothership Zeta\AppData\LocalLow\Freejam
2016-10-12 21:36 - 2016-10-12 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-10-12 21:36 - 2016-10-12 22:20 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-10-12 21:24 - 2016-10-12 21:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-12 21:18 - 2016-10-12 21:18 - 00000202 _____ C:\Users\Mothership Zeta\Desktop\Robocraft.url
2016-10-12 21:07 - 2016-10-12 21:08 - 00000239 _____ C:\Users\Mothership Zeta\Desktop\prog2 házi.txt
2016-10-12 20:48 - 2016-10-12 20:48 - 00001187 _____ C:\Users\Mothership Zeta\Desktop\Sublime text.lnk
2016-10-11 22:59 - 2016-10-11 23:02 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Google
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-09 15:58 - 2016-10-09 16:31 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\LOOT
2016-10-09 15:26 - 2016-10-01 21:24 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-09 15:24 - 2016-10-01 23:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 28213696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-09 15:24 - 2016-10-01 23:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00493792 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 14353328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 08685352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-06 10:48 - 2016-10-06 10:48 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Zachtronics Industries
2016-10-05 20:50 - 2016-10-05 20:50 - 00000201 _____ C:\Users\Mothership Zeta\Desktop\Fallout 2.url
2016-10-05 18:47 - 2016-10-05 18:47 - 00000228 _____ C:\Users\Mothership Zeta\Desktop\RoboZZle - a social puzzle game.URL
2016-10-05 16:33 - 2016-10-05 16:33 - 00000213 _____ C:\Users\Mothership Zeta\Desktop\StackSkills.URL
2016-10-05 09:42 - 2016-10-09 14:36 - 00003816 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003866 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003804 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003628 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003568 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-09-29 21:27 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-05 09:41 - 2016-09-17 08:11 - 00104384 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-10-05 09:41 - 2016-09-17 08:11 - 00094144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-05 09:41 - 2016-09-17 08:11 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-03 22:51 - 2016-10-03 23:10 - 00462566 _____ C:\Users\Mothership Zeta\Desktop\War Thunder Ground Attack Chart , by Your_SAT_Score.xlsx
2016-09-30 04:01 - 2016-09-30 04:01 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\RenPy
2016-09-28 05:28 - 2016-09-28 05:28 - 00001456 _____ C:\Users\Mothership Zeta\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-28 00:11 - 2016-09-28 00:11 - 00000000 ____D C:\Users\Mothership Zeta\Documents\みなとそふと
2016-09-27 02:13 - 2016-10-06 21:41 - 00000218 _____ C:\Users\Mothership Zeta\Desktop\Last's remaining plat on me.txt
2016-09-26 19:56 - 2016-09-26 19:56 - 00066900 _____ C:\Users\Mothership Zeta\Desktop\BeadandóKövetelményStatikusWeboldal.xlsx
2016-09-26 00:43 - 2016-09-26 00:43 - 00008192 _____ C:\Windows\d3dx.dat
2016-09-25 18:27 - 2016-09-25 18:28 - 00004321 _____ C:\Users\Mothership Zeta\Desktop\Windows spyware update remover.bat
2016-09-24 22:18 - 2016-09-24 22:18 - 00291404 _____ C:\Users\Mothership Zeta\Desktop\wotlk_war_prot_2010_01_26b.ods
2016-09-23 18:25 - 2016-09-23 18:26 - 00000000 ____D C:\Users\Mothership Zeta\Cisco Packet Tracer 6.2sv
2016-09-23 18:25 - 2016-09-23 18:25 - 00000208 _____ C:\Users\Mothership Zeta\.packettracer
2016-09-22 21:53 - 2016-09-22 21:53 - 00000000 ____D C:\found.000
2016-09-22 04:22 - 2016-09-09 20:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-22 04:22 - 2016-09-09 20:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-09-22 04:22 - 2016-09-09 20:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-22 04:22 - 2016-09-09 20:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-22 04:20 - 2016-09-17 02:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-09-22 04:20 - 2016-09-17 02:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-09-20 02:33 - 2016-10-12 20:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Sublime Text 3
2016-09-20 02:33 - 2016-09-20 02:33 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Sublime Text 3
2016-09-20 02:32 - 2016-09-20 02:32 - 00000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-09-19 21:20 - 2016-08-26 01:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-19 21:20 - 2016-08-26 01:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-19 20:46 - 2016-09-19 20:46 - 00026837 _____ C:\ProgramData\agent.1474310680.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-15 04:11 - 2016-02-03 09:30 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-15 03:59 - 2015-06-10 14:41 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-15 03:59 - 2015-01-06 20:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-15 03:37 - 2015-07-08 00:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-15 03:23 - 2015-09-01 14:18 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-15 03:18 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-15 03:18 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-15 01:06 - 2015-01-06 19:36 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Apps\2.0
2016-10-15 00:22 - 2015-01-10 11:55 - 00007675 _____ C:\Users\Mothership Zeta\AppData\Local\Resmon.ResmonCfg
2016-10-14 23:54 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Security
2016-10-14 23:53 - 2015-01-28 10:29 - 00000000 ____D C:\Windows\erdnt
2016-10-14 23:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-10-14 23:31 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\RemotePackages
2016-10-14 23:28 - 2015-01-06 23:47 - 00680900 _____ C:\Windows\system32\perfh00E.dat
2016-10-14 23:28 - 2015-01-06 23:47 - 00407844 _____ C:\Windows\system32\perfh011.dat
2016-10-14 23:28 - 2015-01-06 23:47 - 00168398 _____ C:\Windows\system32\perfc00E.dat
2016-10-14 23:28 - 2015-01-06 23:47 - 00120252 _____ C:\Windows\system32\perfc011.dat
2016-10-14 23:28 - 2009-07-14 07:13 - 02138780 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-14 23:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-14 23:01 - 2015-10-01 21:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-14 22:12 - 2015-02-17 01:10 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Tox
2016-10-14 15:43 - 2015-10-20 08:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-14 15:42 - 2016-06-10 04:10 - 00000000 ____D C:\ProgramData\VMware
2016-10-14 15:42 - 2015-09-01 14:18 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-14 15:42 - 2015-02-17 03:26 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\foobar2000
2016-10-14 15:41 - 2015-01-06 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-14 15:41 - 2009-07-14 07:08 - 00000006 _____ C:\Windows\Tasks\SA.DAT
2016-10-14 05:20 - 2016-04-29 09:21 - 00145241 _____ C:\bdlog.txt
2016-10-14 05:15 - 2015-01-13 02:58 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\deluge
2016-10-14 03:57 - 2015-01-09 03:14 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Warframe
2016-10-14 01:28 - 2015-09-01 14:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 13:01 - 2015-01-06 20:51 - 00000436 __RSH C:\Users\Mothership Zeta\ntuser.pol
2016-10-13 13:01 - 2015-01-06 19:14 - 00000000 ____D C:\Users\Mothership Zeta
2016-10-13 03:47 - 2016-02-03 10:26 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 03:46 - 2016-02-16 21:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 22:38 - 2015-01-06 19:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-12 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-12 22:28 - 2015-06-03 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-10-12 21:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-12 21:37 - 2015-07-08 00:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 21:37 - 2015-06-10 14:41 - 00003920 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-12 21:37 - 2015-01-06 20:16 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-12 21:37 - 2015-01-06 20:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 21:37 - 2015-01-06 20:15 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-12 21:34 - 2014-08-21 22:55 - 02102062 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-12 04:10 - 2016-08-14 02:40 - 00012800 _____ C:\Users\Mothership Zeta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-12 04:10 - 2015-01-03 02:50 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\MPC-HC
2016-10-12 01:39 - 2016-07-15 12:46 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Battle.net
2016-10-11 23:08 - 2015-01-03 02:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\TeamViewer
2016-10-11 23:08 - 2015-01-03 02:44 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\DAEMON Tools Lite
2016-10-11 23:07 - 2016-01-12 05:11 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\CrashDumps
2016-10-11 23:06 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Maintenance
2016-10-11 23:02 - 2016-02-18 08:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-10 00:54 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Progs
2016-10-09 15:27 - 2015-06-03 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-09 15:26 - 2016-03-13 13:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-09 15:21 - 2015-01-03 02:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\vlc
2016-10-09 14:36 - 2015-06-03 09:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-09 14:35 - 2015-06-03 09:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-09 14:35 - 2015-06-03 09:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-06 19:52 - 2016-01-13 18:31 - 00004130 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433939833
2016-10-06 11:13 - 2015-06-11 13:58 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Fallout2
2016-10-05 12:25 - 2015-06-03 09:45 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\NVIDIA Corporation
2016-10-03 13:07 - 2015-10-23 18:34 - 00000276 _____ C:\Users\Mothership Zeta\Desktop\Debts.txt
2016-10-01 23:15 - 2015-10-20 08:08 - 19856296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 03919048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 03459448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 00039730 _____ C:\Windows\system32\nvinfo.pb
2016-10-01 21:44 - 2016-02-03 02:36 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-01 21:44 - 2016-02-03 02:36 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 02473408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-10-01 21:44 - 2015-10-20 08:09 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-01 02:26 - 2015-10-20 08:09 - 07422645 _____ C:\Windows\system32\nvcoproc.bin
2016-09-30 06:24 - 2016-01-10 05:05 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01842624 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01444288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-09-28 05:23 - 2015-02-06 00:11 - 00000132 _____ C:\Users\Mothership Zeta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-27 15:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-26 13:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-26 12:13 - 2015-05-12 21:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-09-22 21:27 - 2016-09-02 00:13 - 00000000 ____D C:\Users\Mothership
2016-09-21 21:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-19 10:42 - 2016-06-08 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

==================== Files in the root of some directories =======

2015-02-06 00:11 - 2016-09-28 05:23 - 0000132 _____ () C:\Users\Mothership Zeta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-10-26 01:14 - 2015-10-26 01:15 - 0000620 _____ () C:\Users\Mothership Zeta\AppData\Roaming\MPQEditor.ini
2016-04-29 19:59 - 2016-08-29 11:19 - 0001197 _____ () C:\Users\Mothership Zeta\AppData\Roaming\toxqtox.log
2015-09-01 13:12 - 2015-12-22 04:42 - 0000600 _____ () C:\Users\Mothership Zeta\AppData\Roaming\winscp.rnd
2016-09-28 05:28 - 2016-09-28 05:28 - 0001456 _____ () C:\Users\Mothership Zeta\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-14 02:40 - 2016-10-12 04:10 - 0012800 _____ () C:\Users\Mothership Zeta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-14 22:13 - 2016-10-14 22:13 - 0000218 _____ () C:\Users\Mothership Zeta\AppData\Local\recently-used.xbel
2015-01-10 11:55 - 2016-10-15 00:22 - 0007675 _____ () C:\Users\Mothership Zeta\AppData\Local\Resmon.ResmonCfg
2016-09-19 20:46 - 2016-09-19 20:46 - 0026837 _____ () C:\ProgramData\agent.1474310680.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-05 09:22

==================== End of FRST.txt ============================

Attached Files


Edited by Destroyer140, 15 October 2016 - 12:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 16 October 2016 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\Mothership Zeta\Desktop\gmer.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-2023354540-3781334245-3500207766-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mothership Zeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
U0 jnqcqbva; C:\Windows\System32\drivers\gashgw.sys [79064 2016-10-14] (Malwarebytes)
U3 a015fdl6; C:\Windows\System32\Drivers\a015fdl6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 CmdAgent; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver64; \??\D:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
U3 kwdcikod; \??\C:\Users\MOTHER~1\AppData\Local\Temp\kwdcikod.sys [X]
C:\Windows\System32\drivers\gashgw.sys
C:\Windows\System32\Drivers\a015fdl6.sys
Task: {8B269287-D40E-43EF-B7ED-FF9EBE9EA92E} - System32\Tasks\{CFFDE655-0219-458D-AB96-23446E6173F7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {97175F59-A000-4579-8482-38A04B209497} - System32\Tasks\{E065B5F6-9569-4B3F-92E1-000D093B79E6} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
AlternateDataStreams: C:\ProgramData\TEMP:F297470E [198]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
I see traces of COMODO in your logs.
Did you remove it and are now using Bitdefender?

#3 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 16 October 2016 - 12:28 PM

Hi, sorry for the delay, here is the log and some extra I meant to send earlier but was unable to since the reply just keep time outing and never posting:

Edit 1: Nearly forgot, yes, this is a years old windows installation so it seen many different software, quite some security oriented one too. I used to have Comodo Firewall for a while until I got a Bitdefender version that has firewall too, but following that I uninstalled Comodo with Comodo's special software that they designed to uninstall every single remaining file of their products from a pc, but oh well... apparently it did not really work. Anyways I do not have any other active antivirus program other than bitdefender for the moment.
 

Edit 2: Just fixed some typos, and reworded some hastily written sentence that sounded silly. I also think that the prime reason of me not being able to post earlier was that I tried to copy paste the gmer log too as opposed to attaching it which made the post too long

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Mothership Zeta (16-10-2016 17:51:52) Run:1
Running from C:\Users\Mothership Zeta\Desktop
Loaded Profiles: Mothership Zeta (Available Profiles: Mothership Zeta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\Mothership Zeta\Desktop\gmer.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-2023354540-3781334245-3500207766-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mothership Zeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
U0 jnqcqbva; C:\Windows\System32\drivers\gashgw.sys [79064 2016-10-14] (Malwarebytes)
U3 a015fdl6; C:\Windows\System32\Drivers\a015fdl6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 CmdAgent; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver64; \??\D:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
U3 kwdcikod; \??\C:\Users\MOTHER~1\AppData\Local\Temp\kwdcikod.sys [X]
C:\Windows\System32\drivers\gashgw.sys
C:\Windows\System32\Drivers\a015fdl6.sys
Task: {8B269287-D40E-43EF-B7ED-FF9EBE9EA92E} - System32\Tasks\{CFFDE655-0219-458D-AB96-23446E6173F7} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {97175F59-A000-4579-8482-38A04B209497} - System32\Tasks\{E065B5F6-9569-4B3F-92E1-000D093B79E6} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
AlternateDataStreams: C:\ProgramData\TEMP:F297470E [198]

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\Mothership Zeta\Desktop\gmer.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\Mothership Zeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
jnqcqbva => service not found.
a015fdl6 => service not found.
catchme => service removed successfully
CmdAgent => service removed successfully
dbx => service removed successfully
USBPNPA => service removed successfully
VGPU => service removed successfully
XFDriver64 => service removed successfully
kwdcikod => service removed successfully
"C:\Windows\System32\drivers\gashgw.sys" => not found.
"C:\Windows\System32\Drivers\a015fdl6.sys" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B269287-D40E-43EF-B7ED-FF9EBE9EA92E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B269287-D40E-43EF-B7ED-FF9EBE9EA92E}" => key removed successfully
C:\Windows\System32\Tasks\{CFFDE655-0219-458D-AB96-23446E6173F7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFFDE655-0219-458D-AB96-23446E6173F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97175F59-A000-4579-8482-38A04B209497}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97175F59-A000-4579-8482-38A04B209497}" => key removed successfully
C:\Windows\System32\Tasks\{E065B5F6-9569-4B3F-92E1-000D093B79E6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E065B5F6-9569-4B3F-92E1-000D093B79E6}" => key removed successfully
C:\ProgramData\TEMP => ":F297470E" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 119840118 B
Java, Flash, Steam htmlcache => 243497180 B
Windows/system/drivers => 31391 B
Edge => 0 B
Chrome => 0 B
Firefox => 540463188 B
Opera => 28251907 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66788 B
LocalService => 0 B
NetworkService => 0 B
Mothership Zeta => 126544462 B

RecycleBin => 0 B
EmptyTemp: => 1017.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:53:59 ====


Also: I wasn't able to post reply (I think because my case was not responded to yet) and I was no longer able to edit my original post, but here is some update on the situation of my pc as of today early morning. The weird ram hogging behaviour of svchost continues even as I write this, so I will disconnect the PC upon posting this reply and watch for your reply on phone and try to minimize the time it spends connected to when I'm replying you with logs so as to avoid the risk of the infection spreading even worse in case it's capable of up/down loading something:

"Turns out my gut sense is still right that it's early to celebrate victory, today when I turned on the PC it quickly started slowing down again (much like the first day) and it was easy to hear that the HDD is working very hard on something non-stop so I opened process explorer back up to see that I have a totally unsuspicious svchost running that's currently hogging over half the entire ram my PC has (3GB+).


Side note: Upon testing, it seems that svchost only starts to bloat itself upon having internet connection and always go down to stabilise itself around the height of 262MB while I have the PC physically disconnected from the internet (which in all likeliness I'm going to have to maintain until I get response here to properly start working on the issue, since I'll need to post logs somehow)

So I did the smart thing, grabbed the latest Combofix and tear the RJ45 out of my pc and reach for my tools again.
RKill: Came up clean, no malware services or processes to terminate it said
TDSS Killer: Found only "Suspicious" files so after carefully going over what I recognise and what I don't I set it to delete the most obviously "not right" looking ones, like a folder with "Intel" stuff in it despite my entire config not having anything from intel in it.
Combofix: Refuses to accept system time as current and without an active internet connection it just declares that it's "expired verion" and upon selecting "running in reduced functionality mode" it just close and delete it self
Rogue Killer: Found only TDSS's killer's files that it prepared for next reboot in the Temp folder as "suspicious" and my home page as "suspicious" nothing else

This is where it gets interesting
I ran GMER and upon the launch scan itself it already found stuff marked with red at "C:\Windows\System32\Drivers\81179732.sys" with value "[BOOT] 26111245" and it recommended to run a complete scan wich I clicked "yes" on.
After finishing, it also (while not  marked as red) the last line says: "\Device\Harddisk0\DR0" with value "sector 0: rootkit like behavior"

Since I'm not feeling comfortable enough to delete stuff in GMER, I did not touch anything (thoughts of "what if these are only just unimportant parts of the infection and deleting them will not do much except making it significantly harder to track down and clean up"), but this most definetly looks more concerning than 2 days ago, especially so soon after reading about horror stories of things that could possibly eat themself into the bios/other hardware's firmware and taking months to get rid of.

These were also only what my untrained eye can pick up so I thought it would quicken things if I would just attach the whole GMER log, and it would probably also shows a much more up to date view of how things are on the PC"
 

Attached Files


Edited by Destroyer140, 16 October 2016 - 12:35 PM.


#4 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 16 October 2016 - 09:10 PM

I originally planned to wait for a reply until 4AM but around 3:35-3:40 I got a random BSOD which said something along the lines of "modification of system files or critical data was detected". So apparently even while being completely offline this thing is still restless. But since it's getting late I decided to make a newer (and "made after runing the fix list") GMER log which I will attach as "GMER 2016.10.17 03.51am.log"
This time upon runing gmer, it still instantly found a red line and immediately recommendeda full scan:
"Type: Service
Name: C:\Windows\System32\qmgr.dll (***hidden***)
Value: [MANUAL] BITS
"
I clicked yes and ran the full scan too, and as contrary to last time (the older gmer log), upon finishing the scan it explicitely said it has found a rootkit, but I decided to shut the pc down for today and await further instructions as it's over 4AM by the time I'm posting this.

Tomorrow (or actually later on today now that I think of it, hehe) I will have a brief time to respond in about 8 hours from now before going to afternoon school or if there is no reply by then, I will get home and be able to reply around the same time that my previous reply posted at.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 17 October 2016 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We have some work to do.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {3D53F4DA-0711-4F9E-AE81-3890DA48128D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {5019FBEA-CED4-441A-A7E4-8A56372702DC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {D3B02EDF-97F7-4744-B16B-6729BD2C9A5A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\Windows\GSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppleChargerSrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIDEMGX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiedu64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6v.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\coinst_8.97.100.11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lzhfldr2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBPPCn64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBppld64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBWrp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEL64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEP64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RH3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RH3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RHCoInst64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RHDMEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkHDM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupempdrvx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ati2edxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdmv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ISUSPM.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lzhfldr2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdiox64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AppleCharger.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AtihdW76.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtsoftbus01.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndisrd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtHDMIVX.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtNdPt60.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtTeam620.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtVlan620.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\UsbCharger.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xhcdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xspltspk.sys:$CmdTcID [64]
D:\Program Files\COMODO

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Gmer is no longer supported I need you to run this one instead.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    p.s.
    If you have a CD emulator disable it before running this aswMBR.exe tool.

    Disable the CD emulators....

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.
    ===

    Let me know what problem persists. Please keep it short.
    Wait for further instructions.


#6 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 17 October 2016 - 02:36 PM

Hi!
Upon getting home and after an agonizingly slow boot up I momentarily connected my PC to the internet to:
Grab the newest version of Farbar from bleeping computer (since the one I had was already not the newest)and since my page was loaded in browser even while offline from there I could make the fixlist simply by copy paste.
Grabbed the newest version of aswMBR from your link
And as for defogger, your link was 404 for me so I got the newest defogger that the bleeping download section have.

Fixlist ran through quickly and rebooted up at a quite noticeable pace up until the desktop blacked out save for the task bar and the win7 sound of "new device detected" played.

Then the desktop slowly came back, I disabled virtual optical drives with Defogger (successfully) then rebooted as it requested.

After booting up again I was forced to disable all active scanners of bitdefender since it really did not like the idea of me running aswMBR, and half a minute later went ahead to quarantine it... So after I shut down  the active scanners of my useless AV I re downloaded (so as to ensure my AV did not try to remove anything from it and thus corrupt it) and ran aswMBR as instructed, it however offered to download avast engine for better scan results, since I was not told if I need or don't need this I decided to go for sure and get it then disconnect my pc from the internet again, then I ran the scan as instructed.

Apparently however aswMBR had issues ("20:39:02.920    Initialze error C0000043 - driver not loaded") or just naturally generated a very small log and to my surprise, no MBR file at all that I could attach. Initially I thought it might have put it in C:\ but it did not and in the process I noticed 2 things:

1: Despite defogger reporting finishing completely, I do have a virtual "BD:ROM Drive (I:)", strange things is that I remember having this weird drive for months, and it's not created by Daemon Tools Lite which is my normal virtual drive program. On multiple ocassion I have tried to disable/uninstall it from device manager too in the past but it was "always just back somehow", since I had no issues before I booked it as "old windows instal oddity" and never worried about it but I think if it's evading defogger it's getting suspicious

2: After I didn't find the MBR.dat file on the desktop (where I ran the program and saved the text log by the way) and went looking in C:\ for it I also noticed that the whole "forcing folders and OS's files to be hidden in a split second of me setting it else effect" is also back.

Logs:
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by Mothership Zeta (17-10-2016 20:15:20) Run:2
Running from C:\Users\Mothership Zeta\Desktop
Loaded Profiles: Mothership Zeta (Available Profiles: Mothership Zeta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {3D53F4DA-0711-4F9E-AE81-3890DA48128D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {5019FBEA-CED4-441A-A7E4-8A56372702DC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {D3B02EDF-97F7-4744-B16B-6729BD2C9A5A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\Windows\GSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppleChargerSrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atibtmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIDEMGX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiedu64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6v.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\coinst_8.97.100.11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lzhfldr2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBPPCn64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBppld64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MBWrp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEL64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEP64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RH3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RH3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RHCoInst64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RHDMEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64H.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtkHDM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupempdrvx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ati2edxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdmv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ISUSPM.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lzhfldr2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MBAPO32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdiox64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AppleCharger.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AtihdW76.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtsoftbus01.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndisrd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtHDMIVX.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtNdPt60.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtTeam620.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RtVlan620.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\UsbCharger.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xhcdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xspltspk.sys:$CmdTcID [64]
D:\Program Files\COMODO

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D53F4DA-0711-4F9E-AE81-3890DA48128D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D53F4DA-0711-4F9E-AE81-3890DA48128D}" => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5019FBEA-CED4-441A-A7E4-8A56372702DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5019FBEA-CED4-441A-A7E4-8A56372702DC}" => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D3B02EDF-97F7-4744-B16B-6729BD2C9A5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B02EDF-97F7-4744-B16B-6729BD2C9A5A}" => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => key removed successfully
C:\Windows\GSetup.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\RtlExUpd.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AERTAC64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AERTAR64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\amdpcom64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AppleChargerSrv.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiadlxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiapfxx.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atibtmon.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aticalcl64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aticaldd64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aticalrt64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\aticfx64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ATIDEMGX.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atidxx64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atieclxx.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiedu64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiesrxx.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atig6pxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atig6txx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiglpxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atimpc64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atimuixx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atio6axx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ATIODCLI.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ATIODE.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atitmm64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiu9p64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiumd64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiumd6a.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiumd6v.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\atiuxp64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\BootMan.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\clinfo.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\coinst_8.97.100.11.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\CONEQMSAPOGUILibrary.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_33.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_34.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_35.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_36.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_37.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_38.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_39.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_40.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_41.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dcsx_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dcsx_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx11_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_25.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_26.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_27.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_30.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_33.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_34.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_35.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\d3dx9_36.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_37.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_38.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_39.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_40.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_41.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\D3DX9_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\EuEpmGdi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\FMAPO64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\lzhfldr2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MaxxAudioAPO20.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MaxxAudioAPOShell64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MaxxAudioEQ64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MBAPO64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MBPPCn64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MBppld64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\MBWrp64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nlasvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pku2u.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\R4EEA64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\R4EED64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\R4EEG64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\R4EEL64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\R4EEP64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RCoInstII64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RH3DAA64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RH3DHT64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RHCoInst64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RHDMEx64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RP3DAA64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RP3DHT64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTCOM64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtDataProc64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEED64A.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEED64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEG64A.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEG64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEL64A.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEL64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEP64A.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTEEP64H.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtkApi64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtkAPO64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtkCfg64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtkCoLDR64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtkHDM64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtlCPAPI64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtNicProp64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTNUninst64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RtPgEx64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\RTSnMg64.cpl => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\setupempdrvx64.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\SRSHP64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\SRSTSH64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\SRSTSX64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\SRSWOW64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\termsrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\TSWbPrxy.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WavesGUILib64.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wuapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wuapp.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wuauclt.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wuaueng.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wucltux.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wudriver.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wups.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wups2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wuwebv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\X3DAudio1_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_10.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_8.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine2_9.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xactengine3_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAPOFX1_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\XAudio2_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xinput1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xinput1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\xinput1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\amdpcom32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ati2edxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiadlxy.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\aticalcl.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\aticaldd.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\aticalrt.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\aticfx32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atidxx32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atigktxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiglpxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atimpc32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atioglxx.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiu9pag.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiumdag.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiumdmv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiumdva.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\atiuxpag.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\BootMan.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_33.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_34.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_35.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_36.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_37.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_38.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_39.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_40.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_41.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dcsx_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dcsx_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx11_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_25.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_26.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_27.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_30.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_33.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_34.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_35.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\d3dx9_36.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_37.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_38.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_39.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_40.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_41.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\D3DX9_43.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\EuEpmGdi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ISUSPM.cpl => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\lzhfldr2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\MBAPO32.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ncsi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\nlaapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\pku2u.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WISPTIS.EXE => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wuapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wuapp.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wudriver.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wups.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wuwebv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\X3DAudio1_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_10.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_8.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine2_9.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xactengine3_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAPOFX1_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_0.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_4.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_5.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_6.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\XAudio2_7.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xinput1_1.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xinput1_2.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\xinput1_3.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\amdiox64.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\AppleCharger.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\ati2erec.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\AtihdW76.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\atikmdag.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\atikmpag.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\dtsoftbus01.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\ndisrd.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\revoflt.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\Rt64win7.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\RtHDMIVX.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\RTKVHD64.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\RtNdPt60.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\RtTeam620.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\RtVlan620.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\UsbCharger.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\xhcdrv.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\xspltspk.sys => ":$CmdTcID" ADS removed successfully.
"D:\Program Files\COMODO" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30576661 B
Java, Flash, Steam htmlcache => 24047181 B
Windows/system/drivers => 34664 B
Edge => 0 B
Chrome => 0 B
Firefox => 19598411 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Mothership Zeta => 135150920 B

RecycleBin => 0 B
EmptyTemp: => 207.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:15:29 ====
 
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-17 20:39:02
-----------------------------
20:39:02.623    OS Version: Windows x64 6.1.7601 Service Pack 1
20:39:02.623    Number of processors: 6 586 0x200
20:39:02.623    ComputerName: MOTHERSHIP-ZETA  UserName: Mothership Zeta
20:39:02.920    Initialze error C0000043 - driver not loaded
20:50:00.574    AVAST engine defs: 16101701
20:54:53.168    Service scanning
20:54:56.163    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
20:55:10.909    Modules scanning
20:55:10.909    Disk 0 trace - called modules:
20:55:10.909    
20:55:11.330    AVAST engine scan C:\Windows
20:55:13.079    AVAST engine scan C:\Windows\system32
20:58:23.678    AVAST engine scan C:\Windows\system32\drivers
20:58:35.865    AVAST engine scan C:\Users\Mothership Zeta
21:11:18.810    AVAST engine scan C:\ProgramData
21:13:28.137    Scan finished successfully
21:14:38.158    The log file has been saved successfully to "C:\Users\Mothership Zeta\Desktop\aswMBR.txt"

 

Edited by Destroyer140, 17 October 2016 - 03:07 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 18 October 2016 - 08:35 AM

What problem persists?

#8 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 18 October 2016 - 09:21 AM

An entire day is a long day without instructions, so I was busy trying to further look into things without actually making serious changes in the current state of things. I initially wrote a 4 point reply, but by the end of the day I striked out the original text and made update in the "Edit:" part of my post at the points where I could achieve something.

 

To answer your question:

In short: Pretty much everything from the get go?

In full, let's re cap:

1: Every now and then the issue about something that keeps overriding hidden folder settings keep returning on it's own, usually, the next reboot after that (even right as I booted up to write this reply) I get a black screen with white letters saying "The Antivirus Solution Installed On Your System Is Cleaning Your Computer" following which whatever is overriding the folder's hiddenness setting is fixed, until it starts happening again.

2: The very second I connect my PC to the internet, an svchost.exe starts bloating up to 3GB in ram use and doing god knows what, but it puts such a stress on the hard drive it's easily hearable through the case so I'm afraid to have the PC connected to the internet in fear of the infection connecting to somewhere to download further stuff that can hurt me even more. I'm going to attach a couple picture showing what it looks like and what's running inside it.

-Cause found out in the mean time, explained after "Edit:" part

3: As previous reply said, even while the PC running physically disconnected from the internet, there is BSOD ("blue screen of death") I get after a couple hours, saying that windows shut itself down because something was trying to modify critical system files, so I'm practically forced to have the PC completely powered off and mash refresh of my thread on my phone ~10 hours a day for the next reply.

-Might or might not been a one time case, PC running stable for 4+ hour as I'm typing this

4: aswMBR apparently failed to run properly because as I explained with quotes in my previous reply it failled to initialise "20:39:02.920    Initialize error C0000043 - driver not loaded"

-See "Edit:" section for update on "4:"

Also, once again: Whatever the Farbar fixlist did yesterday seemed to work, but only for the duration of about 1,5 minute after windows finished rebooting, then everything went back to be awfully slow, explorer.exe behaving weirdly etc...



EDIT: I have talked with a friend today who explained to me how I can take a look at the mentioned svchost.exe and try shutting off services one by one and look for when a massive memory drop will occur.

After some trial and error I have found that "Name:wuauserv   Description:Windows Update" is the service that cause the abnormal memory consumption. If I open windows update on my pc, it just cycles endlessly trying to load something but haven't finished even in a hour. I hope this helps pinpointing things with this issue somehow.

 

Whenever the PC is connected to the internet, Bitdefender firewall's log is full of notes of me apparently being bombarded with port scan attempts (all successfully blocked as far as I can trust the log), it would be near impossible to screenshot the whole list because it would take more than 10 screen shots, but I will attach 1 example picture of that too as firewalllog.jpg

 

Also, I have no idea why but as opposed to last time, aswMBR did successfully initialise and ran this time, generating a proper log and also an MBR.dat:

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-19 03:24:38
-----------------------------
03:24:38.581    OS Version: Windows x64 6.1.7601 Service Pack 1
03:24:38.581    Number of processors: 6 586 0x200
03:24:38.581    ComputerName: MOTHERSHIP-ZETA  UserName: Mothership Zeta
03:24:40.337    Initialize success
03:24:40.488    VM: initialized successfully
03:24:40.489    VM: Amd CPU supported
03:27:47.154    AVAST engine defs: 16101801
03:30:01.439    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:30:01.440    Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E5 Size: 476940MB BusType: 3
03:30:01.443    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-4
03:30:01.446    Disk 1 Vendor: ST1000DM003-1SB10C CC43 Size: 953869MB BusType: 3
03:30:01.542    Disk 0 MBR read successfully
03:30:01.545    Disk 0 MBR scan
03:30:01.654    Disk 0 Windows 7 default MBR code
03:30:01.656    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        61443 MB offset 64
03:30:01.659    Disk 0 Boot: NTFS     code=2
03:30:01.666    Disk 0 Partition - 00     0F Extended LBA            415493 MB offset 125837150
03:30:01.682    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       409218 MB offset 125837213
03:30:01.687    Disk 0 Partition - 00     05     Extended              6275 MB offset 963916066
03:30:01.707    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS         6275 MB offset 963916129
03:30:01.741    Disk 0 scanning C:\Windows\system32\drivers
03:30:11.869    Service scanning
03:30:15.412    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
03:30:32.045    Modules scanning
03:30:32.050    Disk 0 trace - called modules:
03:30:32.063    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
03:30:32.067    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066b8060]
03:30:32.072    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8006513ba0]
03:30:32.076    5 iaStorF.sys[fffff88001be52bd] -> nt!IofCallDriver -> [0xfffffa8006416520]
03:30:32.084    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800600b060]
03:30:32.326    AVAST engine scan C:\Windows
03:30:35.188    AVAST engine scan C:\Windows\system32
03:35:16.029    AVAST engine scan C:\Windows\system32\drivers
03:35:30.202    AVAST engine scan C:\Users\Mothership Zeta
04:01:24.119    AVAST engine scan C:\ProgramData
04:10:46.333    Disk 0 statistics 6389507/0/0 @ 1,93 MB/s
04:10:46.340    Scan finished successfully
04:17:11.469    Disk 0 MBR has been saved successfully to "C:\Users\Mothership Zeta\Desktop\MBR.dat"
04:17:11.526    The log file has been saved successfully to "C:\Users\Mothership Zeta\Desktop\aswMBR.txt"



p.s.: Compressing the MBR.dat file actually increased it's size, unless compressing it has been for other purpose.

Attached Files


Edited by Destroyer140, 18 October 2016 - 09:41 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 19 October 2016 - 10:19 AM



Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

Please run this cleaning tool.

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

After a restart of the computer run the Farbar tool normally one more time.
Post the FTST and the fresh Addition.txt file for my review.

Also, please provide an update on how the computer is behaving after running the above script.

#10 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 19 October 2016 - 02:55 PM

I ran everything and generated the logs which I will attach right now.

 

Now that everything finished I will do a reboot and then see how stable the PC runs from there for the next 6 hours and I will try to note anything worthwhile.

EDIT: The pc was running stable, and the bloated svchost.exe seems to be the last remaining issue, however even that seems to have been set back to only take up 1.3GB ram and not go above it, which while is quite some progress compared to the day one 3,5GB it used to consume, is still not normal. So I decided to entirely disable the service, unless you know of more things we could try with it.

Here are the 2 Farbar log and the zoek one attached, as requested:

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Mothership Zeta (administrator) on MOTHERSHIP-ZETA (19-10-2016 21:40:11)
Running from C:\Users\Mothership Zeta\Desktop
Loaded Profiles: Mothership Zeta (Available Profiles: Mothership Zeta)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(H.D.S. Hungary) D:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Valve Corporation) D:\Steam\Steam.exe
(Piotr Pawlowski) D:\Program Files (x86)\foobar2000\foobar2000.exe
(EVEMon Development Team) D:\Program Files (x86)\EVEMon\EVEMon.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
() D:\Program Files\qTox\bin\qtox.exe
(Deluge Team) D:\Program Files (x86)\Deluge\deluge.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_x64.exe
(Disc Soft Ltd) D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Valve Corporation) D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2015-01-06] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [Foobar2000] => D:\Program Files (x86)\foobar2000\foobar2000.exe [1854928 2015-01-14] (Piotr Pawlowski)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [EVEMon] => D:\Program Files (x86)\EVEMon\EVEMon.exe [2420736 2016-10-18] (EVEMon Development Team)
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [3345408 2012-08-17] ()
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [qTox - tox_save] => D:\Program Files\qTox\bin\qtox.exe [19758592 2016-08-10] ()
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Run: [DAEMON Tools Lite Automount] => D:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Mothership Zeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deluge.lnk [2016-05-28]
ShortcutTarget: Deluge.lnk -> D:\Program Files (x86)\Deluge\deluge.exe (Deluge Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{B7D70898-39AB-452C-BE77-A0C2158FBB69}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default [2016-10-19]
FF Homepage: Mozilla\Firefox\Profiles\lfofc3of.default -> hxxps://ncore.cc/profile.php
FF Session Restore: Mozilla\Firefox\Profiles\lfofc3of.default -> is enabled.
FF Extension: (Firebug) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (Hungarian dictionary) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\hu@dictionaries.addons.mozilla.org [2015-12-17]
FF Extension: (HV Statistics, Tracking, and Analysis Tool) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\jid1-axIJszhAx5CUPA@jetpack.xpi [2016-03-16] [not signed]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\marcoagpinto@mail.telepac.pt [2016-09-27]
FF Extension: (uBlock) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-01-10]
FF Extension: (NoScript) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09]
FF Extension: (WOT) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: (Video DownloadHelper) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Cookies Manager+) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2016-09-15]
FF Extension: (Adblock Plus) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (Greasemonkey) - C:\Users\Mothership Zeta\AppData\Roaming\Mozilla\Firefox\Profiles\lfofc3of.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-21]
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-02-02]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin2.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin3.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin4.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npqtplugin5.dll [2014-11-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mothership Zeta\AppData\Roaming\mozilla\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Opera:
=======
OPR Extension: (HV Statistics, Tracking, and Analysis Tool) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\endmimaaaphhlnajbpnhcoehdplphbff [2015-09-18]
OPR Extension: (Download Chrome Extension) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2016-04-08]
OPR Extension: (Gerald) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-08-25]
OPR Extension: (Adblock Plus) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-25]
OPR Extension: (escape75) - C:\Users\Mothership Zeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-10-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2015-01-06] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-17] (EasyAntiCheat Ltd)
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [245312 2016-06-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-08] (GOG.com)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2015-01-06] (Microsoft Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2016-07-01] (Electronic Arts)
S3 OverwolfUpdater; D:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009904 2016-02-11] (Overwolf LTD)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-18] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2015-01-06] ()
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [60120 2013-10-07] (Asmedia Technology)
S3 asstor64; C:\Windows\system32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-23] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-31] (Disc Soft Ltd)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-06] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-13] (Etron Technology Inc)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-17] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
S3 iaStorB; C:\Windows\system32\drivers\iaStorB.sys [580592 2014-05-07] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28144 2014-05-07] (Intel Corporation)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0094.sys [38432 2016-06-20] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-09-17] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2015-01-06] (Realtek Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-31] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-16] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2015-01-06] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33584 2016-01-25] (Windows ® Win 7 DDK provider)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2015-01-06] (VIA Technologies, Inc.)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-01-07] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 21:40 - 2016-10-19 21:40 - 00027806 _____ C:\Users\Mothership Zeta\Desktop\FRST.txt
2016-10-19 21:22 - 2016-10-19 20:57 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-10-19 20:57 - 2016-10-19 20:57 - 00000188 _____ C:\Users\Mothership Zeta\Desktop\New Text Document.txt
2016-10-19 20:55 - 2016-10-19 21:17 - 00000000 ____D C:\zoek_backup
2016-10-19 20:38 - 2016-10-19 20:57 - 01309184 _____ C:\Users\Mothership Zeta\Desktop\zoek.exe
2016-10-19 05:05 - 2016-10-19 05:05 - 00000000 ____D C:\Users\Mothership Zeta\AppData\LocalLow\Temp
2016-10-19 05:03 - 2016-10-19 05:03 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\NuGet
2016-10-19 03:45 - 2016-10-19 03:45 - 00000000 ____D C:\Users\Mothership Zeta\.dnx
2016-10-19 01:46 - 2016-10-19 01:46 - 00049539 _____ C:\ComboFix.txt
2016-10-19 01:19 - 2016-10-19 01:46 - 00000000 ____D C:\Qoobox
2016-10-19 01:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-19 01:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-19 01:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-19 01:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-19 01:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-19 01:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-19 01:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-19 01:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-19 00:55 - 2016-10-19 00:55 - 00000218 _____ C:\Users\Mothership Zeta\AppData\Local\recently-used.xbel
2016-10-18 20:57 - 2016-10-19 04:17 - 00002865 _____ C:\Users\Mothership Zeta\Desktop\aswMBR.txt
2016-10-18 19:46 - 2016-10-18 19:47 - 00179172 _____ C:\Windows\ntbtlog.txt
2016-10-17 20:38 - 2016-10-17 20:38 - 05198336 _____ (AVAST Software) C:\Users\Mothership Zeta\Desktop\aswMBR.exe
2016-10-17 20:26 - 2016-10-17 20:26 - 00000188 _____ C:\Users\Mothership Zeta\defogger_reenable
2016-10-17 20:15 - 2016-10-17 20:15 - 00049102 _____ C:\Users\Mothership Zeta\Desktop\Fixlog.txt
2016-10-17 20:09 - 2016-10-17 20:09 - 00050477 _____ C:\Users\Mothership Zeta\Desktop\Defogger.exe
2016-10-17 03:40 - 2016-10-17 03:40 - 00391600 _____ C:\Windows\Minidump\101716-42837-01.dmp
2016-10-16 17:51 - 2016-10-19 21:39 - 02407424 _____ (Farbar) C:\Users\Mothership Zeta\Desktop\FRST64.exe
2016-10-16 12:46 - 2016-10-18 16:22 - 00000000 _____ C:\Users\Mothership Zeta\Desktop\bcreply.txt
2016-10-16 06:02 - 2016-10-15 00:11 - 25240136 _____ C:\Users\Mothership Zeta\Desktop\RogueKillerX64.exe
2016-10-16 06:01 - 2016-10-16 06:01 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-10-15 20:20 - 2016-10-19 21:25 - 00009237 _____ C:\bdlog.txt
2016-10-15 10:40 - 2016-10-15 10:40 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\ElevatedDiagnostics
2016-10-15 09:58 - 2016-10-19 01:46 - 00000000 ____D C:\Users\Mothership
2016-10-15 04:36 - 2016-10-15 04:36 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-10-15 04:15 - 2016-10-19 21:40 - 00000000 ____D C:\FRST
2016-10-15 00:12 - 2016-10-16 06:02 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-15 00:11 - 2016-10-15 00:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-14 01:28 - 2016-10-14 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-12 22:40 - 2016-10-19 04:01 - 00000000 ____D C:\Users\Mothership Zeta\Documents\Visual Studio 2015
2016-10-12 22:34 - 2016-10-12 22:34 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-10-12 22:29 - 2016-10-12 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-10-12 22:21 - 2016-10-12 22:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-10-12 22:21 - 2016-10-12 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-10-12 22:18 - 2016-10-12 22:18 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-10-12 22:18 - 2016-10-12 22:18 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-10-12 22:15 - 2016-10-12 22:15 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-10-12 22:15 - 2016-10-12 22:15 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-10-12 22:13 - 2016-10-12 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files\IIS Express
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-10-12 22:05 - 2016-10-12 22:05 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\ProgramData\NuGet
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-10-12 22:03 - 2016-10-12 22:03 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-10-12 22:02 - 2016-10-12 22:02 - 00000000 ____D C:\Program Files\IIS
2016-10-12 22:02 - 2016-10-12 22:02 - 00000000 ____D C:\Program Files (x86)\IIS
2016-10-12 22:00 - 2016-10-12 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-10-12 21:59 - 2016-10-12 21:59 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-10-12 21:58 - 2016-10-12 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-10-12 21:58 - 2016-10-12 21:58 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-10-12 21:55 - 2016-10-12 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-10-12 21:54 - 2016-10-12 21:54 - 00000000 ____D C:\Windows\symbols
2016-10-12 21:54 - 2016-10-12 21:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-10-12 21:47 - 2016-10-12 22:30 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-12 21:47 - 2016-10-12 22:30 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-12 21:47 - 2016-10-12 21:56 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-10-12 21:47 - 2016-10-12 21:47 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-10-12 21:40 - 2016-10-12 21:48 - 00000000 ____D C:\Windows\system32\1033
2016-10-12 21:38 - 2016-10-12 21:38 - 00000000 ____D C:\Users\Mothership Zeta\AppData\LocalLow\Freejam
2016-10-12 21:36 - 2016-10-12 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-10-12 21:36 - 2016-10-12 22:20 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-10-12 21:24 - 2016-10-12 21:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-12 21:18 - 2016-10-12 21:18 - 00000202 _____ C:\Users\Mothership Zeta\Desktop\Robocraft.url
2016-10-12 20:48 - 2016-10-12 20:48 - 00001187 _____ C:\Users\Mothership Zeta\Desktop\Sublime text.lnk
2016-10-11 22:59 - 2016-10-11 23:02 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Google
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 20:30 - 2016-10-10 20:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-09 15:58 - 2016-10-09 16:31 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\LOOT
2016-10-09 15:26 - 2016-10-01 21:24 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-09 15:24 - 2016-10-01 23:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 28213696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-09 15:24 - 2016-10-01 23:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00493792 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-10-09 15:24 - 2016-10-01 23:15 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 14353328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 08685352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-09 15:23 - 2016-10-01 23:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-06 10:48 - 2016-10-06 10:48 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Zachtronics Industries
2016-10-05 20:50 - 2016-10-05 20:50 - 00000201 _____ C:\Users\Mothership Zeta\Desktop\Fallout 2.url
2016-10-05 18:47 - 2016-10-05 18:47 - 00000228 _____ C:\Users\Mothership Zeta\Desktop\RoboZZle - a social puzzle game.URL
2016-10-05 16:33 - 2016-10-05 16:33 - 00000213 _____ C:\Users\Mothership Zeta\Desktop\StackSkills.URL
2016-10-05 09:42 - 2016-10-09 14:36 - 00003816 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003866 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003804 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003628 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-10-09 14:35 - 00003568 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-05 09:42 - 2016-09-29 21:27 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-05 09:41 - 2016-09-17 08:11 - 00104384 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-10-05 09:41 - 2016-09-17 08:11 - 00094144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-05 09:41 - 2016-09-17 08:11 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-03 22:51 - 2016-10-03 23:10 - 00462566 _____ C:\Users\Mothership Zeta\Desktop\War Thunder Ground Attack Chart , by Your_SAT_Score.xlsx
2016-09-30 04:01 - 2016-09-30 04:01 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\RenPy
2016-09-28 05:28 - 2016-09-28 05:28 - 00001456 _____ C:\Users\Mothership Zeta\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-28 00:11 - 2016-09-28 00:11 - 00000000 ____D C:\Users\Mothership Zeta\Documents\みなとそふと
2016-09-27 02:13 - 2016-10-06 21:41 - 00000218 _____ C:\Users\Mothership Zeta\Desktop\Last's remaining plat on me.txt
2016-09-26 19:56 - 2016-09-26 19:56 - 00066900 _____ C:\Users\Mothership Zeta\Desktop\BeadandóKövetelményStatikusWeboldal.xlsx
2016-09-26 00:43 - 2016-09-26 00:43 - 00008192 _____ C:\Windows\d3dx.dat
2016-09-25 18:27 - 2016-09-25 18:28 - 00004321 _____ C:\Users\Mothership Zeta\Desktop\Windows spyware update remover.bat
2016-09-24 22:18 - 2016-09-24 22:18 - 00291404 _____ C:\Users\Mothership Zeta\Desktop\wotlk_war_prot_2010_01_26b.ods
2016-09-23 18:25 - 2016-09-23 18:26 - 00000000 ____D C:\Users\Mothership Zeta\Cisco Packet Tracer 6.2sv
2016-09-23 18:25 - 2016-09-23 18:25 - 00000208 _____ C:\Users\Mothership Zeta\.packettracer
2016-09-22 04:22 - 2016-09-09 20:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-22 04:22 - 2016-09-09 20:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-09-22 04:22 - 2016-09-09 20:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-22 04:22 - 2016-09-09 20:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-22 04:20 - 2016-09-17 02:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-09-22 04:20 - 2016-09-17 02:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-09-20 02:33 - 2016-10-12 20:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Sublime Text 3
2016-09-20 02:32 - 2016-09-20 02:32 - 00000734 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-09-19 21:20 - 2016-08-26 01:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-19 21:20 - 2016-08-26 01:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-19 20:46 - 2016-09-19 20:46 - 00026837 _____ C:\ProgramData\agent.1474310680.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 21:37 - 2015-07-08 00:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-19 21:34 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-19 21:34 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-19 21:28 - 2015-02-17 01:10 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Tox
2016-10-19 21:27 - 2015-10-20 08:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-19 21:27 - 2015-02-17 03:26 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\foobar2000
2016-10-19 21:26 - 2016-02-03 09:30 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-19 21:26 - 2015-09-01 14:18 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-19 21:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-19 21:23 - 2015-09-01 14:18 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-19 21:17 - 2015-01-06 19:14 - 00000000 ____D C:\Users\Mothership Zeta
2016-10-19 21:01 - 2015-01-10 11:55 - 00007674 _____ C:\Users\Mothership Zeta\AppData\Local\Resmon.ResmonCfg
2016-10-19 20:52 - 2016-01-13 18:31 - 00004130 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433939833
2016-10-19 03:18 - 2015-01-13 02:58 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\deluge
2016-10-19 03:16 - 2016-06-10 04:10 - 00000000 ____D C:\ProgramData\VMware
2016-10-19 03:14 - 2015-01-06 23:47 - 00678216 _____ C:\Windows\system32\perfh00E.dat
2016-10-19 03:14 - 2015-01-06 23:47 - 00405160 _____ C:\Windows\system32\perfh011.dat
2016-10-19 03:14 - 2015-01-06 23:47 - 00167188 _____ C:\Windows\system32\perfc00E.dat
2016-10-19 03:14 - 2015-01-06 23:47 - 00119042 _____ C:\Windows\system32\perfc011.dat
2016-10-19 03:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-19 03:12 - 2016-06-10 04:11 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\VMware
2016-10-19 03:12 - 2016-06-10 04:11 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\VMware
2016-10-19 01:53 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Security
2016-10-19 01:37 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-10-19 01:33 - 2015-01-28 10:29 - 00000000 ____D C:\Windows\erdnt
2016-10-18 23:17 - 2016-01-12 05:11 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\CrashDumps
2016-10-18 21:06 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-17 20:15 - 2015-01-24 23:22 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-10-17 03:40 - 2015-03-22 02:54 - 00000000 ____D C:\Windows\Minidump
2016-10-16 17:57 - 2015-01-06 20:51 - 00000008 __RSH C:\Users\Mothership Zeta\ntuser.pol
2016-10-16 17:51 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-16 17:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-10-16 07:23 - 2016-08-14 02:40 - 00012800 _____ C:\Users\Mothership Zeta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-15 19:59 - 2015-06-10 14:41 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-15 19:28 - 2015-01-09 03:14 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Warframe
2016-10-15 11:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-15 10:28 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\RemotePackages
2016-10-15 09:59 - 2015-01-06 20:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-15 04:36 - 2015-01-07 23:58 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-15 01:06 - 2015-01-06 19:36 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Apps\2.0
2016-10-14 23:28 - 2009-07-14 07:13 - 02138780 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-14 23:01 - 2015-10-01 21:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-14 15:41 - 2015-01-06 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-14 01:28 - 2015-09-01 14:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 03:47 - 2016-02-03 10:26 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 03:46 - 2016-02-16 21:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 22:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-12 22:28 - 2015-06-03 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-10-12 21:54 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-12 21:37 - 2015-07-08 00:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 21:37 - 2015-06-10 14:41 - 00003920 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-12 21:37 - 2015-01-06 20:16 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-12 21:37 - 2015-01-06 20:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 21:37 - 2015-01-06 20:15 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-12 21:34 - 2014-08-21 22:55 - 02102062 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-12 04:10 - 2015-01-03 02:50 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\MPC-HC
2016-10-12 01:39 - 2016-07-15 12:46 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\Battle.net
2016-10-11 23:08 - 2015-01-03 02:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\TeamViewer
2016-10-11 23:08 - 2015-01-03 02:44 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\DAEMON Tools Lite
2016-10-11 23:06 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Maintenance
2016-10-11 23:02 - 2016-02-18 08:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-10 00:54 - 2015-01-03 02:51 - 00000000 ____D C:\Users\Mothership Zeta\Desktop\Progs
2016-10-09 15:27 - 2015-06-03 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-09 15:26 - 2016-03-13 13:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-09 15:21 - 2015-01-03 02:47 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\vlc
2016-10-09 14:36 - 2015-06-03 09:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-09 14:35 - 2015-06-03 09:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-09 14:35 - 2015-06-03 09:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-06 11:13 - 2015-06-11 13:58 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Roaming\Fallout2
2016-10-05 12:25 - 2015-06-03 09:45 - 00000000 ____D C:\Users\Mothership Zeta\AppData\Local\NVIDIA Corporation
2016-10-03 13:07 - 2015-10-23 18:34 - 00000276 _____ C:\Users\Mothership Zeta\Desktop\Debts.txt
2016-10-01 23:15 - 2015-10-20 08:08 - 19856296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 03919048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 03459448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-01 23:15 - 2015-10-20 08:08 - 00039730 _____ C:\Windows\system32\nvinfo.pb
2016-10-01 21:44 - 2016-02-03 02:36 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-01 21:44 - 2016-02-03 02:36 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 02473408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-10-01 21:44 - 2015-10-20 08:09 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-01 21:44 - 2015-10-20 08:09 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-01 02:26 - 2015-10-20 08:09 - 07422645 _____ C:\Windows\system32\nvcoproc.bin
2016-09-30 06:24 - 2016-01-10 05:05 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01842624 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01444288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-09-30 06:24 - 2015-06-03 09:41 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-09-28 05:23 - 2015-02-06 00:11 - 00000132 _____ C:\Users\Mothership Zeta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-27 15:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-26 13:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-26 12:13 - 2015-05-12 21:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-09-19 10:42 - 2016-06-08 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

==================== Files in the root of some directories =======

2015-02-06 00:11 - 2016-09-28 05:23 - 0000132 _____ () C:\Users\Mothership Zeta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-01 13:12 - 2015-12-22 04:42 - 0000600 _____ () C:\Users\Mothership Zeta\AppData\Roaming\winscp.rnd
2016-09-28 05:28 - 2016-09-28 05:28 - 0001456 _____ () C:\Users\Mothership Zeta\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-14 02:40 - 2016-10-16 07:23 - 0012800 _____ () C:\Users\Mothership Zeta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-19 00:55 - 2016-10-19 00:55 - 0000218 _____ () C:\Users\Mothership Zeta\AppData\Local\recently-used.xbel
2015-01-10 11:55 - 2016-10-19 21:01 - 0007674 _____ () C:\Users\Mothership Zeta\AppData\Local\Resmon.ResmonCfg
2016-09-19 20:46 - 2016-09-19 20:46 - 0026837 _____ () C:\ProgramData\agent.1474310680.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 09:14

==================== End of FRST.txt ============================

 

Fresh additions.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Mothership Zeta (19-10-2016 21:41:17)
Running from C:\Users\Mothership Zeta\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-01-06 17:14:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2023354540-3781334245-3500207766-500 - Administrator - Disabled)
Guest (S-1-5-21-2023354540-3781334245-3500207766-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2023354540-3781334245-3500207766-1002 - Limited - Enabled)
Mothership Zeta (S-1-5-21-2023354540-3781334245-3500207766-1000 - Administrator - Enabled) => C:\Users\Mothership Zeta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
Anti-Vibrate Oscar Editor (HKLM-x32\...\InstallShield_{5600BE52-805C-4847-93F2-7921116ED0B3}) (Version: 12.08.0005 - A4TECH)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bejeweled 3 (HKLM\...\Steam App 78000) (Version:  - PopCap Games, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.25.1378 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BoneCraft (HKLM-x32\...\{001FD094-E6A3-483E-A699-05FD6D332D79}) (Version: 1.0.4 - D-Dub Software)
BoneTown (HKLM-x32\...\{5E7C721D-B008-4269-A1C4-2CE7E9757983}) (Version: 1.1.0 - DWC Software)
BookWorm Deluxe (HKLM\...\Steam App 3370) (Version:  - PopCap Games, Inc.)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)
Curse Client (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
DMIView Ver.1.5 B12.0314.1 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.5 - GIGABYTE)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Battle Fantasy 3 (HKLM\...\Steam App 521200) (Version:  - Matt Roszak)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version:  - Matt Roszak)
Epic Games Launcher (HKLM\...\{6EF9417C-C8BF-45D9-B61C-D9EB6007D6E6}) (Version: 1.1.22.0 - Epic Games, Inc.)
EVE Online (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\{98593695-6b45-4d46-babc-0919c38353b6}) (Version: 1.0.0 - CCP)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.2 - EVEMon Development Team)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 2 (HKLM\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout Tactics (HKLM-x32\...\3_is1) (Version: 2.1.0.12 - GOG.com)
Feeding Frenzy 2: Shipwreck Showdown Deluxe (HKLM\...\Steam App 3390) (Version:  - PopCap Games, Inc.)
FO2 Restoration Project 2.3.3 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version:  - killap)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
Honeyview (HKLM\...\Honeyview) (Version: 5.03 - Bandisoft.com)
IdleMaster (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
IdleMaster (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\64f315a695d36dc0) (Version: 0.8.0.0 - IdleMaster)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
ILLUSION HoneySelect ハニーシャワービューアー (HKLM-x32\...\{B97606A1-0F02-468D-A15F-98351D685893}) (Version: 1.00.0000 - ILLUSION)
ILLUSION Sexyビーチ プレミアムリゾート (HKLM-x32\...\{62DD4BF1-8915-4ACB-AF67-0771278ECE86}) (Version: 1.00.0000 - ILLUSION)
ILLUSION 人工少女2 (HKLM-x32\...\{1AB16B10-3B55-499E-9918-5527DD082C6D}) (Version: 1.00.0000 - ILLUSION)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KCP-0.6.0.6 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.6.0.6 - Haruhichan.com)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Lowglow (HKLM-x32\...\Steam App 405950) (Version:  - Rockodile)
Machinima Studio (HKLM\...\{517500ED-35B9-43C1-9F60-6B31E111E2D3}) (Version: 1.0.0 - BC)
Majikoi English (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Majikoi English) (Version: 1.0.0.0 - Unlimited Chat Works)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help-friss咜駸 (KB963678) (HKLM-x32\...\{90120000-0016-040E-0000-0000000FF1CE}_ENTERPRISE_{76BD9044-91EB-46FC-8CA6-0AA239BB8A93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help-friss咜駸 (KB963669) (HKLM-x32\...\{90120000-0018-040E-0000-0000000FF1CE}_ENTERPRISE_{6863CE52-1321-482E-B930-B325EE09AEFF}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help-friss咜駸 (KB963665) (HKLM-x32\...\{90120000-001B-040E-0000-0000000FF1CE}_ENTERPRISE_{0E56E23A-EDB8-42C7-A285-7258C5944EB4}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Mozilla Firefox 49.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x64 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 en-GB)) (Version: 45.4.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.0.0 - Duodian Technology Co. Ltd.)
Nsauditor 2.7.7 (HKLM-x32\...\Nsauditor_is1) (Version:  - Nsasoft llc.)
Nutaku Launcher (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\NutakuLauncher) (Version: 1.6.0 - Nutaku)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 40.0.2308.90 (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Opera 40.0.2308.90) (Version: 40.0.2308.90 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
OSCAR Editor (x32 Version: 12.08.0005 - A4TECH) Hidden
osu! (HKLM-x32\...\{8c04a192-33f9-45db-a0b9-937832d73ea0}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.92.21.0 - Overwolf Ltd.)
Peggle Deluxe (HKLM\...\Steam App 3480) (Version:  - PopCap Games, Inc.)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.7.0.5 - OpenVPN Technologies)
qTox (HKLM-x32\...\qTox) (Version: 1.0 - The qTox Project)
Raptor: Call of the Shadows (1994 Classic Edition) (HKLM\...\Steam App 358360) (Version:  - Cygnus Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.007 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Revolution Ace (HKLM-x32\...\Steam App 274560) (Version:  - Laser Guided Games)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPGƒcƒN[ƒ‹VX RTP (HKLM-x32\...\RPGƒcƒN[ƒ‹VX RTP_is1) (Version: 1.02 - Enterbrain)
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version:  - Winged Cloud)
Sengoku Rance English v1.01 (HKLM-x32\...\Sengoku Rance English_is1) (Version:  - Yandere Translations)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Shower With Your Dad Simulator 2015: Do You Still Shower With Your Dad (HKLM-x32\...\Steam App 359050) (Version:  - marbenx)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM-x32\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
SpaceChem (HKLM\...\Steam App 92800) (Version:  - Zachtronics)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Starsector by Fractal Softworks LLC (HKLM-x32\...\Starsector) (Version:  - )
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Sudeki (HKLM\...\Steam App 233350) (Version:  - Climax Studios)
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
System Shock 2 (HKLM-x32\...\1207659172_is1) (Version: 2.3.0.11 - GOG.com)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision)
Tony Hawk's Underground 2 (x32 Version: 1.00.0000 - Activision) Hidden
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Manager B12.1113.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
Uplink (HKLM-x32\...\Uplink_is1) (Version:  - GOG.com)
Valkyria Chronicles™ (HKLM\...\Steam App 294860) (Version:  - SEGA)
VIA Platform eszközkezelő (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vopt 9 (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\{548CC5A0-F2E2-11DD-6172-0DC7E1C11916}) (Version: 9.20.0.0 - Golden Bow Systems)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warblade 1.33 (HKLM-x32\...\{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1) (Version:  - EMV Software AS)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM\...\Steam App 56400) (Version:  - Relic Entertainment)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WildStar (HKLM\...\Steam App 376570) (Version:  - Carbine Studios)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl)
Wise Auto Shutdown 1.45 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.45 - WiseCleaner.com, Inc.)
WO Mic Client (HKLM-x32\...\WOMic) (Version:  - )
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment)
World of Warships (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XSplit Broadcaster (HKLM-x32\...\{03337309-88D6-47AC-84AA-AC3C099F37C2}) (Version: 2.1.1412.1528 - SplitmediaLabs)
Youtube Downloader HD v. 2.9.9.27 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
グリザイアの果実 (HKLM-x32\...\FW_Grisaia) (Version:  - )
真剣で私に恋しなさい (HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\majikoi) (Version:  - みなとそふと)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> D:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064455FC-5F74-4C77-8F3F-21C71D2BE8EB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {0BF46B9C-BFEA-4030-8010-6F6814C244F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {22392B74-0262-4053-B12E-C0511D89081F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {226055B4-261E-4B30-BC4B-21FACA784D31} - System32\Tasks\Overwolf Updater Task => D:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-02-11] (Overwolf LTD)
Task: {2F8BD19A-C331-4819-8C79-BDD29054A595} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {3978CE33-9F00-41A3-8E7D-21FCE87CDC33} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {42E8F07C-6F28-4F0A-8599-DD073FC834FD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-01] (Dropbox, Inc.)
Task: {497071B4-1CEC-4329-BB09-2596ADE97FD0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {4A4B4480-DD00-4B14-92AD-61510402BFFB} - System32\Tasks\Opera scheduled Autoupdate 1433939833 => D:\Program Files (x86)\Opera\launcher.exe [2016-10-17] (Opera Software)
Task: {5A4C409E-5178-4551-BF52-9DF5E400DE28} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {5ACF75E7-40F5-44EE-993B-2A0FD12FEE80} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {6F3A12F2-68B6-41D9-BE2D-FB51B6DCB686} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-01] (Dropbox, Inc.)
Task: {B18356EE-D265-4546-B466-CDC583F5F8BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {B3EB95DD-BC62-4834-B626-41E7DA380AD8} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {BF26BC98-FAC9-4D6E-A8F3-116E7E99E362} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2023354540-3781334245-3500207766-1000
Task: {C90FA136-F29D-4602-B97D-6AC146761E5A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {CC39D20E-855F-49EA-A470-F0DF24D0550D} - System32\Tasks\SafeZone scheduled Autoupdate 1449497105 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {DC78CF43-9A57-4CC7-9359-300DFFD61EE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {E3D75303-8A96-4024-97B0-9FAF457C019F} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Mothership_20Zeta => D:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2016-01-31] (H.D.S. Hungary)
Task: {F6687145-BDD6-494F-96A5-75057AA75F28} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-03 09:38 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-09 12:10 - 2016-05-09 12:10 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpbr.mdl
2016-05-09 12:10 - 2016-05-09 12:10 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpdsp.mdl
2016-05-09 12:10 - 2016-05-09 12:10 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpph.mdl
2016-05-09 12:10 - 2016-05-09 12:10 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttprbl.mdl
2016-10-05 09:42 - 2016-09-30 06:24 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-05 09:42 - 2016-09-30 06:24 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-05 09:42 - 2016-09-30 06:24 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-02-18 23:22 - 2016-02-18 23:22 - 01493224 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2015-10-20 08:09 - 2016-10-01 21:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX64.dll
2012-08-17 12:44 - 2012-08-17 12:44 - 03345408 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
2016-08-10 19:11 - 2016-08-10 19:11 - 19758592 _____ () D:\Program Files\qTox\bin\qtox.exe
2016-08-10 18:55 - 2016-08-10 18:55 - 00920067 _____ () D:\Program Files\qTox\bin\OpenAL32.dll
2016-08-26 22:09 - 2016-08-26 22:09 - 00551026 _____ () D:\Program Files\qTox\bin\libgcc_s_seh-1.dll
2016-08-26 22:09 - 2016-08-26 22:09 - 08916037 _____ () D:\Program Files\qTox\bin\libstdc++-6.dll
2016-10-05 09:42 - 2016-09-29 19:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-05 09:42 - 2016-09-29 19:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-05 09:42 - 2016-09-29 19:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-05 09:42 - 2016-09-29 19:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-05 09:42 - 2016-09-29 19:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-05 09:42 - 2016-09-29 19:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-05 09:42 - 2016-09-29 19:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-06-03 09:41 - 2016-09-30 06:24 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-07-01 08:20 - 2016-09-08 05:14 - 00784672 _____ () D:\Steam\SDL2.dll
2015-01-20 17:18 - 2016-09-01 03:02 - 04969248 _____ () D:\Steam\v8.dll
2015-01-20 17:18 - 2016-09-01 03:02 - 01563936 _____ () D:\Steam\icui18n.dll
2015-01-20 17:18 - 2016-09-01 03:02 - 01195296 _____ () D:\Steam\icuuc.dll
2014-05-22 11:02 - 2016-10-13 03:58 - 02321696 _____ () D:\Steam\video.dll
2014-08-29 11:56 - 2016-01-27 09:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2014-08-29 11:56 - 2016-01-27 09:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
2014-08-29 11:56 - 2016-01-27 09:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
2014-08-29 11:56 - 2016-01-27 09:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
2014-08-29 11:56 - 2016-01-27 09:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
2013-07-26 14:46 - 2016-10-13 03:58 - 00836896 _____ () D:\Steam\bin\chromehtml.DLL
2016-03-09 04:01 - 2016-07-05 00:17 - 00266560 _____ () D:\Steam\openvr_api.dll
2015-07-14 02:46 - 2016-10-12 20:36 - 01205024 _____ () D:\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\driver_lighthouse.dll
2016-04-28 20:17 - 2016-10-12 20:35 - 00046368 _____ () D:\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\aitcamlib.dll
2016-04-28 20:17 - 2016-04-28 20:17 - 00167936 _____ () D:\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\AitUVCExtApi.dll
2016-04-28 20:16 - 2016-04-28 20:17 - 00322560 _____ () D:\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\AitH264Capture.dll
2015-07-14 02:46 - 2016-10-12 20:35 - 00069408 _____ () D:\Steam\steamapps\common\SteamVR\drivers\oculus\bin\win32\driver_oculus.dll
2016-04-28 20:17 - 2016-10-12 20:35 - 00053536 _____ () D:\Steam\steamapps\common\SteamVR\drivers\oculus_legacy\bin\win32\driver_oculus_legacy.dll
2015-07-14 02:46 - 2016-10-12 20:35 - 00078112 _____ () D:\Steam\steamapps\common\SteamVR\drivers\null\bin\win32\driver_null.dll
2014-05-01 16:15 - 2014-05-01 16:15 - 00463360 _____ () C:\Users\Mothership Zeta\AppData\Local\MEGAsync\ShellExtX32.dll
2013-05-04 13:57 - 2013-05-04 13:57 - 00095712 _____ () D:\Program Files (x86)\foobar2000\zlib1.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 00160720 _____ () D:\Program Files (x86)\foobar2000\shared.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00352768 _____ () D:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00303104 _____ () D:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00532480 _____ () D:\Program Files (x86)\foobar2000\components\foo_converter.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00306176 _____ () D:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2016-05-11 15:11 - 2011-10-13 20:23 - 00140288 _____ () D:\Program Files (x86)\foobar2000\components\foo_dsp_soundtouch.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00200192 _____ () D:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2015-03-16 15:50 - 2015-03-16 15:50 - 00783584 _____ () C:\Users\Mothership Zeta\AppData\Roaming\foobar2000\user-components\foo_midi\foo_midi.dll
2015-01-14 12:26 - 2015-01-14 12:26 - 00364544 _____ () D:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2016-03-20 01:43 - 2016-03-20 01:43 - 00544992 _____ () C:\Users\Mothership Zeta\AppData\Roaming\foobar2000\user-components\foo_dumb\foo_dumb.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00201216 _____ () D:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01398248 _____ () D:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00290816 _____ () D:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00258560 _____ () D:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01084392 _____ () D:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2010-12-02 18:56 - 2010-12-02 18:56 - 00815104 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\OSD_Text\OSD_Text.dll
2011-01-09 21:45 - 2011-01-09 21:45 - 00088064 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 16:59 - 2012-06-14 16:59 - 02414080 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 12:17 - 2012-05-17 12:17 - 01000448 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 00085504 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ZoomControl.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 00054272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 16:14 - 2011-04-12 16:14 - 00063488 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 21:16 - 2010-11-01 21:16 - 00062976 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 12:40 - 2012-04-27 12:40 - 00118272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_Wheel4D.dll
2015-09-13 18:07 - 2015-09-13 18:07 - 00099328 _____ () D:\Program Files (x86)\Deluge\win32api.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00109056 _____ () D:\Program Files (x86)\Deluge\pywintypes27.dll
2015-09-13 18:07 - 2015-09-13 18:07 - 00395776 _____ () D:\Program Files (x86)\Deluge\pythoncom27.dll
2016-06-27 16:21 - 2016-06-27 16:21 - 01014272 _____ () D:\Program Files (x86)\Deluge\_hashlib.pyd
2016-06-27 16:20 - 2016-06-27 16:20 - 00047616 _____ () D:\Program Files (x86)\Deluge\_socket.pyd
2016-06-27 16:21 - 2016-06-27 16:21 - 01405440 _____ () D:\Program Files (x86)\Deluge\_ssl.pyd
2016-06-27 16:20 - 2016-06-27 16:20 - 00092672 _____ () D:\Program Files (x86)\Deluge\_ctypes.pyd
2011-04-09 09:59 - 2011-04-09 09:59 - 00058368 _____ () D:\Program Files (x86)\Deluge\glib._glib.pyd
2011-04-09 09:59 - 2011-04-09 09:59 - 00113152 _____ () D:\Program Files (x86)\Deluge\gobject._gobject.pyd
2016-07-20 16:49 - 2016-07-20 16:49 - 00019456 _____ () D:\Program Files (x86)\Deluge\zope.interface._zope_interface_coptimizations.pyd
2016-07-20 16:49 - 2016-07-20 16:49 - 01830400 _____ () D:\Program Files (x86)\Deluge\cryptography.hazmat.bindings._openssl.pyd
2016-07-20 16:48 - 2016-07-20 16:48 - 00118784 _____ () D:\Program Files (x86)\Deluge\_cffi_backend.pyd
2016-06-27 16:20 - 2016-06-27 16:20 - 00688128 _____ () D:\Program Files (x86)\Deluge\unicodedata.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00035840 _____ () D:\Program Files (x86)\Deluge\win32process.pyd
2016-06-27 16:20 - 2016-06-27 16:20 - 00011264 _____ () D:\Program Files (x86)\Deluge\select.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00118784 _____ () D:\Program Files (x86)\Deluge\win32file.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00017408 _____ () D:\Program Files (x86)\Deluge\win32event.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00166912 _____ () D:\Program Files (x86)\Deluge\win32gui.pyd
2011-04-09 10:02 - 2011-04-09 10:02 - 01882624 _____ () D:\Program Files (x86)\Deluge\gtk._gtk.pyd
2012-02-09 00:50 - 2012-02-09 00:50 - 01294335 _____ () D:\Program Files (x86)\Deluge\libcairo-2.dll
2012-02-09 00:50 - 2012-02-09 00:50 - 00279059 _____ () D:\Program Files (x86)\Deluge\libfontconfig-1.dll
2012-02-09 00:50 - 2012-02-09 00:50 - 00143096 _____ () D:\Program Files (x86)\Deluge\libexpat-1.dll
2012-02-09 00:50 - 2012-02-09 00:50 - 00538324 _____ () D:\Program Files (x86)\Deluge\freetype6.dll
2012-02-09 00:51 - 2012-02-09 00:51 - 00230529 _____ () D:\Program Files (x86)\Deluge\libpng14-14.dll
2012-02-09 00:51 - 2012-02-09 00:51 - 00100352 _____ () D:\Program Files (x86)\Deluge\zlib1.dll
2010-11-02 21:35 - 2010-11-02 21:35 - 00069632 _____ () D:\Program Files (x86)\Deluge\cairo._cairo.pyd
2011-04-09 09:59 - 2011-04-09 09:59 - 00263168 _____ () D:\Program Files (x86)\Deluge\gio._gio.pyd
2011-04-09 10:03 - 2011-04-09 10:03 - 00111616 _____ () D:\Program Files (x86)\Deluge\pango.pyd
2011-04-09 10:03 - 2011-04-09 10:03 - 00208384 _____ () D:\Program Files (x86)\Deluge\atk.pyd
2011-04-09 10:03 - 2011-04-09 10:03 - 00017920 _____ () D:\Program Files (x86)\Deluge\pangocairo.pyd
2011-04-09 10:03 - 2011-04-09 10:03 - 00018944 _____ () D:\Program Files (x86)\Deluge\gtk.glade.pyd
2012-02-09 00:51 - 2012-02-09 00:51 - 00168833 _____ () D:\Program Files (x86)\Deluge\libglade-2.0-0.dll
2012-02-09 00:51 - 2012-02-09 00:51 - 01225225 _____ () D:\Program Files (x86)\Deluge\libxml2-2.dll
2016-07-20 16:53 - 2016-07-20 16:53 - 00058368 _____ () D:\Program Files (x86)\Deluge\rencode._rencode.pyd
2015-09-13 18:07 - 2015-09-13 18:07 - 00023040 _____ () D:\Program Files (x86)\Deluge\win32pipe.pyd
2016-07-20 16:50 - 2016-07-20 16:50 - 00962048 _____ () D:\Program Files (x86)\Deluge\PIL._imaging.pyd
2016-07-20 17:05 - 2016-07-20 17:05 - 00156686 _____ () D:\Program Files (x86)\Deluge\lib\gtk-2.0\2.10.0\engines\libmurrine.dll
2012-02-09 00:51 - 2012-02-09 00:51 - 00062248 _____ () D:\Program Files (x86)\Deluge\lib\gtk-2.0\2.10.0\engines\libpixmap.dll
2016-10-05 09:42 - 2016-09-30 06:23 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-14 04:03 - 2016-08-04 22:56 - 49825056 _____ () D:\Steam\bin\cef\cef.winxp\libcef.dll
2015-01-20 17:16 - 2015-09-25 01:52 - 00119208 _____ () D:\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\Defogger.exe:BDU [0]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\FRST64.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-10-19 21:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mothership Zeta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4AB1D797-9B48-4E41-9BAD-D5DCC188B7D4}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{C0AF7169-2EB6-4265-A8A8-CF9FF229AFAE}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{18C96703-6970-4DF6-8FC0-6729401F7CA1}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F5ACE68-3540-4934-99C4-055482D04796}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{29FF971D-B56C-481D-9327-A63627577FD3}] => (Allow) C:\Users\Mothership Zeta\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9636866-1439-4AAF-AA80-2F47E33ADCEC}] => (Allow) C:\Users\Mothership Zeta\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A4CD1D1-D94A-4994-9119-B0732747DF5B}] => (Allow) D:\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{630C8C7D-DF0C-4E69-93F5-D8D20130C40E}] => (Allow) D:\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{9981FD5E-DA45-4F08-BCAD-5DCA980345B5}] => (Allow) D:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{0D458A68-5069-4096-9DDE-E6557863CE15}] => (Allow) D:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [TCP Query User{2A7315E8-803B-41D5-82DF-7C76B520EA57}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{1414F300-5B1E-4808-8FB4-62BF220608D0}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{9695889E-9FED-4F99-B8F2-8C4EEE5B08E7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{33EE8AD5-4A64-4707-A0F7-304A7128199F}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [TCP Query User{2EB3F9D5-4ED4-4F22-BCCB-2C6B2A409B16}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{91AE978F-DCFE-47E1-A4EB-7DE1D9DC4B72}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{CD494552-B9CE-4896-8EB6-5B269B035183}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{2DF587F6-6C7B-4F54-B4BE-555E0A73E904}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{5B8AA9A2-10DB-4BD5-9AD3-374BFC35170E}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{C337E3ED-6E60-485A-8029-D47C449B1D04}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{1F63D8CF-1561-4796-956C-21CB41BAD86D}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{41B9F5E7-3ECE-47AB-93FE-F4BAD747AACB}D:\program files (x86)\winamp\winamp.exe] => (Allow) D:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{38D697A1-9010-4307-8A5D-341AAEE7D353}D:\games\eve online\bin\exefile.exe] => (Allow) D:\games\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{9E444C60-45E3-4AB0-8E73-09CCA0F334FC}D:\games\eve online\bin\exefile.exe] => (Allow) D:\games\eve online\bin\exefile.exe
FirewallRules: [TCP Query User{00B7AFD7-3340-46B8-B68F-23CD345189A4}D:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) D:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{2F6661A1-5D10-413D-9CA3-F7C380BC5E6D}D:\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) D:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{747AE67E-4852-4995-B903-0E01F4AFAC14}] => (Allow) D:\Steam\steamapps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{218D85BC-44EC-4D97-942E-7BC5A44B636F}] => (Allow) D:\Steam\steamapps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{1D173E8B-3F37-4002-9941-969637E1BD75}] => (Allow) D:\Steam\steamapps\common\Beat Hazard\runme.exe
FirewallRules: [{EE04EE9F-DE49-47E9-BB7B-8EA743F34630}] => (Allow) D:\Steam\steamapps\common\Beat Hazard\runme.exe
FirewallRules: [{45F2DAA5-3A32-4597-9414-733614D747E1}] => (Allow) D:\Steam\steamapps\common\half-life 2\hl2.exe
FirewallRules: [{0F997771-327E-42C4-98D1-DEC3C4EFE57F}] => (Allow) D:\Steam\steamapps\common\half-life 2\hl2.exe
FirewallRules: [{2960EBEF-02AA-4C4E-80D0-8D5EDC70BDE7}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{42E6C962-4858-452E-8253-D90848A846BF}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{ACA9B7C2-0E72-4031-959F-6C996844F1FB}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{0320A4EE-B445-4DA8-9233-E3FA804E71E6}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{9477D6ED-7938-4792-BCA7-1ADA28A6BAED}] => (Allow) D:\Steam\steamapps\common\SavantAscent\Savant_Ascent.exe
FirewallRules: [{A4CA85D8-001A-496E-AFE6-852ACCFC7D78}] => (Allow) D:\Steam\steamapps\common\SavantAscent\Savant_Ascent.exe
FirewallRules: [TCP Query User{EC02D2C9-5482-49A8-BD5E-E89227A45882}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{C845A370-9DD2-4101-9494-6C885BAC9F37}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [TCP Query User{56447411-3672-429A-BF06-45E5C7CFEC0D}D:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) D:\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{D78F894D-6EF9-418F-85A4-F58BF8A7AD1C}D:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) D:\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [{43BB41E2-132B-41E9-927A-11BC9A037087}] => (Allow) D:\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{B6F8843B-81E6-44B4-BF7E-3F4DE689EB52}] => (Allow) D:\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe
FirewallRules: [{117EE9B7-7127-4BA6-98D2-1D9FB5722F95}] => (Allow) D:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{7E7FBC5B-D98F-4AAA-B85D-E3CF9C1A5DBC}] => (Allow) D:\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{89270AE5-A7FA-408F-B07C-71F6ACAED1E8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A5AD6549-B23F-45D9-B301-0F31DA6E0DAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0E9FC72D-F778-4B51-BDDE-2163E2A5CEC2}] => (Allow) D:\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{4566803C-3EEA-4726-B725-5F837A744013}] => (Allow) D:\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{CBFCC09A-1D4B-4BFE-A1BD-A38C769B72BF}] => (Allow) D:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{D66D7F4B-EEBF-4CE2-9BA2-1DD4F0C5F0D6}] => (Allow) D:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{674AE544-48E5-4CF7-9536-7BE83EC59533}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{8E5E5A55-FDB7-47B9-8D69-F322FD1F8159}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{309087A0-3558-495D-88FE-2DCF9B58392F}] => (Allow) D:\Steam\steamapps\common\Epic Battle Fantasy 4\EBF4.exe
FirewallRules: [{027ABE21-77FC-429E-AE5E-CC857F078636}] => (Allow) D:\Steam\steamapps\common\Epic Battle Fantasy 4\EBF4.exe
FirewallRules: [{71E4F2E3-1C72-4D67-8D11-1D263160C09D}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{152DAEA5-7E29-4CD4-8216-A49B8455067B}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1035A840-21B7-4DEC-9AB1-4B6E05846EDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{50E8F0AF-E923-46C1-BFCF-60489C9C327A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A14B3A53-72CD-46C8-9C67-7E482D719BA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9CF5FA36-4314-4FD1-A0FA-5A5F6712037D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1229B0D0-0DDB-4ECF-AEE7-DC5BE59364D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DB0B6C23-FCC4-46F8-B6AA-25B2BB21427C}] => (Allow) D:\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{40EB699F-3837-4672-871F-35844542A0C8}] => (Allow) D:\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{D3C4B60C-F8CD-4A6E-8AE6-1F3D6607FDE3}] => (Allow) D:\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{F8F2C185-0526-4127-8196-86BB9896FE0C}] => (Allow) D:\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{62D2AA67-AD44-4A3B-9627-B59FF8F80157}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{51BF77C6-E116-4D6F-9B13-DC48A45B54BC}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{84B8EB28-7F87-4A68-9BD8-5F5D6436D181}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B96BC332-A667-432E-8C11-33F2EC692E2C}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F76E856-464C-4A74-9B02-707FE6500F8E}] => (Allow) D:\Steam\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{53385239-6F37-4B28-A312-1831FA6DA652}] => (Allow) D:\Steam\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{8F3548B9-527D-40CB-A329-E229DEB878C3}] => (Allow) D:\Steam\steamapps\common\Revolution Ace\Binaries\Win32\ShmupGame.exe
FirewallRules: [{009DF06D-FD1D-4050-B74B-BFE8E89EE6B5}] => (Allow) D:\Steam\steamapps\common\Revolution Ace\Binaries\Win32\ShmupGame.exe
FirewallRules: [{92CEF6FD-4D9B-488D-944D-59367D3DA9A2}] => (Allow) D:\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{57C55FB6-C2D8-45EC-9DC3-01D027B673C5}] => (Allow) D:\Steam\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{7E2F1B41-56B3-45E4-99B2-4A3F79BF82F7}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{9B76682D-E241-4DC8-9572-9CC34C499BB8}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{7149F25A-3C34-42D9-85B8-A1D6ECCC6718}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [{69D411AF-D42A-4F42-B237-290C2B0673E6}] => (Allow) D:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{28B259FB-A34B-4993-AD65-6756DEEDCA57}] => (Allow) D:\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F75CC92C-EAA0-4537-A776-A0C7807D15B4}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FF70918C-EEA4-4709-864F-FF591D64D825}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BFCB10B8-B8BE-4953-A112-B15BC2BF13CC}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EE8EA7F8-80F2-42BE-94B9-04E4EA79EE73}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{47ED338A-928B-4EAF-841C-222DD418DC2C}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D6E45087-DC87-4F07-9DCA-44EC636AD359}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{BBDF60D1-A886-4A64-880F-13FECED127D2}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{50368ABE-D197-4326-94F9-05EE68C7D4F5}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9E31A00C-BAFB-4470-A826-9DF504E82F04}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FE5DA8CB-7140-468E-9F2E-5D823AB705D8}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3CC4D403-5E99-4012-B43E-39D94705D15A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7166EC0A-3449-4E55-96CD-4E1D82F066B4}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{81503DB2-72B5-4E34-BCB4-D7D8A10F54DE}] => (Allow) D:\Steam\steamapps\common\Lowglow\Lowglow.exe
FirewallRules: [{52F8BE90-6E31-4004-89D2-A5DA093E2208}] => (Allow) D:\Steam\steamapps\common\Lowglow\Lowglow.exe
FirewallRules: [TCP Query User{E220A4CD-B26D-4120-8A5C-7B2460DEAA43}D:\program files\qtox\bin\qtox.exe] => (Block) D:\program files\qtox\bin\qtox.exe
FirewallRules: [UDP Query User{976DA14C-7ACD-47B9-AF14-6FE742669DE4}D:\program files\qtox\bin\qtox.exe] => (Block) D:\program files\qtox\bin\qtox.exe
FirewallRules: [{4F886E96-5D82-404C-A93C-B29646BED1A4}] => (Allow) C:\Users\Mothership Zeta\Desktop\Security\Nsauditor\Nsauditor.exe
FirewallRules: [{E57CF89C-DB65-4662-B76B-2194C5E6458B}] => (Allow) C:\Users\Mothership Zeta\Desktop\Security\Nsauditor\Nsauditor.exe
FirewallRules: [{D098E55C-47F7-4BEA-B06F-68D1C4F056A1}] => (Allow) D:\Steam\steamapps\common\Raptor Call of the Shadows\Raptor - Call of the Shadows\Dosbox\dosbox.exe
FirewallRules: [{9D242569-D2BB-4281-8F62-6FB2C94576F6}] => (Allow) D:\Steam\steamapps\common\Raptor Call of the Shadows\Raptor - Call of the Shadows\Dosbox\dosbox.exe
FirewallRules: [{180E900F-B843-45F5-B9E6-B3B0F5BFDF3B}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{171B5A3C-C0E8-490F-A2F6-69F6FCCE09FF}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F29298DB-D05B-4506-9404-40BEACBE18BA}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4CE730C0-7788-4017-8D7E-3DFA3978693B}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B748F21E-CA9F-4428-8FA2-696A7B392204}] => (Allow) D:\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{11C6181B-6307-4BFC-8F0F-3EBAE116F395}] => (Allow) D:\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{78811ED7-E790-490C-B305-1C546C35B251}] => (Allow) D:\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{D2745E59-9BF9-45A5-9C87-0231A2E618BC}] => (Allow) D:\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{3F54FA0E-A4CC-40F9-AD82-17C4E78E5C26}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{59B33657-A9EE-42FE-9C1B-4DEEFB7B91E5}D:\program files\qtox\bin\qtox.exe] => (Allow) D:\program files\qtox\bin\qtox.exe
FirewallRules: [UDP Query User{8D0E763C-A8BD-48D8-AD16-683A273C9F8E}D:\program files\qtox\bin\qtox.exe] => (Allow) D:\program files\qtox\bin\qtox.exe
FirewallRules: [{D5CE06BA-D945-4BE2-9D32-3E8460AC1B65}] => (Allow) D:\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{8237004E-EA58-40F7-87BC-60DC53950797}] => (Allow) D:\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{510855AB-06B9-4353-81AA-B4FD62B2C309}] => (Allow) D:\Steam\steamapps\common\Revolution Ace\EQLauncher.exe
FirewallRules: [{87B05DC7-2091-472A-B751-C7287B6D7D34}] => (Allow) D:\Steam\steamapps\common\Revolution Ace\EQLauncher.exe
FirewallRules: [{EB85BF4F-AD6A-4EF0-91B3-957FE665A4F8}] => (Allow) D:\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{71572D0A-2D9C-47A3-8EB3-6E4DF4FD8AF5}] => (Allow) D:\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{F2B863DA-211E-415A-B004-0F0CD5DA0682}] => (Allow) C:\Users\Mothership Zeta\AppData\Local\Apps\2.0\XVWRXX8H.7NN\JXAAHKXJ.HNV\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{D4350D56-51DB-4817-9A5F-D5249E101FEC}] => (Allow) C:\Users\Mothership Zeta\AppData\Local\Apps\2.0\XVWRXX8H.7NN\JXAAHKXJ.HNV\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{C7F481FF-E302-437B-93E8-A7A580BA2427}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{5A892700-4E2D-4725-AF7C-33C8A6CE0BFE}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{65223EAD-337F-48B0-B26C-1EFBCB485D30}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{55465C38-451E-4980-A4F2-E3E2E2390936}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{FCFB316B-484C-4D6F-8F52-27EA2D3C7F61}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8ADF6BB9-2AFF-44A6-BAF1-33375519AA35}] => (Allow) D:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{89FC060A-52FA-468D-8FBB-66BB6826343F}] => (Allow) D:\Steam\steamapps\common\Sudeki\SudekiLauncher.exe
FirewallRules: [{C712BCC4-A3BB-46F9-B3AF-E462D3101DAE}] => (Allow) D:\Steam\steamapps\common\Sudeki\SudekiLauncher.exe
FirewallRules: [{729B06E0-5446-4A1D-9A3B-596012A7305A}] => (Allow) D:\Origin\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{6354E7E5-C9A3-4AAD-8C1B-352961E4DF5C}] => (Allow) D:\Origin\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{DB927F5C-1372-40A4-BF3D-3755FF635616}] => (Allow) D:\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{A43B33FF-1389-45E1-86F0-2243BA5F6AC6}] => (Allow) D:\Steam\steamapps\common\Peggle Deluxe\Peggle.exe
FirewallRules: [{D2E2A624-9F4C-4A4F-A20D-509842809669}] => (Allow) D:\Steam\steamapps\common\Feeding Frenzy 2 Deluxe\FeedingFrenzyTwo.exe
FirewallRules: [{4E5C585D-439A-4FAB-9402-6B280171601E}] => (Allow) D:\Steam\steamapps\common\Feeding Frenzy 2 Deluxe\FeedingFrenzyTwo.exe
FirewallRules: [{E325C6EB-0B8B-487F-AB54-6A4F252872B5}] => (Allow) D:\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{AA7FCAC2-ADCB-4CC2-8225-3BBAD3D7C81C}] => (Allow) D:\Steam\steamapps\common\BookWorm Deluxe\Bookworm.exe
FirewallRules: [{42708C20-EADE-4CC4-ADFC-230DFB5AE841}] => (Allow) D:\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F8AC9BA6-431F-4F1B-9997-94B764B217B5}] => (Allow) D:\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{50312F5D-3E40-4013-AFBD-91EAB298934F}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B570C52F-1AED-4CCA-B520-60273D26AC43}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{22FA1D78-ACB4-4344-B43B-ED523293192E}] => (Allow) D:\Steam\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [{9A5D5D7B-ED15-48C0-85D2-E30C1BD008D6}] => (Allow) D:\Steam\steamapps\common\WildStar\Steam_WildStar.exe
FirewallRules: [{D77AA647-A846-4113-9CA0-6BD577FFEE4B}] => (Allow) D:\Nox\Nox\bin\Nox.exe
FirewallRules: [{9F095B13-D336-4D5D-B07B-80B645AF8B47}] => (Allow) D:\Games\World of Warships\WoWSLauncher.exe
FirewallRules: [{3DCEE558-B0B7-4874-93ED-F7876FDC5CF4}] => (Allow) D:\Games\World of Warships\WoWSLauncher.exe
FirewallRules: [{40E4EAAA-0002-41E9-BC3D-8C4AA09198B4}] => (Allow) D:\Games\World of Warships\worldofwarships.exe
FirewallRules: [{9380D3F9-F160-434C-9872-08DD2BBE69EF}] => (Allow) D:\Games\World of Warships\worldofwarships.exe
FirewallRules: [{2A1E261A-6526-41BB-87DC-22D9ADFF079E}] => (Allow) D:\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{972DE00A-C924-43E0-B350-5CFF9FE552C5}] => (Allow) D:\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{1EF178FF-4E73-4862-87EB-AC385987B11D}] => (Allow) D:\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{D78AA116-53EB-4984-B018-ACAC0F548D15}] => (Allow) D:\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{7DC83D40-564D-468C-9186-096324914287}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{D1D36566-40E0-49CD-881C-F7F11DC5D4D0}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{8C34ECA0-8E3F-429A-9C5A-B9A0ED6D5736}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{2F745603-0A2A-471E-808E-DBBBB134C6D0}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{9C480E8E-4164-4566-BCB0-4D7EA8C9BBCC}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{881D7EB5-5596-4E2C-ABBB-5809ECD897EA}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{49C46C55-2B31-4173-A0F2-AC8D7B85BE96}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{AA2D0803-45F5-4349-A695-861A4A173E00}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{02327ED7-FEF5-450F-BF91-A0EB487AD98D}] => (Allow) D:\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{8A30B107-48BC-4C39-BAB3-C21B816C9D1F}] => (Allow) D:\Steam\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{27E0B3CD-3D01-4CEF-931A-A2B5DE0134BA}] => (Allow) D:\Steam\steamapps\common\SpaceChem\SpaceChem.exe
FirewallRules: [{E10725B4-BDF7-43FE-A10A-720B0B443630}] => (Allow) D:\Steam\steamapps\common\SpaceChem\SpaceChem.exe
FirewallRules: [{82EED41A-8644-4B7C-A3A0-DE79D30630F1}] => (Allow) D:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{A5CB8753-C648-4F8A-8CD8-27486CDB91B9}] => (Allow) D:\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{A0259D57-A113-4D79-8963-668252BB953C}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{4DE89B8A-E5BD-49FF-9222-66571DF39FE2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

19-10-2016 20:58:39 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2016 09:28:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (10/19/2016 09:28:01 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (10/19/2016 09:27:50 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (10/19/2016 09:27:50 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (10/19/2016 09:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2016 09:27:25 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (10/19/2016 09:27:25 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (10/19/2016 09:27:13 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.

Error: (10/19/2016 09:27:12 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.

Details:
    The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)

Error: (10/19/2016 08:57:48 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070005, Failed to add Gather Application: Windows>.


System errors:
=============
Error: (10/19/2016 09:40:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).

Error: (10/19/2016 09:40:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (10/19/2016 09:34:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).

Error: (10/19/2016 09:34:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (10/19/2016 09:30:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (10/19/2016 09:30:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (10/19/2016 09:29:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (10/19/2016 09:29:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.

Error: (10/19/2016 09:28:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (10/19/2016 09:28:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
Access is denied.


CodeIntegrity:
===================================
  Date: 2016-10-19 01:33:48.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-19 01:32:55.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-19 01:32:55.498
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-14 23:47:26.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-14 23:47:26.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-14 23:47:26.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-14 23:47:25.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-22 21:24:22.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-22 21:24:21.969
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-23 01:28:15.156
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 77%
Total physical RAM: 6107.13 MB
Available physical RAM: 1365.35 MB
Total Virtual: 7674.18 MB
Available Virtual: 2863.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:60 GB) (Free:7.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:401.73 GB) NTFS
Drive e: (Virtual Memory) (Fixed) (Total:6.13 GB) (Free:4.5 GB) NTFS
Drive f: () (Fixed) (Total:399.63 GB) (Free:245.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27342734)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=405.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EAFCAFC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Destroyer140, 19 October 2016 - 11:34 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 20 October 2016 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\Defogger.exe:BDU [0]
AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\FRST64.exe:BDU [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>

If the problem persist run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#12 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 20 October 2016 - 03:52 PM

Hi,

I re enabled and started the windows update service and started by running the farbar fixlist, I will paste the log at the end of this reply.

After a long wait sfc /Scannow finished verifying integrity to 94% and then started fixing corrupt stuff but it said it was unable to fix everything and it generated a near 8000 line log file which I'm uncertain if I should attach because the time it would take to go through that. While windows updates still seem incapable to look for new updates (loading endlessly), finally it's service no longer consuming an abnormal amount of ram (the most ram consuming svchost.exe is down to 217MB ram in use, which is perfectly normal I think).

EDIT: Scratch that last sentence, within a hour of things, svchost.exe returned to consume 1,3gb ram and 20% cpu.

Despite that I did ran Roguekiller, it however came up clean, despite still dislikeing my homepage, categorising it as a PUM, but that's it.

Now if we can somehow get rid of that weird I:\ virtual hard drive that seems to be immune even to defogger disabling, everything would be clean and fixed as far as I see it.

Fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016 Ran by Mothership Zeta (20-10-2016 20:37:25) Run:3 Running from C:\Users\Mothership Zeta\Desktop Loaded Profiles: Mothership Zeta (Available Profiles: Mothership Zeta) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\aswMBR.exe:BDU [0] AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\Defogger.exe:BDU [0] AlternateDataStreams: C:\Users\Mothership Zeta\Desktop\FRST64.exe:BDU [0] End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-2023354540-3781334245-3500207766-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully catchme => service removed successfully vmci => service removed successfully VMnetAdapter => service removed successfully Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) => Error: No automatic fix found for this entry. Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) => Error: No automatic fix found for this entry. C:\Windows\system32\d3dx10.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_33.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_34.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_35.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_36.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_37.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_38.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_39.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_40.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_41.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_42.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_43.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_33.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_34.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_35.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_36.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_37.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_38.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_39.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_40.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_41.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_42.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_43.dll => ":$CmdTcID" ADS removed successfully. "C:\Users\Mothership Zeta\Desktop\aswMBR.exe" => ":BDU" ADS not found. "C:\Users\Mothership Zeta\Desktop\Defogger.exe" => ":BDU" ADS not found. C:\Users\Mothership Zeta\Desktop\FRST64.exe => ":BDU" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74854751 B Java, Flash, Steam htmlcache => 114246849 B Windows/system/drivers => 21161 B Edge => 0 B Chrome => 0 B Firefox => 367225229 B Opera => 10906048 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 0 B Mothership Zeta => 20836512 B RecycleBin => 0 B EmptyTemp: => 568.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:38:58 ====


Edited by Destroyer140, 20 October 2016 - 04:09 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 21 October 2016 - 09:27 AM

What do have in the F: drive.
Drive f: () (Fixed) (Total:399.63 GB) (Free:245.17 GB) NTFS

Do you wish to remove the partition and gain the space?

#14 Destroyer140

Destroyer140
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hungary
  • Local time:08:21 PM

Posted 21 October 2016 - 10:06 AM

Drive C:\ is partitioned to 3 partition: C:\  E:\ and F:\ (formerly D:\). F:\ Used to be the partition of games, and basically everything else I didn't want to lose upon a windows install, but a few month ago I got a new 1TB hdd and changed D:\'s drive letter to F:\, named the new 1TB HDD-to D:\and copied over games, my secondary program files and program files (x86) folder from F:\to D:\, so that essentially "everything remained in the same location" in the registry.

These days F:\ Serves as "storage" for things I rarely use, such as music, larger downloads, backups etc...

What I'm looking to get rid of is I:\, which I incorrectly called "virtual hard drive" yesterday instead "virtual optical drive" yesterday, sorry about that.

I'll attach a screenshot and circle what I'm trying to get rid of:

Attached Files

  • Attached File  I.jpg   86.57KB   0 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 PM

Posted 22 October 2016 - 08:49 AM

All you need to know about partitions.
http://www.digitalcitizen.life/how-manage-your-disks-using-disk-management-utility

If you need assistance before proceeding I suggest you ask in the Internal Hardware forum. This is not my forte.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users