Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Think Im Infected] Internet Explorer/ Chrome Opens by itself etc.


  • Please log in to reply
19 replies to this topic

#1 Vivid_

Vivid_

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 15 November 2016 - 04:35 PM

So recently my computer has been acting very strangely.

  • Chrome would open by itself and open new windows 
  • In chrome it would start typing like ./././.10oi then stop
  • Still continues even if i disable my internet.

Ive tried scanning with the following:

  • Malware Bytes
  • adwcleaner
  • aswmbr
  • Junkware removal Tool
  • hitman Pro
  • tdsskiller
  • etc...

First it was opening chrome, then i unistalled chrome and then it started opening explorer

It did detect some stuff, however it has not cleared the issue.

Below is some video footage of what happens.

It wouldn't let me upload it here so it put it on sendspace

https://www.sendspace.com/file/zgmu8w

Also Farbar Scans are attached

 

I will greatly appreciate any help.

Attached Files


Edited by Vivid_, 15 November 2016 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 18 November 2016 - 10:40 AM

Hi Vivid_

Unfortunately you only added the Addition.txt...... you forgot to add the main FRST report.
There should be a copy here: C:\Users\Francis\Downloads

Please post this is your next reply and I'll take a look for you.

BBPP6nz.png


#3 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 18 November 2016 - 11:27 AM

Hi Vivid_

Unfortunately you only added the Addition.txt...... you forgot to add the main FRST report.
There should be a copy here: C:\Users\Francis\Downloads

Please post this is your next reply and I'll take a look for you.

thats what is said to post, but 1 sec ill attach the otehr one

 

https://www.sendspace.com/file/0pc2w8

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Francis (administrator) on GAMING-PC (15-11-2016 20:39:41)
Running from C:\Users\Francis\Downloads
Loaded Profiles: Francis (Available Profiles: Francis & Jim & User)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
() C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\GiliSoft\File Lock Pro\FLClient.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Flux Software LLC) C:\Users\Francis\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41167.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTuner2.exe [4164944 2016-05-20] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5021296 2011-12-06] (VIA)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-10-31] (Razer Inc.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM-x32\...\RunOnce: [CleanUp RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs [1446 2015-11-26] ()
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Francis\AppData\Local\Temp\DeleteOnReboot.bat [378 2016-11-15] () <===== ATTENTION
HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [4774840 2016-05-23] (Greatis Software)
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [7F722D7D3239018ED243BC31747BB9714CACA5E1._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [Gili File Lock Helper] => C:\Program Files (x86)\GiliSoft\File Lock Pro\WinFLockerHelp.exe [36832 2016-04-20] ()
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [f.lux] => C:\Users\Francis\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [7647848 2016-07-24] ()
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\RunOnce: [Uninstall C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\RunOnce: [Uninstall C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1"
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [3063 2016-11-15] ()
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-23] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-23] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-23] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-07] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-23] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-23] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Francis\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-08-14]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-08-14]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-10-21] ()
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0587d0cd-f078-465a-b4c3-3348dca78726}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5cf6da05-60aa-40c4-bebc-af6f3308b552}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{632f66ad-ca13-49b3-862f-7b39afc919d0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6390fa2a-a7b7-4e88-88e1-ad0312e2db5b}: [DhcpNameServer] 192.168.22.22 192.168.22.23
Tcpip\..\Interfaces\{7b19c716-a9e4-4bed-b640-354f3255051e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a03107a3-0a80-4721-b0fe-b6e015a72370}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c6faf22a-1c6b-4044-acfd-277689a47c0f}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP
HKU\S-1-5-21-1516136486-517166466-1782188394-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE13&ocid=UE13DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: FLockObj Class -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin64.dll [2015-08-05] ()
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-14] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-14] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-14] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-14] (LastPass)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-11-12]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.6.0.0_neutral__c1wakc4j0nefm [2016-11-15]
Edge Extension: (NAME) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2016-11-12]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2016-11-12]
Edge Extension: (Mouse Gestures) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.16274.0_neutral__8wekyb3d8bbwe [2016-11-12]

FireFox:
========
FF DefaultProfile: 8nii07n7.default
FF ProfilePath: C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8nii07n7.default [2016-11-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8nii07n7.default -> Google
FF ProfilePath: C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default [2016-11-15]
FF Extension: (Grammarly for Firefox) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-09]
FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-08-17]
FF Extension: (LastPass) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default\Extensions\support@lastpass.com [2016-08-17]
FF Extension: (BugMeNot Plugin) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2016-08-17]
FF Extension: (Adblock Plus) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\8k2dqmjl.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-1516136486-517166466-1782188394-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-03-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-23] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-14] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-14] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-06-14] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-13]
CHR Extension: (YouTube) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Steam Inventory Helper) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-11-03]
CHR Extension: (Google Search) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AD Bypasser) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhanajfllioicipabifcpdhbhoeapaif [2015-11-29]
CHR Extension: (Dark Theme v3) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-09-24]
CHR Extension: (HTTPS Everywhere) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-11-13]
CHR Extension: (LoungeDestroyer) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Avast Online Security) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-11-14]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-11-15]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-11-14]
CHR Extension: (Ketnooi Paid Link Bypasser) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmfmialbcmpnhcdldmonpbmcclhdnaie [2016-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Password Alert) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2016-11-13]
CHR Extension: (AdF.ly Skipper ★WORKING★) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2015-11-29]
CHR Extension: (Enhanced Steam) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-11-13]
CHR Extension: (Gmail) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1516136486-517166466-1782188394-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-10-07] (AVAST Software)
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [87992 2016-05-10] (Greatis Software, LLC)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-03-24] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [798424 2015-03-24] (BlueStack Systems, Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-12] (Windows ® Win 7 DDK provider)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1345880 2015-08-06] (Disc Soft Ltd)
R2 FLService; C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe [110592 2014-01-07] () [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2710648 2016-08-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-08-23] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323632 2016-09-05] (Locktime Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-04] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-11-04] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [47208 2016-07-24] ()
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe [257872 2016-05-20] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-23] (AnchorFree Inc.)
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-10-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-10-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-10-07] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-10-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-10-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-07] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-10-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-10-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-10-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-16] (AVAST Software)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\WINDOWS\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 bdark64; C:\WINDOWS\system32\drivers\bdark64.sys [78792 2015-05-28] ()
S3 BdSandbox; C:\WINDOWS\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.)
R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [61896 2016-08-15] (Baidu, Inc.)
R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [38344 2016-08-15] (Baidu, Inc.)
S0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [83144 2016-08-15] (Baidu, Inc.)
R1 Bnbase; C:\WINDOWS\System32\drivers\bnbasex64.sys [62792 2016-08-15] (Baidu, Inc.)
R1 Bndef; C:\WINDOWS\System32\drivers\bndef64.sys [485672 2016-08-15] (Baidu, Inc.)
R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [262088 2016-08-15] (Baidu, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [144600 2015-03-24] (BlueStack Systems)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [69024 2016-06-21] (Dokan Project)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2016-07-23] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2016-07-23] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77416 2016-10-28] ()
R0 FileLock; C:\WINDOWS\System32\DRIVERS\FileLock.sys [51160 2016-08-15] (Gili Soft Inc.)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [192216 2016-11-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MFE_RR; C:\Users\Francis\AppData\Local\Temp\mfe_rr.sys [24120 2016-11-15] (McAfee, Inc.)
S3 monectdevices; C:\WINDOWS\System32\drivers\monectdevices.sys [15768 2013-12-03] ()
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [140256 2016-09-05] (Locktime Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19032 2013-08-26] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12384 2013-08-26] ()
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 rt70x64; C:\WINDOWS\System32\drivers\netr7064.sys [371200 2007-10-09] (Ralink Technology Corp.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S3 tapstrong; C:\WINDOWS\System32\drivers\tapstrong.sys [34712 2016-03-09] (The OpenVPN Project)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1101024 2016-04-27] (TENCENT)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [467368 2016-10-26] (IDRIX)
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 20:39 - 2016-11-15 20:42 - 00043619 _____ C:\Users\Francis\Downloads\FRST.txt
2016-11-15 20:39 - 2016-11-15 20:39 - 02411520 _____ (Farbar) C:\Users\Francis\Downloads\FRST64.exe
2016-11-15 20:39 - 2016-11-15 20:39 - 00000000 ____D C:\FRST
2016-11-15 20:28 - 2016-11-15 20:28 - 00000000 _____ C:\Users\Francis\Desktop\Tron v9.8.3 (2016-11-10).exe
2016-11-15 20:24 - 2016-11-15 20:28 - 145896746 _____ C:\Users\Francis\Downloads\Tron v9.8.3 (2016-11-10).rar.part
2016-11-15 20:18 - 2016-11-15 20:37 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Maxthon5
2016-11-15 20:18 - 2016-11-15 20:18 - 00003674 _____ C:\WINDOWS\System32\Tasks\Maxthon5 Update
2016-11-15 20:18 - 2016-11-15 20:18 - 00001228 _____ C:\Users\Public\Desktop\MX5.lnk
2016-11-15 20:18 - 2016-11-15 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MX5
2016-11-15 20:18 - 2016-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Maxthon5
2016-11-15 20:04 - 2016-11-15 20:13 - 669712056 _____ C:\Users\Francis\Desktop\Tron v9.8.3 (2016-11-10).exe.part
2016-11-15 19:57 - 2016-11-15 20:02 - 00001624 _____ C:\Users\Francis\Desktop\Rkill.txt
2016-11-15 19:56 - 2016-06-07 12:34 - 00052152 _____ C:\Users\Francis\Desktop\tron.bat
2016-11-15 19:55 - 2016-06-07 12:30 - 00000000 ____D C:\Users\Francis\Desktop\resources
2016-11-15 18:35 - 2016-11-15 18:35 - 11379084 _____ C:\Users\Francis\Desktop\Videos.rar
2016-11-15 18:34 - 2016-11-15 18:35 - 279489896 _____ C:\Users\Francis\Desktop\Pictures.rar
2016-11-15 18:33 - 2016-11-15 18:34 - 754569493 _____ C:\Users\Francis\Desktop\Music.rar
2016-11-15 18:32 - 2016-11-15 18:32 - 159656852 _____ C:\Users\Francis\Desktop\Downloads.rar
2016-11-15 18:31 - 2016-11-15 18:31 - 79168919 _____ C:\Users\Francis\Desktop\Documents.rar
2016-11-15 18:08 - 2016-11-15 18:08 - 00000000 ____D C:\Users\Francis\AppData\Local\CrashRpt
2016-11-15 18:00 - 2016-11-15 18:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-11-15 17:40 - 2016-11-15 18:02 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-15 17:40 - 2016-11-15 17:40 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-11-15 17:40 - 2016-11-15 17:40 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-15 17:37 - 2016-11-15 17:38 - 00126668 _____ C:\TDSSKiller.3.1.0.12_15.11.2016_17.37.13_log.txt
2016-11-15 16:55 - 2016-11-15 16:55 - 02136328 _____ C:\Users\Francis\Documents\cc_20161115_165533.reg
2016-11-15 16:54 - 2016-11-15 17:20 - 00000000 ____D C:\AdwCleaner
2016-11-15 16:39 - 2016-11-15 16:39 - 00007649 _____ C:\Users\Francis\AppData\Local\Resmon.ResmonCfg
2016-11-14 21:10 - 2016-09-17 01:12 - 00044144 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-11-14 21:10 - 2016-09-07 21:27 - 00137840 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2016-11-14 20:55 - 2016-11-14 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-11-13 14:10 - 2016-11-13 14:10 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Menyoo
2016-11-13 14:10 - 2016-11-13 14:10 - 00000000 ____D C:\Menyoo
2016-11-13 14:09 - 2016-11-13 14:09 - 03029536 _____ C:\Users\Francis\Documents\Authority.rar
2016-11-13 14:09 - 2016-11-12 23:54 - 07447906 _____ (Menyoo) C:\Users\Francis\Documents\Authority.exe
2016-11-12 21:10 - 2016-11-12 21:10 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2016-11-12 21:10 - 2016-11-12 21:10 - 00000000 ____D C:\Users\User\AppData\Local\Razer_Inc
2016-11-12 21:04 - 2016-11-12 21:07 - 00000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2016-11-12 17:35 - 2016-11-12 17:35 - 00001464 _____ C:\Users\Francis\Downloads\keypair.ppk
2016-11-12 12:16 - 2016-11-12 12:45 - 00000546 _____ C:\Users\Francis\Documents\Loyalty Card.py
2016-11-12 11:28 - 2016-10-25 20:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-12 11:28 - 2016-10-25 20:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-09 21:28 - 2016-11-09 21:46 - 00001468 _____ C:\Users\Francis\Downloads\VPN.ppk
2016-11-09 21:21 - 2016-11-09 21:22 - 00001698 _____ C:\Users\Francis\Downloads\VPN.pem
2016-11-08 18:47 - 2016-11-12 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reflector 2
2016-11-08 18:47 - 2016-11-08 18:47 - 00000000 ____D C:\Program Files\Reflector 2
2016-11-08 18:38 - 2016-11-12 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2016-11-08 18:38 - 2016-11-08 18:38 - 00000000 ____D C:\Program Files\TAP-Windows
2016-11-08 18:38 - 2016-11-08 18:38 - 00000000 ____D C:\Program Files (x86)\Windscribe
2016-11-08 18:28 - 2016-11-08 18:28 - 00000000 ____D C:\Users\Francis\AppData\Local\Windscribe
2016-11-07 17:03 - 2016-11-07 17:03 - 10841720 _____ (TeamViewer GmbH) C:\Users\Francis\Downloads\TeamViewer_Setup_en.exe
2016-11-06 12:11 - 2016-11-06 12:15 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2016-11-06 11:21 - 2016-11-06 11:38 - 00004536 _____ C:\pw-debug.txt
2016-11-06 11:18 - 2013-08-26 10:52 - 03050176 _____ C:\WINDOWS\system32\pwNative.exe
2016-11-06 11:18 - 2013-08-26 10:52 - 00019032 ____N C:\WINDOWS\system32\pwdrvio.sys
2016-11-06 11:18 - 2013-08-26 10:52 - 00012384 ____N C:\WINDOWS\system32\pwdspio.sys
2016-11-02 16:47 - 2016-11-02 16:47 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Locktime
2016-11-01 19:38 - 2016-11-12 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2016-11-01 19:38 - 2016-11-01 19:38 - 00001269 _____ C:\Users\Public\Desktop\NetLimiter 4 (x64).lnk
2016-11-01 19:38 - 2016-11-01 19:38 - 00000000 ____D C:\ProgramData\Locktime
2016-11-01 19:38 - 2016-11-01 19:38 - 00000000 ____D C:\Program Files\Locktime Software
2016-11-01 19:37 - 2016-11-01 19:37 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Locktime Software
2016-11-01 17:45 - 2016-11-01 17:45 - 00003330 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-10-30 11:12 - 2016-10-30 11:12 - 00002108 _____ C:\Users\Public\Desktop\Action!.lnk
2016-10-29 15:11 - 2016-10-25 20:00 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-29 15:05 - 2016-10-25 21:40 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 28202040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 10782952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 10332664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 09120512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 08723968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 02940352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 02574784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437570.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437570.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-10-29 15:05 - 2016-10-25 21:40 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-10-26 19:21 - 2016-11-12 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2016-10-26 19:21 - 2016-10-26 19:21 - 00467368 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2016-10-26 19:21 - 2016-10-26 19:21 - 00000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2016-10-26 19:21 - 2016-10-26 19:21 - 00000000 ____D C:\Users\Francis\AppData\Roaming\VeraCrypt
2016-10-26 19:20 - 2016-10-26 19:21 - 00000000 ____D C:\Program Files\VeraCrypt
2016-10-26 15:37 - 2016-10-26 15:37 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-10-26 15:37 - 2016-10-26 15:37 - 00000000 ____D C:\Users\Francis\AppData\Local\FluxSoftware
2016-10-25 17:18 - 2016-10-25 17:33 - 00000000 ____D C:\Users\Francis\Documents\The Force
2016-10-25 11:31 - 2016-10-22 07:25 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437563.dll
2016-10-25 11:31 - 2016-10-22 07:25 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437563.dll
2016-10-25 10:39 - 2016-10-25 10:39 - 00018768 _____ C:\Users\Francis\Downloads\UltimateAutoPresser.jar
2016-10-24 13:36 - 2013-05-19 01:02 - 00039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2016-10-24 13:35 - 2016-11-11 17:45 - 00000000 ____D C:\Users\Francis\Downloads\DS4Windows
2016-10-24 12:29 - 2016-10-24 12:29 - 00000055 _____ C:\Users\Francis\AppData\Roaming\MouseServer.ini
2016-10-24 11:57 - 2016-10-24 11:58 - 00000000 ____D C:\Users\Francis\Downloads\Intro
2016-10-24 11:48 - 2016-10-24 11:48 - 00007530 _____ C:\Users\Francis\Documents\Full Refund guide!!-txt.axx
2016-10-24 11:46 - 2016-10-24 11:46 - 00000000 ____D C:\Users\Francis\Documents\My AxCrypt
2016-10-24 11:44 - 2016-10-24 11:55 - 00000000 ____D C:\Users\Francis\AppData\Local\AxCrypt
2016-10-24 11:44 - 2016-10-24 11:44 - 06244056 _____ (AxCrypt AB) C:\Users\Francis\Desktop\AxCrypt.exe
2016-10-24 11:16 - 2016-10-19 22:43 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-10-24 11:16 - 2016-10-18 21:27 - 01951680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437557.dll
2016-10-24 11:16 - 2016-10-18 21:27 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437557.dll
2016-10-24 11:16 - 2016-10-18 21:27 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-10-24 11:16 - 2016-10-18 21:27 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-10-24 11:02 - 2016-11-12 11:30 - 00003926 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:02 - 2016-11-12 11:30 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-24 11:02 - 2016-10-25 20:21 - 01854008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-10-24 11:02 - 2016-10-25 20:21 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-10-24 11:02 - 2016-10-25 20:21 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-10-24 11:02 - 2016-10-25 20:21 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-10-24 11:02 - 2016-10-25 20:21 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-10-24 11:01 - 2016-11-12 11:29 - 00003990 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:01 - 2016-11-12 11:29 - 00003962 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:01 - 2016-11-12 11:29 - 00003900 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:01 - 2016-11-12 11:29 - 00003738 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:01 - 2016-11-12 11:29 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-24 11:01 - 2016-10-25 19:12 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-10-23 14:50 - 2016-11-12 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-10-21 20:38 - 2016-10-28 20:03 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Adobe
2016-10-21 20:38 - 2016-10-21 20:38 - 00000000 ____D C:\Users\Francis\AppData\Local\Adobe
2016-10-21 20:38 - 2016-10-21 20:38 - 00000000 ____D C:\ProgramData\Adobe
2016-10-20 20:18 - 2016-10-20 20:19 - 00000000 ____D C:\Users\Francis\Downloads\rufus_files
2016-10-20 19:58 - 2016-10-20 20:17 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Francis\Downloads\rufus-2.11.exe
2016-10-19 17:36 - 2016-10-19 17:36 - 00000000 ____D C:\ProgramData\Adobe-BackupByPhotoshopCS6Portable
2016-10-16 16:48 - 2016-10-16 16:48 - 09454004 _____ C:\Users\Francis\Downloads\ThreadTemplate.psd
2016-10-16 12:53 - 2016-10-16 12:53 - 00001886 _____ C:\Users\Francis\Desktop\Grand Theft Auto V.lnk
2016-10-16 11:06 - 2016-10-16 11:24 - 00290816 _____ C:\Users\Francis\Documents\Nobles Gases.pub

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 20:35 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-15 20:30 - 2016-08-15 19:47 - 00018462 _____ C:\WINDOWS\FileLock.bin
2016-11-15 19:58 - 2016-09-13 17:34 - 00000000 ____D C:\Program Files (x86)\Firefox Developer Edition
2016-11-15 19:57 - 2016-09-25 18:01 - 00000000 ____D C:\Users\Francis\Desktop\New folder
2016-11-15 19:48 - 2016-08-17 16:39 - 00000000 ____D C:\Users\Francis\AppData\LocalLow\Mozilla
2016-11-15 19:48 - 2015-03-22 14:36 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-15 19:46 - 2016-09-22 17:00 - 00860160 _____ C:\Users\Public\Documents\bootracer.his
2016-11-15 19:46 - 2016-07-01 20:59 - 00000694 _____ C:\Users\Public\Documents\bootracer.ini
2016-11-15 19:46 - 2016-07-01 20:59 - 00000000 ____D C:\ProgramData\BootRacer
2016-11-15 19:46 - 2015-01-19 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-15 19:45 - 2016-09-22 16:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-15 19:44 - 2016-09-22 17:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-15 19:44 - 2016-07-02 12:56 - 00000000 ____D C:\ProgramData\VMware
2016-11-15 19:44 - 2016-07-01 20:59 - 00000000 ____D C:\Program Files (x86)\BootRacer
2016-11-15 19:42 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-11-15 19:41 - 2016-07-16 06:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2016-11-15 19:40 - 2016-09-04 11:15 - 00000000 ____D C:\ProgramData\Auslogics
2016-11-15 19:16 - 2016-09-22 16:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-15 18:14 - 2015-08-06 20:40 - 00000000 ____D C:\Users\Francis\AppData\Local\Packages
2016-11-15 18:09 - 2016-08-14 14:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-15 18:04 - 2016-08-14 15:57 - 00000000 ____D C:\Users\Francis\AppData\LocalLow\LastPass
2016-11-15 18:03 - 2014-08-20 17:29 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 17:57 - 2016-09-15 15:49 - 00000000 ____D C:\Users\Francis\Downloads\SChool
2016-11-15 17:28 - 2016-09-22 16:21 - 01295682 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-15 17:06 - 2015-08-06 19:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-15 17:03 - 2014-11-05 20:11 - 00000000 ____D C:\Users\Francis\AppData\Local\CrashDumps
2016-11-15 16:54 - 2015-07-20 15:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-15 16:53 - 2014-08-21 15:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-15 16:53 - 2014-06-12 11:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-15 16:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-15 16:02 - 2016-09-25 10:27 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-15 16:02 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-14 22:35 - 2016-09-22 16:23 - 00000000 ____D C:\Users\Francis
2016-11-14 21:11 - 2016-08-21 17:34 - 00000000 ____D C:\Users\Francis\AppData\Local\Nox
2016-11-14 21:11 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-14 21:11 - 2015-08-05 13:20 - 00000000 ____D C:\ProgramData\Razer
2016-11-14 21:10 - 2015-08-05 13:20 - 00000000 ____D C:\Program Files (x86)\Razer
2016-11-14 21:04 - 2014-10-29 16:17 - 00000000 ____D C:\Users\Francis\.android
2016-11-14 21:03 - 2016-08-21 17:40 - 00000000 ____D C:\Users\Francis\vmlogs
2016-11-14 21:03 - 2016-08-21 17:40 - 00000000 ____D C:\Users\Francis\.BigNox
2016-11-14 20:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-14 20:55 - 2015-08-05 13:23 - 00000000 ____D C:\Users\Francis\AppData\Local\Razer
2016-11-14 17:06 - 2014-08-20 20:23 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Skype
2016-11-13 14:10 - 2016-10-08 18:07 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Authority
2016-11-12 22:06 - 2016-09-25 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-12 22:06 - 2016-08-22 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Predator
2016-11-12 22:06 - 2016-08-14 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-11-12 22:06 - 2016-08-14 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-11-12 22:06 - 2016-07-23 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-11-12 22:06 - 2016-07-10 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-12 22:06 - 2015-03-25 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire AE
2016-11-12 22:06 - 2014-06-12 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2016-11-12 22:04 - 2016-09-22 16:23 - 00000000 ____D C:\Users\Jim
2016-11-12 22:03 - 2016-10-07 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-12 22:03 - 2016-10-07 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-11-12 22:03 - 2016-10-01 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Car DV Player
2016-11-12 22:03 - 2016-09-18 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2016-11-12 22:03 - 2016-09-13 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-11-12 22:03 - 2016-09-11 16:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-11-12 22:03 - 2016-09-04 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-11-12 22:03 - 2016-09-04 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-11-12 22:03 - 2016-09-03 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-11-12 22:03 - 2016-09-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-12 22:03 - 2016-08-25 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-11-12 22:03 - 2016-08-18 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2016-11-12 22:03 - 2016-08-18 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-11-12 22:03 - 2016-08-15 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-12 22:03 - 2016-08-15 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GiliSoft
2016-11-12 22:03 - 2016-08-07 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-12 22:03 - 2016-08-04 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2016-11-12 22:03 - 2016-08-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2016-11-12 22:03 - 2016-07-31 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-11-12 22:03 - 2016-07-31 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-11-12 22:03 - 2016-07-30 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-11-12 22:03 - 2016-07-23 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-12 22:03 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-12 22:03 - 2016-06-29 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-12 22:03 - 2016-05-02 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
2016-11-12 22:03 - 2016-05-01 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-11-12 22:03 - 2016-03-18 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-11-12 22:03 - 2016-02-17 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-12 22:03 - 2016-02-02 15:37 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-11-12 22:03 - 2015-12-15 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-12 22:03 - 2015-12-06 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2016-11-12 22:03 - 2015-11-16 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2016-11-12 22:03 - 2015-08-06 20:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-12 22:03 - 2015-07-28 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-12 22:03 - 2015-03-30 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-11-12 22:03 - 2015-03-29 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-11-12 22:03 - 2015-03-24 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2016-11-12 22:03 - 2015-03-22 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-12 22:03 - 2015-03-22 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-12 22:03 - 2014-10-29 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-11-12 22:03 - 2014-10-28 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2016-11-12 22:03 - 2014-09-21 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-11-12 22:03 - 2014-09-07 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-11-12 22:03 - 2014-08-21 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-12 22:03 - 2014-08-21 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-11-12 22:03 - 2014-06-12 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-11-12 22:03 - 2014-06-12 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2016-11-12 22:03 - 2014-06-12 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-12 22:03 - 2014-02-24 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-11-12 22:03 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-12 21:30 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-12 21:29 - 2016-09-20 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development
2016-11-12 21:29 - 2015-02-01 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TML-Studios
2016-11-12 21:29 - 2014-06-12 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2016-11-12 21:11 - 2016-02-02 15:42 - 00000000 ___RD C:\Users\User\OneDrive
2016-11-12 21:05 - 2016-02-17 12:36 - 00000000 ____D C:\Users\User\AppData\Local\Nvidia Corporation
2016-11-12 21:04 - 2016-02-02 15:51 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-11-12 19:20 - 2016-09-24 14:22 - 00000000 ____D C:\Users\Francis\Desktop\Theme
2016-11-12 19:13 - 2016-09-26 15:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-12 19:12 - 2016-08-06 10:43 - 00407761 ____N C:\WINDOWS\Minidump\111216-42343-01.dmp
2016-11-12 19:07 - 2015-03-07 15:15 - 00000000 ____D C:\bsa
2016-11-12 19:06 - 2016-07-10 14:25 - 00000000 ____D C:\Users\Francis\AppData\Roaming\vlc
2016-11-12 17:36 - 2016-08-18 10:20 - 00000600 _____ C:\Users\Francis\AppData\Local\PUTTY.RND
2016-11-12 12:43 - 2016-10-14 17:01 - 00000000 ____D C:\Users\Francis\Documents\YEAR 10
2016-11-12 11:39 - 2015-03-26 21:04 - 00000000 ____D C:\Users\Francis\AppData\Local\Microsoft Help
2016-11-12 11:30 - 2016-09-22 16:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-12 11:29 - 2016-09-22 16:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-12 11:29 - 2016-09-22 16:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-12 11:22 - 2016-08-06 10:43 - 00405273 ____N C:\WINDOWS\Minidump\111216-37781-01.dmp
2016-11-11 15:53 - 2016-08-17 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-11 15:52 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Web
2016-11-11 15:34 - 2016-10-07 09:30 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-11-10 17:50 - 2014-08-20 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 17:37 - 2014-08-20 19:01 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 17:47 - 2016-09-25 10:10 - 00000481 _____ C:\Users\Francis\Downloads\lpsesame.bin
2016-11-07 17:03 - 2014-12-23 15:02 - 00000000 ____D C:\Users\Francis\AppData\Roaming\TeamViewer
2016-11-06 13:08 - 2016-07-03 13:37 - 00000000 ____D C:\Users\Francis\AppData\Local\Reflector 2
2016-11-06 12:11 - 2016-07-25 14:35 - 00000000 ____D C:\ProgramData\Screaming Bee
2016-11-06 12:11 - 2014-10-28 15:05 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Screaming Bee
2016-11-05 20:29 - 2016-07-02 12:59 - 00000000 ____D C:\Users\Francis\AppData\Roaming\VMware
2016-11-05 20:29 - 2016-07-02 12:59 - 00000000 ____D C:\Users\Francis\AppData\Local\VMware
2016-11-04 20:43 - 2016-08-06 10:43 - 00401681 ____N C:\WINDOWS\Minidump\110416-41781-01.dmp
2016-11-04 19:20 - 2016-09-13 15:59 - 00000000 ____D C:\Users\Francis\Documents\Python
2016-11-03 19:15 - 2009-07-14 02:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-11-03 19:03 - 2016-10-08 16:28 - 00000945 _____ C:\Users\Francis\Documents\Steam KEYS nEW.txt
2016-11-01 21:35 - 2016-08-06 10:43 - 00485205 ____N C:\WINDOWS\Minidump\110116-59843-01.dmp
2016-11-01 19:00 - 2014-08-22 13:02 - 00000000 ____D C:\Users\Francis\AppData\Local\ElevatedDiagnostics
2016-11-01 17:51 - 2016-08-07 16:01 - 00000000 ____D C:\Users\Francis\AppData\Roaming\obs-studio
2016-11-01 17:45 - 2015-08-06 21:01 - 00002402 _____ C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-01 17:45 - 2014-11-28 17:09 - 00000000 ___RD C:\Users\Francis\OneDrive
2016-10-30 15:48 - 2014-08-20 17:29 - 00000000 ____D C:\Users\Francis\AppData\Local\Google
2016-10-30 11:12 - 2016-08-18 12:46 - 00000000 ____D C:\Program Files (x86)\Mirillis
2016-10-29 18:09 - 2016-08-06 10:43 - 00408793 ____N C:\WINDOWS\Minidump\102916-40953-01.dmp
2016-10-29 15:11 - 2015-07-19 15:08 - 00000000 ____D C:\Temp
2016-10-29 15:10 - 2016-05-01 11:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-28 20:08 - 2016-07-31 14:29 - 00000132 _____ C:\Users\Francis\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-28 20:03 - 2016-10-06 20:10 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-28 13:44 - 2016-08-06 10:43 - 00403865 ____N C:\WINDOWS\Minidump\102816-49187-01.dmp
2016-10-28 13:01 - 2016-08-06 10:43 - 00412761 ____N C:\WINDOWS\Minidump\102816-46531-01.dmp
2016-10-27 14:25 - 2016-09-18 12:12 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-10-27 14:21 - 2016-08-06 10:43 - 00414041 ____N C:\WINDOWS\Minidump\102716-38890-01.dmp
2016-10-27 14:21 - 2014-06-12 11:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-27 14:16 - 2016-08-04 19:12 - 00000000 ____D C:\Users\Francis\AppData\Roaming\qBittorrent
2016-10-27 11:04 - 2016-07-02 13:00 - 00000000 ____D C:\Users\Francis\Documents\Virtual Machines
2016-10-27 09:06 - 2016-08-17 18:50 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Gili File Lock
2016-10-26 20:28 - 2016-08-18 14:29 - 00000000 ____D C:\Users\Francis\Desktop\Shredded
2016-10-26 19:22 - 2014-06-12 11:07 - 00000000 ____D C:\AWD Testing Tools
2016-10-25 21:40 - 2016-09-12 20:19 - 03927288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-10-25 21:40 - 2016-09-12 20:19 - 03468736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-10-25 21:40 - 2016-09-12 20:19 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-10-25 20:21 - 2016-07-01 20:48 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-10-25 20:17 - 2016-09-22 16:17 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-10-25 20:17 - 2016-09-22 16:17 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-10-24 23:30 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 23:30 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 11:46 - 2016-07-21 12:42 - 00000000 ___RD C:\Users\Francis\Dropbox
2016-10-24 11:25 - 2015-09-06 18:18 - 00000000 ____D C:\Users\Francis\AppData\Local\NVIDIA Corporation
2016-10-24 11:23 - 2016-09-25 10:36 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Macromedia
2016-10-24 11:06 - 2016-02-28 16:47 - 00000000 ____D C:\Users\Francis\AppData\Local\NVIDIA
2016-10-24 06:31 - 2016-09-22 16:17 - 07507695 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-10-23 19:37 - 2016-09-22 17:27 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-10-23 19:37 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-23 19:37 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-23 19:37 - 2016-01-24 21:48 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-23 19:36 - 2014-10-16 20:15 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-23 18:52 - 2016-08-06 10:43 - 00118866 ____N C:\WINDOWS\Minidump\102316-51218-01.dmp
2016-10-23 15:42 - 2016-09-25 18:17 - 05134304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-23 15:37 - 2016-08-06 10:43 - 00404193 ____N C:\WINDOWS\Minidump\102316-74984-01.dmp
2016-10-23 14:50 - 2016-08-01 21:14 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-10-21 14:57 - 2014-08-20 20:23 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 20:31 - 2015-07-20 13:48 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-10-20 17:49 - 2016-09-13 16:42 - 00000000 ____D C:\Users\Francis\Documents\Python Projects
2016-10-19 22:43 - 2016-08-26 23:30 - 01595456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-10-19 22:43 - 2016-08-26 23:30 - 00212936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-10-17 16:21 - 2015-10-29 16:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-16 15:34 - 2016-08-06 10:43 - 00401753 _____ C:\DUMPf32a.tmp
2016-10-16 14:24 - 2016-10-07 09:29 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-10-16 14:15 - 2016-08-06 10:43 - 00405985 ____N C:\WINDOWS\Minidump\101616-38937-01.dmp

==================== Files in the root of some directories =======

2015-12-20 14:34 - 2016-08-14 15:58 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-09-13 13:36 - 2015-09-13 13:36 - 0000132 _____ () C:\Users\Francis\AppData\Roaming\Adobe PNG Format CC Prefs
2016-07-31 14:29 - 2016-10-28 20:08 - 0000132 _____ () C:\Users\Francis\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-07-17 14:22 - 2016-07-27 20:25 - 0001812 _____ () C:\Users\Francis\AppData\Roaming\LITHIUM_PUBLIC.ini
2016-10-24 12:29 - 2016-10-24 12:29 - 0000055 _____ () C:\Users\Francis\AppData\Roaming\MouseServer.ini
2014-10-28 14:22 - 2014-10-28 14:22 - 0001181 _____ () C:\Users\Francis\AppData\Roaming\trace_FilterInstaller.1.txt
2014-10-28 14:22 - 2014-10-28 15:04 - 0000919 _____ () C:\Users\Francis\AppData\Roaming\trace_FilterInstaller.txt
2014-10-28 14:22 - 2014-10-28 15:03 - 0000000 _____ () C:\Users\Francis\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-11-04 15:43 - 2016-07-31 14:31 - 0001456 _____ () C:\Users\Francis\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-10 16:13 - 2016-10-10 16:14 - 0000021 _____ () C:\Users\Francis\AppData\Local\Autosofted License.txt
2016-01-16 16:07 - 2016-01-16 16:14 - 0000042 _____ () C:\Users\Francis\AppData\Local\D72F1806
2015-07-19 15:29 - 2015-11-14 17:29 - 0008192 _____ () C:\Users\Francis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-15 16:01 - 2015-09-06 18:06 - 2128896 _____ () C:\Users\Francis\AppData\Local\file__0.localstorage
2016-08-18 10:20 - 2016-11-12 17:36 - 0000600 _____ () C:\Users\Francis\AppData\Local\PUTTY.RND
2016-11-15 16:39 - 2016-11-15 16:39 - 0007649 _____ () C:\Users\Francis\AppData\Local\Resmon.ResmonCfg
2014-11-29 15:12 - 2014-11-29 15:12 - 0000003 _____ () C:\Users\Francis\AppData\Local\updater.log
2014-11-29 15:12 - 2016-08-18 09:58 - 0000424 _____ () C:\Users\Francis\AppData\Local\UserProducts.xml
2016-01-16 16:16 - 2016-08-14 13:10 - 0001122 _____ () C:\Users\Francis\AppData\Local\XgOz2
2015-03-17 16:19 - 2016-01-04 15:15 - 0000907 _____ () C:\Users\Francis\AppData\Local\_settings.ini
2014-12-29 19:03 - 2015-12-26 15:28 - 0000521 _____ () C:\ProgramData\csgobm.project
2014-12-29 19:03 - 2015-12-26 15:28 - 0000124 _____ () C:\ProgramData\csgobm2.project
2014-12-29 19:02 - 2015-12-26 15:21 - 0000097 _____ () C:\ProgramData\csgobmsettings.ini
2016-08-08 15:39 - 2016-08-08 15:39 - 0000127 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-10-12 11:17 - 2014-10-14 15:24 - 0000104 _____ () C:\ProgramData\SWAPPINFO.ini

Files to move or delete:
====================
C:\Users\Francis\AppData\Local\Temp\DeleteOnReboot.bat


Some files in TEMP:
====================
C:\Users\Francis\AppData\Local\Temp\libeay32.dll
C:\Users\Francis\AppData\Local\Temp\msvcr120.dll
C:\Users\Francis\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-10 17:29

==================== End of FRST.txt ============================


Edited by Starbuck, 18 November 2016 - 11:58 AM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 18 November 2016 - 12:14 PM

Hi Vivid_

Thanks for that.
I've added the FRST report to your last post..... it's easier to read this way.
Give me some time to go through the reports properly and I'll get back to you asap.

Just one question.... Have you recently run System Restore?

BBPP6nz.png


#5 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 18 November 2016 - 12:33 PM

Hi Vivid_

Thanks for that.
I've added the FRST report to your last post..... it's easier to read this way.
Give me some time to go through the reports properly and I'll get back to you asap.

Just one question.... Have you recently run System Restore?

Yes. Because i tried to install a theme however it broke my account



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 18 November 2016 - 05:00 PM

Hi Vivid_

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


MsConfig Overuse
Many people frequently use MSconfig as a long term solution to control startup processes and services.
You will also see many websites condoning use of MSconfig and teaching you how to use it for controlling startups.
This is a very bad idea for many reasons.
  • MSconfig was designed to be used only as a temporary debugging/troubleshooting tool.
    It was not meant to be used for long term solutions.
  • MSconfig does not show all startups anyway.
  • If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed.
    MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig .
    When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries.
  • When you uncheck a service in msconfig, you completely disable it.
    If you uncheck the wrong one, you may not be able to restart your computer.
  • You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware
Step 1
QuickTime

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.

Ashampoo WinOptimizer
We do not recommend the use of 'Optimizers' or 'Registry Cleaners' they have been know to cause more problems than they cure.
I recommend you uninstall this program


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Francis\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
In your next reply, please submit:
Fixlog.txt
RogueKiller report


Thanks.

Attached Files


BBPP6nz.png


#7 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 20 November 2016 - 08:59 AM

Hi Vivid_

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


MsConfig Overuse
Many people frequently use MSconfig as a long term solution to control startup processes and services.
You will also see many websites condoning use of MSconfig and teaching you how to use it for controlling startups.
This is a very bad idea for many reasons.

  • MSconfig was designed to be used only as a temporary debugging/troubleshooting tool.
    It was not meant to be used for long term solutions.
  • MSconfig does not show all startups anyway.
  • If you uninstall programs while they are being disabled with MSconfig, they will not be uninstall properly and you will have to resort to manual registry editing to properly get everything removed.
    MSconfig will leave orphan entries if/when installed software is uninstalled while under the control of MSconfig .
    When/if MSconfig is turned back to normal startup, it will give errors on boot due to those orphan entries.
  • When you uncheck a service in msconfig, you completely disable it.
    If you uncheck the wrong one, you may not be able to restart your computer.
  • You can lock malware items into your registry that you may not see anymore until some point in time where you switch back to Normal Startup mode and now you can cause total reinfection of your PC with the malware
Step 1
QuickTime

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.

Ashampoo WinOptimizer
We do not recommend the use of 'Optimizers' or 'Registry Cleaners' they have been know to cause more problems than they cure.
I recommend you uninstall this program


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Francis\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
In your next reply, please submit:
Fixlog.txt
RogueKiller report


Thanks.

 

So what should i do with msconfig then?

Below i have attached the logs of farbar and roguekiller

Attached Files


Edited by Vivid_, 20 November 2016 - 09:00 AM.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 20 November 2016 - 03:18 PM

Hi Vivid_

So what should i do with msconfig then?

Just be aware that if you stop a program using MsConfig and then later remove it... it may not uninstall completely.
I added some leftover entries for 'Baidu Antivirus' to the fix as this program hadn't uninstalled correctly.
This may well have been due to the Baidu entries in the MsConfig section.
Most programs will have a setting in the main Settings somewhere that will stop the program from starting when Windows starts.... this is a better way to deal with the problem.

The fix report looks good and RK cleaned up a few other entries for us.

How is the system running now?
Any problems still?

BBPP6nz.png


#9 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 20 November 2016 - 04:04 PM

Hi Vivid_
 

So what should i do with msconfig then?

Just be aware that if you stop a program using MsConfig and then later remove it... it may not uninstall completely.
I added some leftover entries for 'Baidu Antivirus' to the fix as this program hadn't uninstalled correctly.
This may well have been due to the Baidu entries in the MsConfig section.
Most programs will have a setting in the main Settings somewhere that will stop the program from starting when Windows starts.... this is a better way to deal with the problem.

The fix report looks good and RK cleaned up a few other entries for us.

How is the system running now?
Any problems still?

 

Internet explorer still opens by itself.



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 20 November 2016 - 04:39 PM

Internet explorer still opens by itself.


Ok, let's reset IE and see if that makes any difference:

Reset IE back to the defaults.
  • Close any open Windows.
  • Open Internet Explorer
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.
if that doesn't cure the problem:
Let's try a Clean Boot.

To run a Clean Boot:
  • Press the Windows key + R at the same time and then type Msconfig in the run window, click on OK or hit enter.
  • Choose Selective Start-up
  • Remove the check from Load Startup Items
  • Click on the Services tab
  • Check “Hide all Microsoft Services” and then click on Disable All... <<<<<<<<<<< Important
    By performing these two steps, you have effectively turned off all services from third-party software developers.
    All Microsoft services remain intact and will be ready to load when you reboot Windows
    .
  • Click on Apply and then on OK.
A message will appear that you need to restart your system, do this, you will notice that in many cases Windows will boot a lot faster.
This is normal since many services that used to run before now, no longer run.

How to Disable Clean Boot?

It’s the same as how to clean boot, only then you check the boxes, and click on Enable All on step 5.

Note:
Just be sure to hide all Microsoft services before you use the Disable All button.
Otherwise, you may encounter boot up errors when you reboot your PC
.

Remember, running Windows like this is just temporary.
We're trying to determine if the problem is being caused by a third party program.

Let me know how these steps go.

Thanks

Edited by Starbuck, 20 November 2016 - 04:40 PM.

BBPP6nz.png


#11 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 21 November 2016 - 12:52 PM

 

Internet explorer still opens by itself.


Ok, let's reset IE and see if that makes any difference:

Reset IE back to the defaults.
  • Close any open Windows.
  • Open Internet Explorer
  • Click the Tools button, and then click Internet Options.
  • Click the Advanced tab, and then click Reset.
  • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
  • In the Reset Internet Explorer Settings dialog box, click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK.
  • Close Internet Explorer.
  • Your changes will take effect the next time you open Internet Explorer.
if that doesn't cure the problem:
Let's try a Clean Boot.

To run a Clean Boot:
  • Press the Windows key + R at the same time and then type Msconfig in the run window, click on OK or hit enter.
  • Choose Selective Start-up
  • Remove the check from Load Startup Items
  • Click on the Services tab
  • Check “Hide all Microsoft Services” and then click on Disable All... <<<<<<<<<<< Important
    By performing these two steps, you have effectively turned off all services from third-party software developers.
    All Microsoft services remain intact and will be ready to load when you reboot Windows
    .
  • Click on Apply and then on OK.
A message will appear that you need to restart your system, do this, you will notice that in many cases Windows will boot a lot faster.
This is normal since many services that used to run before now, no longer run.

How to Disable Clean Boot?

It’s the same as how to clean boot, only then you check the boxes, and click on Enable All on step 5.

Note:
Just be sure to hide all Microsoft services before you use the Disable All button.
Otherwise, you may encounter boot up errors when you reboot your PC
.

Remember, running Windows like this is just temporary.
We're trying to determine if the problem is being caused by a third party program.

Let me know how these steps go.

Thanks

 

Resetting ie didn't do anything, I have noticed a few things

1. in my run box, i have this "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"

I did not put this in, nor have i ever entered that.

2. In autoruns, in the image hijacks i got this: http://prntscr.com/da2c4g

I only recently installed Maxthon, since i uninstalled chrome. 

I haven't tried the msconfig yet. 

Also been getting these: http://prntscr.com/da2zee


Edited by Vivid_, 21 November 2016 - 01:40 PM.


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 21 November 2016 - 03:34 PM

in my run box, i have this "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"

I did not put this in, nor have i ever entered that.

This isn't something that you would have entered yourself.
Where you trying to drag an HTML file from Explorer and drop it on a printer shortcut?
mshtml.dll is used by Internet Explorer.
rundll32 is a generic host process used to run dll's as a regular executable.

In autoruns, in the image hijacks i got this: http://prntscr.com/da2c4g
I only recently installed Maxthon, since i uninstalled chrome.

The Maxathon path is legit..... I see nothing wrong there.

Also been getting these: http://prntscr.com/da2zee

The rundll error means that a program failed to run.
To find out what program failed to start, we'd have to look at that later.

I haven't tried the msconfig yet.

Ok, let me know how the Clean Boot goes.

BBPP6nz.png


#13 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 21 November 2016 - 04:04 PM

 

in my run box, i have this "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"

I did not put this in, nor have i ever entered that.

This isn't something that you would have entered yourself.
Where you trying to drag an HTML file from Explorer and drop it on a printer shortcut?
mshtml.dll is used by Internet Explorer.
rundll32 is a generic host process used to run dll's as a regular executable.

In autoruns, in the image hijacks i got this: http://prntscr.com/da2c4g
I only recently installed Maxthon, since i uninstalled chrome.

The Maxathon path is legit..... I see nothing wrong there.

Also been getting these: http://prntscr.com/da2zee

The rundll error means that a program failed to run.
To find out what program failed to start, we'd have to look at that later.

I haven't tried the msconfig yet.

Ok, let me know how the Clean Boot goes.

 

"This isn't something that you would have entered yourself.

Where you trying to drag an HTML file from Explorer and drop it on a printer shortcut?
mshtml.dll is used by Internet Explorer.
rundll32 is a generic host process used to run dll's as a regular executable."

 

No, i have been doing that, i don't even use internet explorer.



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:20 AM

Posted 21 November 2016 - 06:07 PM

No, i have been doing that, i don't even use internet explorer.

Ok.
Let's get the Clean Boot step done and see if this makes any difference to IE opening.
Also... as far as the 'rundll32.exe - Application Error' goes, what was the program you was trying to open?

BBPP6nz.png


#15 Vivid_

Vivid_
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 24 November 2016 - 12:46 PM

 

No, i have been doing that, i don't even use internet explorer.

Ok.
Let's get the Clean Boot step done and see if this makes any difference to IE opening.
Also... as far as the 'rundll32.exe - Application Error' goes, what was the program you was trying to open?

 

So far with clean boot, ie has not opened yet, will let u know if it does.

I was just playing csgo and it kicks me out the guy and the error popup appears.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users