Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack: kb-ribaki, zodiac-game.info issue


  • This topic is locked This topic is locked
13 replies to this topic

#1 Celice

Celice

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 December 2016 - 03:14 PM

Hello,
 
Me and my boyfriend have gotten this pop up and browser issue within the past week. I have searched google but found no solution that helped us. Registry entry for starting up the website can be deleted but restores itself on restarting computer. I saw several threads on this forum for fixing this issue but I could not understand a solution. I have FRST and its addition scan logs for my computer but not for the second computer. It affects Firefox on my computer and Chrome on the second computer.
 
Thank you for your time.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Celice (administrator) on CELICE-PC (23-12-2016 11:58:53)
Running from C:\Users\Celice\Desktop
Loaded Profiles: Celice & test (Available Profiles: Celice & test & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\UAService7.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(Flux Software LLC) C:\Users\Celice\AppData\Local\FluxSoftware\Flux\flux.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Skynergy) C:\Program Files (x86)\Skynergy\HotKeyz\HotKeyz.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
() C:\Users\Celice\Desktop\D3DOverrider\D3DOverrider.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nenad Hrg SoftwareOK) E:\Users\Celice\Desktop\DesktopOK\DesktopOK.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HotKeyz.exe Startup] => C:\Program Files (x86)\Skynergy\HotKeyz\HotKeyz.exe [2719232 2010-06-10] (Skynergy)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [D3DOverrider] => C:\Users\Celice\Desktop\D3DOverrider\D3DOverriderWrapper.exe [40960 2009-08-22] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [12348112 2016-11-07] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Discord] => C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\MountPoints2: {e7eee0cb-13ac-11e4-a551-bc5ff45a2384} - "F:\LaunchU3.exe" -a
IFEO\taskmgr.exe: [Debugger] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey - Shortcut.lnk [2014-02-17]
ShortcutTarget: AutoHotkey - Shortcut.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.exe ()
Startup: C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flux - Shortcut.lnk [2014-02-17]
ShortcutTarget: flux - Shortcut.lnk -> C:\Users\Celice\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6aacefee-8ffa-4c0c-b09e-8bdd3527f92f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9dbc9784-11f8-4439-9cc8-b7cb05ec3e2a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9dbc9784-11f8-4439-9cc8-b7cb05ec3e2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{caef0b7e-5de9-40bf-b0c2-64c1ff1a2847}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DE009A67-F9C5-4C9F-B65A-F8B509D44CBC}: [DhcpNameServer] 172.18.11.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: eh1jmc0o.default-1386886677414
FF ProfilePath: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 [2016-12-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\adbhelper@mozilla.org [2016-11-03]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\artur.dubovoy@gmail.com [2016-12-17]
FF Extension: (Classic Theme Restorer) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-12-21]
FF Extension: (Ghostery) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-12-21]
FF Extension: (Forecastfox (fix version)) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\forecastfox@s3_fix_version.xpi [2016-08-17]
FF Extension: (HistoryBlock) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\historyblock@kain.xpi [2016-04-27]
FF Extension: (HTTPS Everywhere) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-21]
FF Extension: (The Camelizer - Price Tracker) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\izer@camelcamelcamel.com.xpi [2016-05-24]
FF Extension: (Hola Better Internet) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2016-12-21]
FF Extension: (PriceZombie, Price Tracker & Price Comparison) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2016-07-24]
FF Extension: (Dark YouTube Theme) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2016-10-07]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-12-17]
FF Extension: (Enhanced Steam) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2016-12-11]
FF Extension: (Window Master) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\monitormaster@pjs.nl.xpi [2016-11-29]
FF Extension: (Status-4-Evar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\status4evar@caligonstudios.com.xpi [2016-10-13]
FF Extension: (Tile Tabs) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\tiletabs@DW-dev.xpi [2016-11-13]
FF Extension: (Google Translator for Firefox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\translator@zoli.bod.xpi [2016-04-27]
FF Extension: (Troubleshooter) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\troubleshooter@mozilla.org.xpi [2016-04-27]
FF Extension: (Forecastfox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-08-02]
FF Extension: (Flagfox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-12-17]
FF Extension: (Session Manager) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-18]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-11-29]
FF Extension: (Download Statusbar Fixed) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{4204c864-50bf-467a-95b3-0912b7f15869}.xpi [2016-04-27]
FF Extension: (Stylish) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-10]
FF Extension: (Download Status Bar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-26]
FF Extension: (YouTube High Definition) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Download Statusbar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-04-27]
FF Extension: (Block site) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-04-27]
FF Extension: (DownThemAll!) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Greasemonkey) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\binding-of-isaac-rebirth-wiki-en.xml [2014-11-11]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\the-pirate-bay.xml [2015-10-25]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\youtube-video-search.xml [2013-12-12]
FF HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-02-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default [2016-12-23]
CHR Extension: (Google Docs) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-21]
CHR Extension: (Google Drive) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (AdBlock) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-29]
CHR Extension: (Project Naptha) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Enhanced Steam) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-11-10]
CHR Extension: (Gmail) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Profile: C:\Users\Celice\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-23]
CHR HKU\S-1-5-21-370019636-3812784303-1355510123-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [467016 2016-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-28] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-16] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-08-10] (Sony DADC Austria AG.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 asahci64; C:\WINDOWS\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2014-07-30] (ASRock Inc.)
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [128664 2016-07-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [146712 2016-07-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2016-06-01] (RW-Everything)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-10-06] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-10-06] (Corsair)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-13] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo_0007.sys [38432 2015-11-09] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-08] ()
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [50208 2015-11-09] (SoftEther Corporation)
R3 Serenum; C:\WINDOWS\system32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\WINDOWS\system32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 MBfilt; \SystemRoot\system32\drivers\MBfilt64.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 11:58 - 2016-12-23 11:59 - 00032058 _____ C:\Users\Celice\Desktop\FRST.txt
2016-12-23 11:51 - 2016-12-23 11:51 - 00000241 _____ C:\Users\Celice\Desktop\SearchReg.txt
2016-12-23 11:46 - 2016-12-23 11:46 - 00000238 _____ C:\Users\Celice\Desktop\Search.txt
2016-12-23 11:01 - 2016-12-23 11:58 - 00000000 ____D C:\FRST
2016-12-23 11:00 - 2016-12-23 11:00 - 02420736 _____ (Farbar) C:\Users\Celice\Desktop\FRST64.exe
2016-12-23 10:46 - 2016-12-23 10:46 - 00148026 _____ C:\Users\Celice\Documents\cc_20161223_104638.reg
2016-12-23 10:29 - 2016-12-23 10:29 - 00494287 _____ C:\Users\Celice\Desktop\SCAN0004(1).PDF
2016-12-23 10:05 - 2016-12-23 10:19 - 00000000 ____D C:\AdwCleaner
2016-12-21 20:57 - 2016-12-21 20:57 - 00210379 _____ C:\Users\Celice\Desktop\the_binding_of_isaac___icons_by_underpieces-d5lj81v.rar
2016-12-21 20:55 - 2016-12-21 20:58 - 00002718 _____ C:\Users\Celice\Desktop\isaac-ng - Shortcut.lnk
2016-12-21 20:49 - 2016-12-21 00:58 - 00000000 ____D C:\Users\Celice\Desktop\antibirth
2016-12-21 20:46 - 2016-12-21 20:48 - 479959322 _____ C:\Users\Celice\Desktop\antibirth.zip
2016-12-20 11:08 - 2016-12-20 11:08 - 00494287 _____ C:\Users\Celice\Desktop\SCAN0004.PDF
2016-12-19 20:46 - 2016-12-19 20:46 - 00000222 _____ C:\Users\Celice\Desktop\DOOM.url
2016-12-16 10:56 - 2009-06-10 13:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161216-105632.backup
2016-12-16 10:50 - 2016-12-16 10:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-16 10:44 - 2016-12-16 11:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-16 10:44 - 2016-12-16 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-16 10:44 - 2016-12-16 10:44 - 00001463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-12-16 10:44 - 2016-12-16 10:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-12-16 10:44 - 2016-12-16 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-12-16 10:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-12-13 21:18 - 2016-11-22 03:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 21:18 - 2016-11-22 02:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-13 21:18 - 2016-11-22 02:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-13 21:18 - 2016-11-22 02:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-13 21:18 - 2016-11-22 02:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 21:18 - 2016-11-22 02:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 21:18 - 2016-11-22 02:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-12-13 21:18 - 2016-11-22 02:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 21:18 - 2016-11-22 02:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 21:18 - 2016-11-22 02:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-13 21:18 - 2016-11-22 02:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 21:18 - 2016-11-22 01:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-13 21:18 - 2016-11-22 01:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-12-13 21:18 - 2016-11-22 01:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-13 21:18 - 2016-11-22 01:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 21:18 - 2016-11-22 01:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-12-13 21:18 - 2016-11-22 01:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-12-13 21:18 - 2016-11-22 01:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-13 21:18 - 2016-11-22 00:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-13 21:18 - 2016-11-22 00:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 21:18 - 2016-11-22 00:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-13 21:18 - 2016-11-22 00:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-13 21:18 - 2016-11-22 00:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 21:18 - 2016-11-22 00:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 21:18 - 2016-11-22 00:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-13 21:18 - 2016-11-22 00:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 21:18 - 2016-11-22 00:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-13 21:18 - 2016-11-22 00:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 21:18 - 2016-11-22 00:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-13 21:18 - 2016-11-22 00:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 21:18 - 2016-11-22 00:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-12-13 21:18 - 2016-11-22 00:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 21:18 - 2016-11-21 23:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 21:18 - 2016-11-21 23:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-13 21:18 - 2016-11-21 23:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 21:18 - 2016-11-21 23:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-13 21:18 - 2016-11-21 23:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-12-13 21:18 - 2016-11-21 23:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 21:18 - 2016-11-21 23:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 21:18 - 2016-11-21 23:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-13 21:18 - 2016-11-21 23:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-13 21:18 - 2016-11-21 23:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 21:18 - 2016-11-21 23:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 21:18 - 2016-11-21 23:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 21:18 - 2016-11-21 23:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 21:18 - 2016-11-21 22:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 21:18 - 2016-11-21 22:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 21:18 - 2016-11-21 22:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 21:18 - 2016-11-21 22:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 21:18 - 2016-11-21 22:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 21:18 - 2016-11-21 22:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 21:18 - 2016-11-21 22:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 21:18 - 2016-11-21 22:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-12 18:49 - 2016-12-13 22:13 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-12 18:48 - 2016-12-12 18:48 - 51969976 _____ (Malwarebytes ) C:\Users\Celice\Desktop\mb3-setup-consumer-3.0.4.1269.exe
2016-12-12 18:46 - 2016-12-12 18:46 - 00000000 ____D C:\Users\Celice\AppData\Local\Chromium
2016-12-08 16:32 - 2016-12-08 16:32 - 01385349 _____ C:\Users\Celice\Desktop\ReShade_0.18.7_Public_Beta_with_SweetFX_2.0_Beta_8.7z
2016-12-03 13:04 - 2016-12-03 13:04 - 00001960 _____ C:\Users\Celice\Desktop\amazon egift.txt
2016-12-02 11:48 - 2016-12-16 00:30 - 00000000 ____D C:\Users\Celice\Documents\The Witcher 3
2016-12-02 11:48 - 2016-12-02 11:48 - 00000000 ____D C:\Users\Celice\AppData\Local\GalaxyCommunicationService
2016-12-02 11:34 - 2016-12-02 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-12-02 11:34 - 2016-12-02 11:34 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-12-02 11:05 - 2016-12-02 11:05 - 00000000 ____D C:\Users\Celice\Documents\Overwatch
2016-12-01 16:07 - 2016-12-01 16:07 - 00001511 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-12-01 16:07 - 2016-12-01 16:07 - 00001511 _____ C:\ProgramData\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-12-01 15:43 - 2016-12-01 15:43 - 00638576 _____ C:\Users\Celice\Desktop\statement.pdf
2016-12-01 13:58 - 2016-12-20 11:07 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2016-12-01 13:58 - 2016-12-01 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-01 13:58 - 2016-12-01 13:58 - 00001113 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2016-12-01 13:58 - 2016-12-01 13:58 - 00001113 _____ C:\ProgramData\Desktop\GOG Galaxy.lnk
2016-12-01 13:58 - 2016-12-01 13:58 - 00000000 ____D C:\ProgramData\GOG.com
2016-11-30 21:48 - 2016-11-30 21:48 - 00000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-11-30 21:48 - 2016-11-30 21:48 - 00000888 _____ C:\ProgramData\Desktop\Overwatch.lnk
2016-11-30 21:48 - 2016-11-30 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-11-30 21:14 - 2016-11-30 21:49 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-30 21:13 - 2016-11-30 22:03 - 00000000 ____D C:\Users\Celice\AppData\Local\Battle.net
2016-11-30 21:13 - 2016-11-30 21:13 - 00000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-11-30 21:13 - 2016-11-30 21:13 - 00000936 _____ C:\ProgramData\Desktop\Battle.net.lnk
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\Users\Celice\AppData\Local\Blizzard Entertainment
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-30 21:01 - 2016-11-30 21:13 - 00000000 ____D C:\Users\Celice\AppData\Roaming\Battle.net
2016-11-30 21:01 - 2016-11-30 21:01 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-28 20:43 - 2016-11-17 05:45 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-28 20:43 - 2016-11-17 05:45 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-28 17:01 - 2016-11-28 17:01 - 00000025 _____ C:\Users\Celice\Desktop\klean kaneen akount.txt
2016-11-27 20:56 - 2016-11-27 20:56 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-27 20:56 - 2016-11-27 20:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-26 10:17 - 2016-11-26 10:17 - 00000000 ____D C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Mash
2016-11-26 09:16 - 2016-11-27 10:38 - 00000157 _____ C:\Users\Celice\Desktop\hq textures.txt
2016-11-25 15:49 - 2016-11-29 20:03 - 00000000 ____D C:\Users\Celice\AppData\Local\MomodoraRUtM
2016-11-25 15:49 - 2016-11-25 15:49 - 00001958 _____ C:\Users\Public\Desktop\Momodora - Reverie Under the Moonlight.lnk
2016-11-25 15:49 - 2016-11-25 15:49 - 00001958 _____ C:\ProgramData\Desktop\Momodora - Reverie Under the Moonlight.lnk
2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Momodora - Reverie Under the Moonlight [GOG.com]
2016-11-25 15:39 - 2016-11-25 15:39 - 00329946 _____ C:\Users\Celice\Desktop\mgsov3_jms_patch_v5.7z
2016-11-23 17:37 - 2016-11-23 17:37 - 00003544 _____ C:\WINDOWS\System32\Tasks\Celice
2016-11-23 17:36 - 2016-11-23 17:36 - 00000000 ____D C:\Users\Celice\AppData\Roaming\SmartSteamEmu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 11:12 - 2016-11-10 18:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-23 10:53 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-23 10:52 - 2016-05-15 08:28 - 00000000 ____D C:\Users\Celice\AppData\Local\CrashDumps
2016-12-23 10:47 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-23 10:47 - 2014-02-14 20:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-23 10:31 - 2016-07-11 12:16 - 01008216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-23 10:26 - 2016-11-18 20:22 - 00000000 ____D C:\Users\Celice\AppData\LocalLow\Mozilla
2016-12-23 10:26 - 2016-10-19 17:16 - 00000000 ___RD C:\Users\Celice\Google Drive
2016-12-23 10:26 - 2016-07-11 12:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-23 10:26 - 2014-08-02 23:34 - 00000000 __SHD C:\Users\Celice\IntelGraphicsProfiles
2016-12-23 10:26 - 2014-02-15 12:46 - 00000000 ____D C:\Users\Celice\.rainlendar2
2016-12-23 10:25 - 2016-04-26 22:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-23 10:25 - 2015-10-29 22:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-12-23 10:20 - 2016-09-23 20:06 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-23 10:17 - 2016-05-15 11:18 - 00003132 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-12-23 10:04 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-19 22:33 - 2014-04-02 11:27 - 00000000 ____D C:\Users\Celice\AppData\Local\ElevatedDiagnostics
2016-12-19 22:16 - 2014-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-12-19 22:04 - 2014-03-11 10:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-19 20:02 - 2015-08-08 08:08 - 00000000 ____D C:\Users\Celice\Documents\Survarium
2016-12-19 20:02 - 2014-12-12 15:04 - 00000000 ____D C:\Program Files (x86)\Survarium
2016-12-19 20:02 - 2014-12-09 20:37 - 00000000 ____D C:\Users\Celice\AppData\Local\Ubisoft Game Launcher
2016-12-19 20:02 - 2014-10-11 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium
2016-12-19 19:22 - 2016-11-06 14:31 - 00000000 ____D C:\Users\Celice\Desktop\surv pics
2016-12-17 00:56 - 2016-08-19 19:50 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1fa95ee67c2ec
2016-12-17 00:56 - 2016-08-19 19:50 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1fa95ee554208
2016-12-16 10:19 - 2016-06-09 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 10:19 - 2014-02-14 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 21:27 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 11:05 - 2014-02-16 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 11:04 - 2016-04-26 22:29 - 00232488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 00:52 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-13 22:08 - 2014-03-12 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-13 22:06 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 21:55 - 2014-02-16 03:02 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 20:21 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-13 11:12 - 2016-11-10 18:29 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 11:12 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 11:12 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 11:02 - 2016-07-11 15:36 - 00000000 ____D C:\Users\Celice\AppData\Local\Packages
2016-12-12 18:50 - 2016-05-21 23:40 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2016-12-12 18:46 - 2015-02-04 19:22 - 00000000 ____D C:\Users\Celice\AppData\Local\Steam
2016-12-12 00:25 - 2016-04-11 16:04 - 00000000 ____D C:\Users\Celice\AppData\Roaming\DarkSoulsIII
2016-12-11 15:03 - 2015-10-29 23:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:03 - 2015-10-29 23:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 14:42 - 2016-07-11 12:16 - 00000000 ____D C:\Users\Celice
2016-12-10 14:42 - 2014-11-25 18:49 - 00001938 _____ C:\Users\Celice\.xmlcopyeditor
2016-12-08 22:40 - 2014-02-15 15:39 - 00000000 ____D C:\Users\Celice\AppData\Roaming\vlc
2016-12-08 19:58 - 2016-10-19 17:15 - 00002118 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002118 _____ C:\ProgramData\Desktop\Google Slides.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002116 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002116 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002106 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002106 _____ C:\ProgramData\Desktop\Google Docs.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-08 16:25 - 2014-04-18 23:10 - 00000000 ____D C:\Users\Celice\Desktop\Rhythm Tengoku
2016-12-08 15:10 - 2016-11-17 21:19 - 00001265 _____ C:\Users\Celice\Desktop\Oblivion Mod Manager.lnk
2016-12-01 19:21 - 2016-07-11 12:15 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-12-01 16:07 - 2014-02-14 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-28 20:44 - 2016-10-28 16:18 - 00003928 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:44 - 2016-07-11 12:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-28 20:43 - 2016-10-28 16:18 - 00003992 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003964 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003902 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003740 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003698 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-07-11 12:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-28 20:43 - 2016-07-11 12:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-27 10:37 - 2016-05-22 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-11-27 10:37 - 2016-05-22 13:58 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-11-26 10:18 - 2014-02-14 18:18 - 00000000 ____D C:\Users\Celice\AppData\Local\VirtualStore
2016-11-26 10:14 - 2015-07-07 23:45 - 00000000 ____D C:\Python27
2016-11-25 22:18 - 2016-02-03 18:14 - 00000000 ____D C:\Users\Celice\Desktop\ma lil bear
2016-11-25 15:49 - 2015-04-03 00:42 - 00000000 ____D C:\GOG Games
2016-11-24 07:14 - 2016-11-02 21:06 - 00000128 _____ C:\Users\Celice\Desktop\mjc hrist.txt

==================== Files in the root of some directories =======

2015-09-04 14:32 - 2015-09-03 02:32 - 0000040 ____H () C:\Program Files (x86)\a2d9b3dd.tmp
2015-06-13 21:34 - 2015-06-14 09:58 - 0000231 _____ () C:\Users\Celice\AppData\Roaming\Rim.Desktop.Exception.log
2015-06-13 21:34 - 2015-08-04 14:07 - 0002021 _____ () C:\Users\Celice\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-06-13 21:34 - 2015-06-14 09:58 - 0000231 _____ () C:\Users\Celice\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-01-07 13:44 - 2015-01-07 13:44 - 0005120 _____ () C:\Users\Celice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-28 19:14 - 2016-05-12 16:13 - 1065984 _____ () C:\Users\Celice\AppData\Local\file__0.localstorage
2016-10-09 17:00 - 2016-10-09 17:00 - 0000218 _____ () C:\Users\Celice\AppData\Local\recently-used.xbel
2016-08-22 14:16 - 2016-08-22 14:16 - 0007633 _____ () C:\Users\Celice\AppData\Local\Resmon.ResmonCfg
2016-08-19 16:37 - 2016-08-19 16:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Celice\AppData\Local\Temp\avgnt.exe
C:\Users\Celice\AppData\Local\Temp\libeay32.dll
C:\Users\Celice\AppData\Local\Temp\msvcr120.dll
C:\Users\Celice\AppData\Local\Temp\sqlite3.dll
C:\Users\test\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-13 21:51

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Celice (23-12-2016 11:59:20)
Running from C:\Users\Celice\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-11 23:36:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-370019636-3812784303-1355510123-500 - Administrator - Disabled)
Celice (S-1-5-21-370019636-3812784303-1355510123-1000 - Administrator - Enabled) => C:\Users\Celice
DefaultAccount (S-1-5-21-370019636-3812784303-1355510123-503 - Limited - Disabled)
Guest (S-1-5-21-370019636-3812784303-1355510123-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-370019636-3812784303-1355510123-1003 - Limited - Enabled)
test (S-1-5-21-370019636-3812784303-1355510123-1004 - Administrator - Enabled) => C:\Users\test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ActivePerl 5.20.2 Build 2001 (64-bit) (HKLM\...\{7913F63E-E996-45CB-BF84-20938D9918F2}) (Version: 5.20.2001 - ActiveState)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.434 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: 0.1.434 - ASRock Inc.)
ASRock XFast RAM v2.0.29 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CBR and CBZ to PDF 2.1.2.9 (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\CBR and CBZ to PDF) (Version: 2.1.2.9 - Indie Softworks)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CoffeeCup PixConverter (HKLM-x32\...\CoffeeCup PixConverter) (Version: - CoffeeCup Software)
Corsair Utility Engine (HKLM-x32\...\{78A673BA-0F42-49AA-B34E-36398C5CD707}) (Version: 2.6.79 - Corsair)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Discord (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Flux) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HotKeyz 2.8.3 (HKLM-x32\...\HotKeyz_is1) (Version: 2.8.3 - Skynergy)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version: - Heart Machine)
I am Setsuna (HKLM-x32\...\I am Setsuna_is1) (Version: - )
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 8.0.1 - JPEXS)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
MenuMaid 1.2 (HKLM-x32\...\MenuMaid) (Version: 1.2 - Sound Doctrine Ministries)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora - Reverie Under the Moonlight (HKLM-x32\...\1079762750_is1) (Version: 2.0.0.2 - GOG.com)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{040242E3-7887-4498-95A6-2F815188BCD7}) (Version: 4.0.11 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Pond Small (HKLM-x32\...\Pond Small) (Version: - )
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0135 - REALTEK Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.1 - Samsung Electronics)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Setup - LEGO STAR WARS The Force Awakens ... (HKLM-x32\...\Setup - LEGO STAR WARS The Force Awakens ...) (Version: ... - Warner Bros.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.06 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SWFRIP 0.4 (HKLM-x32\...\SWFRIP) (Version: - )
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
Tiled - Tiled Map Editor (HKLM-x32\...\Tiled) (Version: - )
Twin USB Vibration Gamepad (HKLM-x32\...\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}) (Version: 2005.01.26 - )
Uplay (HKLM-x32\...\Uplay) (Version: 23.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\WinDirStat) (Version: - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WPS Converter (HKLM-x32\...\{9B04B06A-AA23-4782-8F2E-678CCE2395F2}_is1) (Version: - wpsconverter.com)
wxPython 3.0.2.0 for Python 2.7 (HKLM\...\wxPython3.0-py27_is1) (Version: 3.0.2.0 - Total Control Software)
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-370019636-3812784303-1355510123-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017C5EB2-C794-466C-8F4E-CE4F522F147B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0258250E-D02E-48F5-A6B5-B3C1C66C112C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {08C327F0-5BD1-42A7-85D9-098C278A4C24} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {0975A423-7C89-463E-B577-33182B6C7D49} - System32\Tasks\GoogleUpdateTaskMachineUA1d1fa95ee67c2ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0F265581-5A3E-4493-AB92-AABD4064062F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {154F1D29-3685-4862-A437-B0D3F4BE1075} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1BC533C8-5546-49C3-96D4-32E48C77DDCB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26FA8B32-3827-41AD-834E-F3632CDC0902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3315D03E-F83D-4F00-A56C-460A80689D95} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3436AC68-B2E1-47BC-A2E0-1E96F425CDCA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A21E10B-821A-46AA-9F1A-9CC30BF437D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {55CA9DDB-B7F0-48AC-B90E-E821C69884F2} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-08] ()
Task: {56A60A70-884D-4E9B-A69B-7D502EE68840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {582111C1-87E0-429F-BCB2-367E30B22AA7} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper)
Task: {5A0E7273-5F7B-4A9A-B5B2-2FBEADC669D3} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {61CB23FA-4F7B-40D1-A65C-71DB94CEDE2D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {68D9BD8A-D8D6-49D0-86F2-186B06251ED6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {6EB21C7A-59BF-4236-A6F6-612CD260CF5C} - \{3D69AB0A-5833-4A3D-BC8A-DEE2B208AC3A} -> No File <==== ATTENTION
Task: {6F3EDED5-5B43-410F-92F2-3F87419808FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {715E61D8-5898-4565-83C6-51FE48706347} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {72682CFF-0653-4250-8305-30964853705F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7276961C-16AC-45A9-90F1-024DC1216961} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79271393-1C46-4DE2-BADD-F465A2C8CA01} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {79DC2684-48C5-45BF-826B-612E833637D4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7D20EAC1-9DA3-487F-8808-0748EE1574B0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {85CBFDFF-8778-4C41-BB49-532F224681C4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {892C6BE3-7482-4509-AF28-AB044285D326} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8ED9647F-7266-48C0-8D1C-44345862D38B} - \SamsungMagician -> No File <==== ATTENTION
Task: {8F0EA77A-8FF6-44DE-90D6-E9EB2C9237C4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {9AC8E391-3CED-4AE4-A675-117951D0EE9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9BC468F1-6714-4E19-8989-12DE6EFE11FC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1CA3D79-2B17-46D4-8634-2FB795E6BDBE} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {AE453C11-4D74-4D64-A547-0989236D60A0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {B57FCDD1-2A77-42E0-82B7-396F1E8D405D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDA10837-6848-487C-BE88-09CC294B4D04} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {BF8DEAB6-CEDC-457A-ACA5-916E9021825A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1311584-2150-47D8-8CF3-79F7824B9323} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C21D6067-0519-4425-BB1C-55A062C86D2E} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {C72F43EC-77F3-4475-80A8-D07EF3293045} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C836BE15-5F8E-403C-B704-6EFDFE82A34B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D032D88C-EE39-4F73-B57A-E9DF87B433C1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D38423D0-956F-4BB2-92C2-227243E8E320} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {D63CB763-4700-42D2-84E6-B4E71008551C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {DDBFF41A-7EBF-4A03-AE8A-A5B97D6E540B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {DE539F01-B1B3-419F-8585-747AFF5B8065} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {DEF66DDB-B9D7-42C3-BFA1-CF66A428B182} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1795F9F-6917-4903-9B78-49B2FCCC2814} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E32FC97C-5C02-4B4D-ADAC-A087E5585081} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EAEE8EE7-2BA1-4808-BB4D-8D3EC9587B5B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D72586-0321-4188-98B6-9BF32482FBD8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2F935B8-45EF-4B68-A4B4-B771BF6323FF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F4DBC85D-324F-4E74-86DC-FF9C85C02F0F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F763C0DF-9C1D-4076-BEFF-4A660BAA6D12} - System32\Tasks\GoogleUpdateTaskMachineCore1d1fa95ee554208 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F9304E98-2549-4396-82E1-2147B082A563} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9AB1FEF-5D20-47BB-A32F-F6656B0EACE8} - System32\Tasks\Celice => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Celice /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {FAA46AD6-4A0A-42F2-AFBC-A709CB5810F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Celice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Michael - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-02-26 19:21 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-02-14 18:49 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-10-28 16:18 - 2016-11-17 05:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-11-08 17:22 - 2016-10-25 01:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-23 08:44 - 2015-11-23 08:44 - 00403456 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2016-07-11 12:15 - 2016-11-16 17:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 17:22 - 2016-10-25 01:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-11 15:39 - 2016-07-11 15:39 - 00959168 _____ () C:\Users\Celice\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-26 22:10 - 2016-04-26 22:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 15:16 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 23:59 - 2015-12-08 23:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-01-19 23:48 - 2013-03-10 09:58 - 02598496 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2015-12-02 01:19 - 2015-12-02 01:19 - 00205000 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-02-17 18:34 - 2014-02-13 18:36 - 01304576 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2012-12-15 15:51 - 2009-08-22 20:25 - 00102400 _____ () C:\Users\Celice\Desktop\D3DOverrider\D3DOverrider.exe
2015-11-23 08:44 - 2015-11-23 08:44 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2016-12-13 11:02 - 2016-12-13 11:02 - 03810816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-16 10:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-16 10:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-16 10:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-16 10:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-16 10:44 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-14 18:36 - 2009-08-28 16:38 - 00131072 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00032768 _____ () C:\Users\Celice\Desktop\D3DOverrider\D3DOverriderHooks.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 08:44 - 2015-12-07 08:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 08:44 - 2015-12-07 08:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-10-28 16:18 - 2016-11-17 02:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-28 16:18 - 2016-11-17 02:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2012-05-16 11:01 - 2012-05-16 11:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2014-01-19 23:48 - 2013-03-10 09:59 - 00215648 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 05:22 - 2012-06-17 05:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2016-10-28 16:18 - 2016-11-17 05:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-08-25 06:41 - 2016-08-24 16:49 - 01950392 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 06:41 - 2016-11-15 15:57 - 01058816 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 06:41 - 2016-11-15 15:57 - 03801088 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 06:41 - 2016-08-25 06:41 - 00894136 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 06:41 - 2016-08-25 06:41 - 01119416 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-25 06:41 - 2016-08-24 16:49 - 02230456 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 06:41 - 2016-08-24 16:49 - 00088760 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-12-23 10:26 - 2016-12-23 10:26 - 00170496 _____ () \\?\C:\Users\Celice\AppData\Local\Temp\A383.tmp.node
2016-08-25 06:41 - 2016-10-13 20:40 - 02658304 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-01 15:44 - 2016-10-13 20:40 - 02147328 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-12-23 10:26 - 2016-12-23 10:26 - 00098816 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32api.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00110080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\pywintypes27.dll
2016-12-23 10:26 - 2016-12-23 10:26 - 00364544 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\pythoncom27.dll
2016-12-23 10:26 - 2016-12-23 10:26 - 00320512 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32com.shell.shell.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00914432 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_hashlib.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 01176576 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._core_.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00806400 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._gdi_.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00816128 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._windows_.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 01067008 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._controls_.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00733184 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._misc_.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00682496 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\pysqlite2._sqlite.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00088064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_ctypes.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00686080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\unicodedata.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00119808 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32file.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00108544 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32security.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00007168 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\hashobjs_ext.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00017920 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\thumbnails_ext.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00088064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\usb_ext.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00012800 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\common.time34.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00018432 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32event.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00167936 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32gui.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00046080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_socket.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 01303552 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_ssl.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00128512 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_elementtree.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00127488 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\pyexpat.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00038912 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32inet.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00036864 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_psutil_windows.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00524248 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\windows._lib_cacheinvalidation.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00011264 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32crypt.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00123392 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._wizard.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00077312 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._html2.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00027648 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_multiprocessing.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00020480 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\_yappi.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00035840 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32process.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00078848 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\wx._animate.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00024064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32pipe.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00010240 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\select.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00025600 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32pdh.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00017408 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32profile.pyd
2016-12-23 10:26 - 2016-12-23 10:26 - 00022528 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI74602\win32ts.pyd
2015-11-23 08:43 - 2015-11-23 08:43 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2016-12-01 13:58 - 2016-11-28 14:22 - 53018112 _____ () C:\Program Files (x86)\GOG Galaxy\libcef.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00507968 _____ () C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01076800 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01854528 _____ () C:\Program Files (x86)\GOG Galaxy\PocoData.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00393280 _____ () C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01589312 _____ () C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00307776 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00330816 _____ () C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00104000 _____ () C:\Program Files (x86)\GOG Galaxy\zlib.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00520768 _____ () C:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00272448 _____ () C:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00680000 _____ () C:\Program Files (x86)\GOG Galaxy\sqlite.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00425536 _____ () C:\Program Files (x86)\GOG Galaxy\pcre.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00157760 _____ () C:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00152128 _____ () C:\Program Files (x86)\GOG Galaxy\expat.dll
2016-12-01 13:58 - 2016-11-28 14:22 - 01738752 _____ () C:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2016-12-01 13:58 - 2016-11-28 14:22 - 00078848 _____ () C:\Program Files (x86)\GOG Galaxy\libegl.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00057344 _____ () C:\Users\Celice\Desktop\D3DOverrider\RTFC.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00106496 _____ () C:\Users\Celice\Desktop\D3DOverrider\RTUI.dll
2016-11-07 15:40 - 2016-11-07 15:40 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-11-07 15:38 - 2016-11-07 15:38 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2016-11-07 15:38 - 2016-11-07 15:38 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-06-10 09:19 - 2016-06-10 09:19 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-06-10 09:19 - 2016-06-10 09:19 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2014-02-14 20:01 - 2016-12-08 07:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-21 12:13 - 2016-12-19 18:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-02-14 20:01 - 2016-12-19 18:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-12 18:46 - 2016-12-05 08:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2014-02-14 20:01 - 2016-12-19 18:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2014-12-15 20:13 - 2015-09-24 15:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2014-02-14 18:49 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.

IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\007guard.com -> install.007guard.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008i.com -> 008i.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\008k.com -> www.008k.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\00hq.com -> www.00hq.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\010402.com -> 010402.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\0scan.com -> www.0scan.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\10sek.com -> www.10sek.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\PE_C_DEFAULTAPPPOOL\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.

IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.

IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1004\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-370019636-3812784303-1355510123-1000\Control Panel\Desktop\\Wallpaper -> E:\Users\Celice\Desktop\DualMonitorTools-2.1\DmtWallpaper.bmp
HKU\S-1-5-21-370019636-3812784303-1355510123-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{26E3D7C5-A828-4BC4-9BCE-1EAAE298FB6A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5DC3F123-4F4E-45A6-B17D-8548CE17959F}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EAC57DD5-A590-47AC-B0BE-2084929E0895}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B66711C7-9DAC-4BC9-81C8-AD042CDF1C19}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{309745F1-CFBC-425D-8A2C-21221EFBB3A0}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{758F28BC-6F37-48E4-8325-DF3D50C6FD3D}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{C97BD20F-F957-493F-96D5-7879E4AD623E}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{57E8E355-B330-46A2-91A6-F99CFB900B65}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{D1B6C31D-455A-46D5-9D00-9A640F72677B}] => C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{075DF3FE-AB90-4E05-80D1-D63265EB0722}] => C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{6261B0A5-2DF0-4F62-9D73-305B580B5864}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{337694FF-B912-42B1-A2F3-DE2E45FE425E}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{364972B0-C30A-4A53-9E52-716D3997C897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{940F687D-6E84-49D8-9F35-0ED0C25A18B4}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CC71C50A-D030-416D-9D1C-1DB1BBB48FFE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4974116D-009A-41B4-985F-7691A5102FB4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F1B485C-11FF-4D9D-9994-11DCE075B1D0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{347ED121-82F8-4506-AA13-D8B73ECE0F52}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D1AB936D-B518-4FCA-90DA-8467505F3C62}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF2092DC-2792-4FDC-B8AA-3E808B5F5B3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F25A1F81-10D2-4D48-B8C4-B699FB3BCDA8}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4BC69A30-F2E9-457A-9432-956DDC66A3AE}] => C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{46934AEA-B2FF-454C-9066-848A11603A35}] => C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{FB8B8EC8-29A5-42E8-A174-76457BBECA38}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7791CDCE-FC89-4D6D-9A39-87D293E9BD7D}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4EFC2CA5-E6CC-4D3B-8963-9C8D0D64DC96}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A34D8069-6047-4159-8833-023344177C92}] => C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{20997E37-E35F-4184-A703-435C155F9B5D}] => C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{8B72E108-8BBB-4242-9938-0A611A85CD1E}] => C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5BCEECF2-4C03-4962-9142-23101F958FD8}] => C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

21-12-2016 22:13:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2016 11:25:56 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/23/2016 10:52:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CELICE-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/23/2016 10:52:45 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/23/2016 10:52:45 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/23/2016 10:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Faulting module name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Exception code: 0xc000027b
Fault offset: 0x00000000001a11fd
Faulting process id: 0x18cc
Faulting application start time: 0x01d25d4dbfa6c406
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: d7c89e1a-9132-4528-9b69-efab7dc177b4
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (12/23/2016 10:46:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CELICE-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/23/2016 10:46:04 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/23/2016 10:46:04 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/23/2016 10:46:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Faulting module name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Exception code: 0xc000027b
Fault offset: 0x00000000001a11fd
Faulting process id: 0xb18
Faulting application start time: 0x01d25d4cd053f5e0
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: ee651d5e-1113-4dc8-a75c-a0eaec113553
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (12/23/2016 10:40:57 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy5


System errors:
=============
Error: (12/23/2016 10:27:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/23/2016 10:26:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/23/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/23/2016 10:26:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (12/23/2016 10:25:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/23/2016 10:24:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/23/2016 10:24:30 AM) (Source: DCOM) (EventID: 10005) (User: CELICE-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/23/2016 10:24:08 AM) (Source: DCOM) (EventID: 10005) (User: CELICE-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/23/2016 10:23:57 AM) (Source: DCOM) (EventID: 10005) (User: CELICE-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/23/2016 10:23:43 AM) (Source: DCOM) (EventID: 10005) (User: CELICE-PC)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}


CodeIntegrity:
===================================
Date: 2016-12-15 21:16:40.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 11:04:22.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-13 22:27:25.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-13 22:14:23.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-10 16:34:29.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 16:20:18.527
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.400
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 8077.87 MB
Available physical RAM: 3875.81 MB
Total Virtual: 16269.87 MB
Available Virtual: 10691.73 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.35 GB) (Free:14.98 GB) NTFS
Drive d: (The Dude) (Fixed) (Total:465.76 GB) (Free:356.62 GB) NTFS
Drive e: (Little John) (Fixed) (Total:931.41 GB) (Free:62.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1AEBD9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 92860E9E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 43A5D77C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 December 2016 - 04:57 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 23 December 2016 - 05:29 PM

Greetings Celice and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. What registry key are you referring to? It doesn't seem to have returned.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\MountPoints2: {e7eee0cb-13ac-11e4-a551-bc5ff45a2384} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
U3 idsvc; no ImagePath
S3 MBfilt; \SystemRoot\system32\drivers\MBfilt64.sys [X]
U3 wpcsvc; no ImagePath
2015-09-04 14:32 - 2015-09-03 02:32 - 0000040 ____H () C:\Program Files (x86)\a2d9b3dd.tmp
2016-12-23 10:26 - 2016-12-23 10:26 - 00170496 _____ () \\?\C:\Users\Celice\AppData\Local\Temp\A383.tmp.node
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog.txt
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Celice

Celice
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 December 2016 - 07:32 PM

Thank you very much for your help so far! My name is John.

I followed directions, created file Fixlog in same location as FRST64, ran FRST64 as administrator and clicked fix. It began to run but the system froze after one minute and become unresponsive. I left it alone for 30 minutes in case it was working in background but process never completed and system remained frozen.

 

I hard powered off and the system started normally without the browser hijack problem. I restarted again and the problem returned. The registry key associated with the browser hijack appeared to be stored in:

 

Computer/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Its entry reads as:

explorer.exe http://kb-ribaki

 

I learned this from previous searches on google regarding the problem.

 

=====================================================

 

Here are the contents of Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Celice (23-12-2016 14:49:57) Run:1
Running from C:\Users\Celice\Desktop
Loaded Profiles: Celice & test (Available Profiles: Celice & test & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\MountPoints2: {e7eee0cb-13ac-11e4-a551-bc5ff45a2384} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
U3 idsvc; no ImagePath
S3 MBfilt; \SystemRoot\system32\drivers\MBfilt64.sys [X]
U3 wpcsvc; no ImagePath
2015-09-04 14:32 - 2015-09-03 02:32 - 0000040 ____H () C:\Program Files (x86)\a2d9b3dd.tmp
2016-12-23 10:26 - 2016-12-23 10:26 - 00170496 _____ () \\?\C:\Users\Celice\AppData\Local\Temp\A383.tmp.node
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-370019636-3812784303-1355510123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7eee0cb-13ac-11e4-a551-bc5ff45a2384}" => key removed successfully
HKCR\CLSID\{e7eee0cb-13ac-11e4-a551-bc5ff45a2384} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
idsvc => service removed successfully
MBfilt => service removed successfully
wpcsvc => service removed successfully
C:\Program Files (x86)\a2d9b3dd.tmp => moved successfully
C:\Users\Celice\AppData\Local\Temp\A383.tmp.node => moved successfully
 

========================================

 

I am attaching the System Summary Information as a zipped file, as requested.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 23 December 2016 - 09:00 PM

Hi John, my pleasure to work with you on this.

Thank you for the effort and explanation.

I would have expected that registry key to appear in the FRST report you posted but it did not. It is possible one of the deletions in the fixlist was the cause of the registry key reappearing. Can you provide an update regarding your browser performance now that the fixlist ran successfully?

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:regfind
*kb-ribaki*
*zodiac*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Redirects?
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Celice

Celice
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 December 2016 - 11:14 PM

I attempted to run FRST in administrator mode again to see if it would freeze. I was able to click fix and it succeeded without freezing the system, and proceeded to restart the system. I then checked to see if the registry entry was still there and it was, and I still had the pop-up occur at system start up. Thank you for your help so far. Here are the contents of the SystemLook,

==========================

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:11 on 23/12/2016 by Celice
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "*kb-ribaki*"
No data found.

Searching for "*zodiac*"
No data found.

-= EOF =-

 

=====================================

 

I can post a screenshot showing what the registry entry looks like if it might help. Thank you for all your help so far.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 24 December 2016 - 08:27 AM

Thank you. Hold off on the screen shot for now. Please do this, which should take care of things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Task: {0258250E-D02E-48F5-A6B5-B3C1C66C112C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {08C327F0-5BD1-42A7-85D9-098C278A4C24} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {26FA8B32-3827-41AD-834E-F3632CDC0902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5A0E7273-5F7B-4A9A-B5B2-2FBEADC669D3} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {68D9BD8A-D8D6-49D0-86F2-186B06251ED6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {6EB21C7A-59BF-4236-A6F6-612CD260CF5C} - \{3D69AB0A-5833-4A3D-BC8A-DEE2B208AC3A} -> No File <==== ATTENTION
Task: {79271393-1C46-4DE2-BADD-F465A2C8CA01} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {892C6BE3-7482-4509-AF28-AB044285D326} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8ED9647F-7266-48C0-8D1C-44345862D38B} - \SamsungMagician -> No File <==== ATTENTION
Task: {A1CA3D79-2B17-46D4-8634-2FB795E6BDBE} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {C1311584-2150-47D8-8CF3-79F7824B9323} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C21D6067-0519-4425-BB1C-55A062C86D2E} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {C72F43EC-77F3-4475-80A8-D07EF3293045} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E32FC97C-5C02-4B4D-ADAC-A087E5585081} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F9AB1FEF-5D20-47BB-A32F-F6656B0EACE8} - System32\Tasks\Celice => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Celice /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {FAA46AD6-4A0A-42F2-AFBC-A709CB5810F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Celice

Celice
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 24 December 2016 - 04:28 PM

Thank you for continuing to help us :) I completed your request. When the computer restarted, the browser opened itself again to the same hijack website. Here are the contents of the fixlog:

 

============================

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Celice (24-12-2016 13:23:01) Run:3
Running from C:\Users\Celice\Desktop
Loaded Profiles: Celice (Available Profiles: Celice & test & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {0258250E-D02E-48F5-A6B5-B3C1C66C112C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {08C327F0-5BD1-42A7-85D9-098C278A4C24} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {26FA8B32-3827-41AD-834E-F3632CDC0902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5A0E7273-5F7B-4A9A-B5B2-2FBEADC669D3} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {68D9BD8A-D8D6-49D0-86F2-186B06251ED6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {6EB21C7A-59BF-4236-A6F6-612CD260CF5C} - \{3D69AB0A-5833-4A3D-BC8A-DEE2B208AC3A} -> No File <==== ATTENTION
Task: {79271393-1C46-4DE2-BADD-F465A2C8CA01} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {892C6BE3-7482-4509-AF28-AB044285D326} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8ED9647F-7266-48C0-8D1C-44345862D38B} - \SamsungMagician -> No File <==== ATTENTION
Task: {A1CA3D79-2B17-46D4-8634-2FB795E6BDBE} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {C1311584-2150-47D8-8CF3-79F7824B9323} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C21D6067-0519-4425-BB1C-55A062C86D2E} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {C72F43EC-77F3-4475-80A8-D07EF3293045} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E32FC97C-5C02-4B4D-ADAC-A087E5585081} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F9AB1FEF-5D20-47BB-A32F-F6656B0EACE8} - System32\Tasks\Celice => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Celice /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== ATTENTION
Task: {FAA46AD6-4A0A-42F2-AFBC-A709CB5810F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0258250E-D02E-48F5-A6B5-B3C1C66C112C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0258250E-D02E-48F5-A6B5-B3C1C66C112C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08C327F0-5BD1-42A7-85D9-098C278A4C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08C327F0-5BD1-42A7-85D9-098C278A4C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26FA8B32-3827-41AD-834E-F3632CDC0902}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26FA8B32-3827-41AD-834E-F3632CDC0902}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A0E7273-5F7B-4A9A-B5B2-2FBEADC669D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0E7273-5F7B-4A9A-B5B2-2FBEADC669D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68D9BD8A-D8D6-49D0-86F2-186B06251ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D9BD8A-D8D6-49D0-86F2-186B06251ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EB21C7A-59BF-4236-A6F6-612CD260CF5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EB21C7A-59BF-4236-A6F6-612CD260CF5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D69AB0A-5833-4A3D-BC8A-DEE2B208AC3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79271393-1C46-4DE2-BADD-F465A2C8CA01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79271393-1C46-4DE2-BADD-F465A2C8CA01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{892C6BE3-7482-4509-AF28-AB044285D326}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{892C6BE3-7482-4509-AF28-AB044285D326}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ED9647F-7266-48C0-8D1C-44345862D38B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ED9647F-7266-48C0-8D1C-44345862D38B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SamsungMagician" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1CA3D79-2B17-46D4-8634-2FB795E6BDBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1CA3D79-2B17-46D4-8634-2FB795E6BDBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1311584-2150-47D8-8CF3-79F7824B9323}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1311584-2150-47D8-8CF3-79F7824B9323}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C21D6067-0519-4425-BB1C-55A062C86D2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C21D6067-0519-4425-BB1C-55A062C86D2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C72F43EC-77F3-4475-80A8-D07EF3293045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C72F43EC-77F3-4475-80A8-D07EF3293045}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E32FC97C-5C02-4B4D-ADAC-A087E5585081}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E32FC97C-5C02-4B4D-ADAC-A087E5585081}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F9AB1FEF-5D20-47BB-A32F-F6656B0EACE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9AB1FEF-5D20-47BB-A32F-F6656B0EACE8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Celice => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Celice" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAA46AD6-4A0A-42F2-AFBC-A709CB5810F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA46AD6-4A0A-42F2-AFBC-A709CB5810F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15832256 B
Java, Flash, Steam htmlcache => 48254226 B
Windows/system/drivers => 1825392 B
Edge => 0 B
Chrome => 560128 B
Firefox => 565095862 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 152072 B
NetworkService => 1867776 B
Celice => 143065661 B
test => 474465 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 741.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:24:33 ====

 

=================================

 

The registry key has returned as well. Thank you for your help so far. It is a weird problem that still persists!


Edited by Celice, 24 December 2016 - 04:29 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 24 December 2016 - 06:51 PM

Yes, it is odd. Please rerun a FRST scan and copy/paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Celice

Celice
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 26 December 2016 - 12:40 PM

Yes, here are the results. Sorry for the delayed response.
 
====================================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Celice (administrator) on CELICE-PC (26-12-2016 09:37:51)
Running from C:\Users\Celice\Desktop
Loaded Profiles: Celice (Available Profiles: Celice & test & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\UAService7.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hammer & Chisel, Inc.) C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Flux Software LLC) C:\Users\Celice\AppData\Local\FluxSoftware\Flux\flux.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(Skynergy) C:\Program Files (x86)\Skynergy\HotKeyz\HotKeyz.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
() C:\Users\Celice\Desktop\D3DOverrider\D3DOverrider.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HotKeyz.exe Startup] => C:\Program Files (x86)\Skynergy\HotKeyz\HotKeyz.exe [2719232 2010-06-10] (Skynergy)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [D3DOverrider] => C:\Users\Celice\Desktop\D3DOverrider\D3DOverriderWrapper.exe [40960 2009-08-22] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [12348112 2016-11-07] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Discord] => C:\Users\Celice\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Celice] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
IFEO\taskmgr.exe: [Debugger] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey - Shortcut.lnk [2014-02-17]
ShortcutTarget: AutoHotkey - Shortcut.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.exe ()
Startup: C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flux - Shortcut.lnk [2014-02-17]
ShortcutTarget: flux - Shortcut.lnk -> C:\Users\Celice\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6aacefee-8ffa-4c0c-b09e-8bdd3527f92f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9dbc9784-11f8-4439-9cc8-b7cb05ec3e2a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9dbc9784-11f8-4439-9cc8-b7cb05ec3e2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{caef0b7e-5de9-40bf-b0c2-64c1ff1a2847}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DE009A67-F9C5-4C9F-B65A-F8B509D44CBC}: [DhcpNameServer] 172.18.11.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: eh1jmc0o.default-1386886677414
FF ProfilePath: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 [2016-12-26]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\adbhelper@mozilla.org [2016-11-03]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\artur.dubovoy@gmail.com [2016-12-17]
FF Extension: (Classic Theme Restorer) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-12-21]
FF Extension: (Ghostery) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (YouTube™ Enhancer Plus) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-12-21]
FF Extension: (Forecastfox (fix version)) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\forecastfox@s3_fix_version.xpi [2016-08-17]
FF Extension: (HistoryBlock) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\historyblock@kain.xpi [2016-04-27]
FF Extension: (HTTPS Everywhere) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-21]
FF Extension: (The Camelizer - Price Tracker) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\izer@camelcamelcamel.com.xpi [2016-05-24]
FF Extension: (Hola Better Internet) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2016-12-21]
FF Extension: (PriceZombie, Price Tracker & Price Comparison) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2016-07-24]
FF Extension: (Dark YouTube Theme) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2016-10-07]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-12-17]
FF Extension: (Enhanced Steam) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2016-12-11]
FF Extension: (Window Master) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\monitormaster@pjs.nl.xpi [2016-11-29]
FF Extension: (Status-4-Evar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\status4evar@caligonstudios.com.xpi [2016-10-13]
FF Extension: (Tile Tabs) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\tiletabs@DW-dev.xpi [2016-11-13]
FF Extension: (Google Translator for Firefox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\translator@zoli.bod.xpi [2016-04-27]
FF Extension: (Troubleshooter) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\troubleshooter@mozilla.org.xpi [2016-04-27]
FF Extension: (Forecastfox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-08-02]
FF Extension: (Flagfox) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-12-17]
FF Extension: (Session Manager) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-18]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2016-11-29]
FF Extension: (Download Statusbar Fixed) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{4204c864-50bf-467a-95b3-0912b7f15869}.xpi [2016-04-27]
FF Extension: (Stylish) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-10]
FF Extension: (Download Status Bar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-26]
FF Extension: (YouTube High Definition) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-12-23]
FF Extension: (Adblock Plus) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Download Statusbar) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-04-27]
FF Extension: (Block site) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-04-27]
FF Extension: (DownThemAll!) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Greasemonkey) - C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\binding-of-isaac-rebirth-wiki-en.xml [2014-11-11]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\the-pirate-bay.xml [2015-10-25]
FF SearchPlugin: C:\Users\Celice\AppData\Roaming\Mozilla\Firefox\Profiles\eh1jmc0o.default-1386886677414\searchplugins\youtube-video-search.xml [2013-12-12]
FF HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-02-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default [2016-12-24]
CHR Extension: (Google Docs) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-21]
CHR Extension: (Google Drive) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (AdBlock) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-29]
CHR Extension: (Project Naptha) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Enhanced Steam) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-11-10]
CHR Extension: (Gmail) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Celice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Profile: C:\Users\Celice\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-24]
CHR HKU\S-1-5-21-370019636-3812784303-1355510123-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [467016 2016-05-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-28] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-16] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-08-10] (Sony DADC Austria AG.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 asahci64; C:\WINDOWS\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2014-07-30] (ASRock Inc.)
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [128664 2016-07-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [146712 2016-07-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2016-06-01] (RW-Everything)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-10-06] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-10-06] (Corsair)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-13] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo_0007.sys [38432 2015-11-09] (SoftEther Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 RimVSerPort; C:\WINDOWS\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-08] ()
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SEE; C:\WINDOWS\System32\drivers\see.sys [50208 2015-11-09] (SoftEther Corporation)
R3 Serenum; C:\WINDOWS\system32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\WINDOWS\system32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 22:37 - 2016-12-23 22:37 - 08641421 _____ C:\Users\Celice\Desktop\modFriendlyHUD for game version 1.31 and 1.31GOTY-365-12-7.7z
2016-12-23 20:11 - 2016-12-23 20:12 - 00000678 _____ C:\Users\Celice\Desktop\SystemLook.txt
2016-12-23 20:11 - 2016-12-23 20:11 - 00139264 _____ C:\Users\Celice\Desktop\SystemLook.exe
2016-12-23 16:32 - 2016-12-23 16:32 - 01050966 _____ C:\Users\Celice\Desktop\Summary.zip
2016-12-23 15:06 - 2016-12-23 15:06 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-23 14:49 - 2016-12-24 13:24 - 00010197 _____ C:\Users\Celice\Desktop\Fixlog.txt
2016-12-23 11:58 - 2016-12-26 09:38 - 00031252 _____ C:\Users\Celice\Desktop\FRST.txt
2016-12-23 11:51 - 2016-12-23 11:51 - 00000241 _____ C:\Users\Celice\Desktop\SearchReg.txt
2016-12-23 11:46 - 2016-12-23 11:46 - 00000238 _____ C:\Users\Celice\Desktop\Search.txt
2016-12-23 11:01 - 2016-12-26 09:37 - 00000000 ____D C:\FRST
2016-12-23 11:00 - 2016-12-23 11:00 - 02420736 _____ (Farbar) C:\Users\Celice\Desktop\FRST64.exe
2016-12-23 10:46 - 2016-12-23 10:46 - 00148026 _____ C:\Users\Celice\Documents\cc_20161223_104638.reg
2016-12-23 10:29 - 2016-12-23 10:29 - 00494287 _____ C:\Users\Celice\Desktop\SCAN0004(1).PDF
2016-12-23 10:05 - 2016-12-23 10:19 - 00000000 ____D C:\AdwCleaner
2016-12-21 20:55 - 2016-12-21 20:58 - 00002718 _____ C:\Users\Celice\Desktop\isaac-ng - Shortcut.lnk
2016-12-20 11:08 - 2016-12-20 11:08 - 00494287 _____ C:\Users\Celice\Desktop\SCAN0004.PDF
2016-12-19 20:46 - 2016-12-19 20:46 - 00000222 _____ C:\Users\Celice\Desktop\DOOM.url
2016-12-16 10:56 - 2009-06-10 13:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161216-105632.backup
2016-12-16 10:50 - 2016-12-16 10:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-16 10:44 - 2016-12-16 11:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-16 10:44 - 2016-12-16 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-16 10:44 - 2016-12-16 10:44 - 00001463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-12-16 10:44 - 2016-12-16 10:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-12-16 10:44 - 2016-12-16 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-12-16 10:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-12-13 21:18 - 2016-11-22 03:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 21:18 - 2016-11-22 02:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-13 21:18 - 2016-11-22 02:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-13 21:18 - 2016-11-22 02:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-13 21:18 - 2016-11-22 02:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 21:18 - 2016-11-22 02:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 21:18 - 2016-11-22 02:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-12-13 21:18 - 2016-11-22 02:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 21:18 - 2016-11-22 02:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 21:18 - 2016-11-22 02:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-13 21:18 - 2016-11-22 02:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 21:18 - 2016-11-22 01:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-13 21:18 - 2016-11-22 01:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-12-13 21:18 - 2016-11-22 01:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-13 21:18 - 2016-11-22 01:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 21:18 - 2016-11-22 01:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-12-13 21:18 - 2016-11-22 01:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-12-13 21:18 - 2016-11-22 01:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-13 21:18 - 2016-11-22 00:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-13 21:18 - 2016-11-22 00:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-13 21:18 - 2016-11-22 00:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-13 21:18 - 2016-11-22 00:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-13 21:18 - 2016-11-22 00:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 21:18 - 2016-11-22 00:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 21:18 - 2016-11-22 00:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-13 21:18 - 2016-11-22 00:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 21:18 - 2016-11-22 00:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-13 21:18 - 2016-11-22 00:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 21:18 - 2016-11-22 00:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-13 21:18 - 2016-11-22 00:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 21:18 - 2016-11-22 00:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-12-13 21:18 - 2016-11-22 00:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 21:18 - 2016-11-21 23:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 21:18 - 2016-11-21 23:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-13 21:18 - 2016-11-21 23:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 21:18 - 2016-11-21 23:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-13 21:18 - 2016-11-21 23:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-12-13 21:18 - 2016-11-21 23:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 21:18 - 2016-11-21 23:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 21:18 - 2016-11-21 23:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-13 21:18 - 2016-11-21 23:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-13 21:18 - 2016-11-21 23:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 21:18 - 2016-11-21 23:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 21:18 - 2016-11-21 23:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 21:18 - 2016-11-21 23:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 21:18 - 2016-11-21 22:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 21:18 - 2016-11-21 22:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 21:18 - 2016-11-21 22:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 21:18 - 2016-11-21 22:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 21:18 - 2016-11-21 22:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 21:18 - 2016-11-21 22:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 21:18 - 2016-11-21 22:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 21:18 - 2016-11-21 22:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-12 18:49 - 2016-12-13 22:13 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-12 18:46 - 2016-12-12 18:46 - 00000000 ____D C:\Users\Celice\AppData\Local\Chromium
2016-12-03 13:04 - 2016-12-03 13:04 - 00001960 _____ C:\Users\Celice\Desktop\amazon egift.txt
2016-12-02 11:48 - 2016-12-23 20:52 - 00000000 ____D C:\Users\Celice\Documents\The Witcher 3
2016-12-02 11:48 - 2016-12-02 11:48 - 00000000 ____D C:\Users\Celice\AppData\Local\GalaxyCommunicationService
2016-12-02 11:34 - 2016-12-02 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-12-02 11:34 - 2016-12-02 11:34 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-12-02 11:05 - 2016-12-02 11:05 - 00000000 ____D C:\Users\Celice\Documents\Overwatch
2016-12-01 16:07 - 2016-12-01 16:07 - 00001511 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-12-01 16:07 - 2016-12-01 16:07 - 00001511 _____ C:\ProgramData\Desktop\The Witcher® 3 - Wild Hunt.lnk
2016-12-01 13:58 - 2016-12-20 11:07 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2016-12-01 13:58 - 2016-12-01 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-01 13:58 - 2016-12-01 13:58 - 00000000 ____D C:\ProgramData\GOG.com
2016-11-30 21:48 - 2016-11-30 21:48 - 00000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-11-30 21:48 - 2016-11-30 21:48 - 00000888 _____ C:\ProgramData\Desktop\Overwatch.lnk
2016-11-30 21:48 - 2016-11-30 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-11-30 21:14 - 2016-11-30 21:49 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-30 21:13 - 2016-11-30 22:03 - 00000000 ____D C:\Users\Celice\AppData\Local\Battle.net
2016-11-30 21:13 - 2016-11-30 21:13 - 00000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-11-30 21:13 - 2016-11-30 21:13 - 00000936 _____ C:\ProgramData\Desktop\Battle.net.lnk
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\Users\Celice\AppData\Local\Blizzard Entertainment
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-30 21:13 - 2016-11-30 21:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-30 21:01 - 2016-11-30 21:13 - 00000000 ____D C:\Users\Celice\AppData\Roaming\Battle.net
2016-11-30 21:01 - 2016-11-30 21:01 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-28 20:43 - 2016-11-17 05:45 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-28 20:43 - 2016-11-17 05:45 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-28 17:01 - 2016-11-28 17:01 - 00000025 _____ C:\Users\Celice\Desktop\klean kaneen akount.txt
2016-11-27 20:56 - 2016-11-27 20:56 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-27 20:56 - 2016-11-27 20:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-26 10:17 - 2016-11-26 10:17 - 00000000 ____D C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Mash
2016-11-26 09:16 - 2016-11-27 10:38 - 00000157 _____ C:\Users\Celice\Desktop\hq textures.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 09:35 - 2016-07-11 12:16 - 01008216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-26 09:35 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 09:35 - 2014-02-14 20:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-26 09:30 - 2016-11-18 20:22 - 00000000 ____D C:\Users\Celice\AppData\LocalLow\Mozilla
2016-12-26 09:30 - 2016-10-19 17:16 - 00000000 ___RD C:\Users\Celice\Google Drive
2016-12-26 09:30 - 2016-07-11 12:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-26 09:30 - 2016-05-15 08:28 - 00000000 ____D C:\Users\Celice\AppData\Local\CrashDumps
2016-12-26 09:30 - 2014-02-15 12:46 - 00000000 ____D C:\Users\Celice\.rainlendar2
2016-12-26 09:29 - 2016-04-26 22:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-26 09:29 - 2014-08-02 23:34 - 00000000 __SHD C:\Users\Celice\IntelGraphicsProfiles
2016-12-25 14:46 - 2016-05-15 11:18 - 00003132 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-12-25 14:46 - 2015-10-29 22:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-12-25 14:22 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-25 01:12 - 2016-11-10 18:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-23 22:30 - 2016-05-22 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-12-23 22:30 - 2016-05-22 13:58 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-12-23 16:18 - 2016-07-11 12:16 - 00000000 ____D C:\Users\Celice
2016-12-23 15:06 - 2016-07-11 15:39 - 00002409 _____ C:\Users\Celice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-23 15:06 - 2016-07-11 15:39 - 00000000 ___RD C:\Users\Celice\OneDrive
2016-12-23 15:05 - 2014-02-14 20:11 - 00000000 ____D C:\Users\Celice\AppData\Roaming\Skype
2016-12-23 15:04 - 2014-02-16 10:34 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-23 14:50 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-23 14:50 - 2009-07-13 19:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-23 10:20 - 2016-09-23 20:06 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-23 10:04 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-19 22:33 - 2014-04-02 11:27 - 00000000 ____D C:\Users\Celice\AppData\Local\ElevatedDiagnostics
2016-12-19 22:16 - 2014-09-04 11:20 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-12-19 22:04 - 2014-03-11 10:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-19 20:02 - 2015-08-08 08:08 - 00000000 ____D C:\Users\Celice\Documents\Survarium
2016-12-19 20:02 - 2014-12-12 15:04 - 00000000 ____D C:\Program Files (x86)\Survarium
2016-12-19 20:02 - 2014-12-09 20:37 - 00000000 ____D C:\Users\Celice\AppData\Local\Ubisoft Game Launcher
2016-12-19 20:02 - 2014-10-11 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium
2016-12-19 19:22 - 2016-11-06 14:31 - 00000000 ____D C:\Users\Celice\Desktop\surv pics
2016-12-17 00:56 - 2016-08-19 19:50 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1fa95ee67c2ec
2016-12-17 00:56 - 2016-08-19 19:50 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1fa95ee554208
2016-12-16 10:19 - 2016-06-09 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 10:19 - 2014-02-14 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 21:27 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2016-12-14 11:05 - 2014-02-16 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 11:04 - 2016-04-26 22:29 - 00232488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 00:52 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-13 22:08 - 2014-03-12 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-13 22:06 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 21:55 - 2014-02-16 03:02 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 20:21 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-13 11:12 - 2016-11-10 18:29 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 11:12 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 11:12 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 11:02 - 2016-07-11 15:36 - 00000000 ____D C:\Users\Celice\AppData\Local\Packages
2016-12-12 18:50 - 2016-05-21 23:40 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.5.1
2016-12-12 18:46 - 2015-02-04 19:22 - 00000000 ____D C:\Users\Celice\AppData\Local\Steam
2016-12-12 00:25 - 2016-04-11 16:04 - 00000000 ____D C:\Users\Celice\AppData\Roaming\DarkSoulsIII
2016-12-11 15:03 - 2015-10-29 23:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:03 - 2015-10-29 23:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 14:42 - 2014-11-25 18:49 - 00001938 _____ C:\Users\Celice\.xmlcopyeditor
2016-12-08 22:40 - 2014-02-15 15:39 - 00000000 ____D C:\Users\Celice\AppData\Roaming\vlc
2016-12-08 19:58 - 2016-10-19 17:15 - 00002118 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002118 _____ C:\ProgramData\Desktop\Google Slides.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002116 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002116 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002106 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00002106 _____ C:\ProgramData\Desktop\Google Docs.lnk
2016-12-08 19:58 - 2016-10-19 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-08 16:25 - 2014-04-18 23:10 - 00000000 ____D C:\Users\Celice\Desktop\Rhythm Tengoku
2016-12-08 15:10 - 2016-11-17 21:19 - 00001265 _____ C:\Users\Celice\Desktop\Oblivion Mod Manager.lnk
2016-12-01 19:21 - 2016-07-11 12:15 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-12-01 16:07 - 2014-02-14 19:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-29 20:03 - 2016-11-25 15:49 - 00000000 ____D C:\Users\Celice\AppData\Local\MomodoraRUtM
2016-11-28 20:44 - 2016-10-28 16:18 - 00003928 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:44 - 2016-07-11 12:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-28 20:43 - 2016-10-28 16:18 - 00003992 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003964 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003902 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003740 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-10-28 16:18 - 00003698 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 20:43 - 2016-07-11 12:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-28 20:43 - 2016-07-11 12:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-26 10:18 - 2014-02-14 18:18 - 00000000 ____D C:\Users\Celice\AppData\Local\VirtualStore
2016-11-26 10:14 - 2015-07-07 23:45 - 00000000 ____D C:\Python27

==================== Files in the root of some directories =======

2015-06-13 21:34 - 2015-06-14 09:58 - 0000231 _____ () C:\Users\Celice\AppData\Roaming\Rim.Desktop.Exception.log
2015-06-13 21:34 - 2015-08-04 14:07 - 0002021 _____ () C:\Users\Celice\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-06-13 21:34 - 2015-06-14 09:58 - 0000231 _____ () C:\Users\Celice\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-01-07 13:44 - 2015-01-07 13:44 - 0005120 _____ () C:\Users\Celice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-28 19:14 - 2016-05-12 16:13 - 1065984 _____ () C:\Users\Celice\AppData\Local\file__0.localstorage
2016-10-09 17:00 - 2016-10-09 17:00 - 0000218 _____ () C:\Users\Celice\AppData\Local\recently-used.xbel
2016-08-22 14:16 - 2016-08-22 14:16 - 0007633 _____ () C:\Users\Celice\AppData\Local\Resmon.ResmonCfg
2016-08-19 16:37 - 2016-08-19 16:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Celice\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-23 21:59

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Celice (26-12-2016 09:38:20)
Running from C:\Users\Celice\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-11 23:36:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-370019636-3812784303-1355510123-500 - Administrator - Disabled)
Celice (S-1-5-21-370019636-3812784303-1355510123-1000 - Administrator - Enabled) => C:\Users\Celice
DefaultAccount (S-1-5-21-370019636-3812784303-1355510123-503 - Limited - Disabled)
Guest (S-1-5-21-370019636-3812784303-1355510123-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-370019636-3812784303-1355510123-1003 - Limited - Enabled)
test (S-1-5-21-370019636-3812784303-1355510123-1004 - Administrator - Enabled) => C:\Users\test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ActivePerl 5.20.2 Build 2001 (64-bit) (HKLM\...\{7913F63E-E996-45CB-BF84-20938D9918F2}) (Version: 5.20.2001 - ActiveState)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.434 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: 0.1.434 - ASRock Inc.)
ASRock XFast RAM v2.0.29 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CBR and CBZ to PDF 2.1.2.9 (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\CBR and CBZ to PDF) (Version: 2.1.2.9 - Indie Softworks)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CoffeeCup PixConverter (HKLM-x32\...\CoffeeCup PixConverter) (Version: - CoffeeCup Software)
Corsair Utility Engine (HKLM-x32\...\{78A673BA-0F42-49AA-B34E-36398C5CD707}) (Version: 2.6.79 - Corsair)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Discord (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Flux) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HotKeyz 2.8.3 (HKLM-x32\...\HotKeyz_is1) (Version: 2.8.3 - Skynergy)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version: - Heart Machine)
I am Setsuna (HKLM-x32\...\I am Setsuna_is1) (Version: - )
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 8.0.1 - JPEXS)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
MenuMaid 1.2 (HKLM-x32\...\MenuMaid) (Version: 1.2 - Sound Doctrine Ministries)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora - Reverie Under the Moonlight (HKLM-x32\...\1079762750_is1) (Version: 2.0.0.2 - GOG.com)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.11 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{040242E3-7887-4498-95A6-2F815188BCD7}) (Version: 4.0.11 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Pond Small (HKLM-x32\...\Pond Small) (Version: - )
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0135 - REALTEK Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung SSD 840 EVO Performance Restoration (HKLM-x32\...\{B4B18E77-4C37-46F2-BC38-9451E65C9AEC}_is1) (Version: 1.1 - Samsung Electronics)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Setup - LEGO STAR WARS The Force Awakens ... (HKLM-x32\...\Setup - LEGO STAR WARS The Force Awakens ...) (Version: ... - Warner Bros.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.06 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SWFRIP 0.4 (HKLM-x32\...\SWFRIP) (Version: - )
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
Tiled - Tiled Map Editor (HKLM-x32\...\Tiled) (Version: - )
Twin USB Vibration Gamepad (HKLM-x32\...\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}) (Version: 2005.01.26 - )
Uplay (HKLM-x32\...\Uplay) (Version: 23.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\WinDirStat) (Version: - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WPS Converter (HKLM-x32\...\{9B04B06A-AA23-4782-8F2E-678CCE2395F2}_is1) (Version: - wpsconverter.com)
wxPython 3.0.2.0 for Python 2.7 (HKLM\...\wxPython3.0-py27_is1) (Version: 3.0.2.0 - Total Control Software)
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-370019636-3812784303-1355510123-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017C5EB2-C794-466C-8F4E-CE4F522F147B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0975A423-7C89-463E-B577-33182B6C7D49} - System32\Tasks\GoogleUpdateTaskMachineUA1d1fa95ee67c2ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0F265581-5A3E-4493-AB92-AABD4064062F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {154F1D29-3685-4862-A437-B0D3F4BE1075} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1BC533C8-5546-49C3-96D4-32E48C77DDCB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3315D03E-F83D-4F00-A56C-460A80689D95} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3436AC68-B2E1-47BC-A2E0-1E96F425CDCA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A21E10B-821A-46AA-9F1A-9CC30BF437D0} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {43974D45-C7FB-4206-82AC-6EC50DB379C2} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-08] ()
Task: {56A60A70-884D-4E9B-A69B-7D502EE68840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {582111C1-87E0-429F-BCB2-367E30B22AA7} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper)
Task: {61CB23FA-4F7B-40D1-A65C-71DB94CEDE2D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F3EDED5-5B43-410F-92F2-3F87419808FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {715E61D8-5898-4565-83C6-51FE48706347} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {72682CFF-0653-4250-8305-30964853705F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7276961C-16AC-45A9-90F1-024DC1216961} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79DC2684-48C5-45BF-826B-612E833637D4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7D20EAC1-9DA3-487F-8808-0748EE1574B0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {85CBFDFF-8778-4C41-BB49-532F224681C4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {8F0EA77A-8FF6-44DE-90D6-E9EB2C9237C4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {9AC8E391-3CED-4AE4-A675-117951D0EE9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9BC468F1-6714-4E19-8989-12DE6EFE11FC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE453C11-4D74-4D64-A547-0989236D60A0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {B57FCDD1-2A77-42E0-82B7-396F1E8D405D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDA10837-6848-487C-BE88-09CC294B4D04} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {BF8DEAB6-CEDC-457A-ACA5-916E9021825A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C836BE15-5F8E-403C-B704-6EFDFE82A34B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D032D88C-EE39-4F73-B57A-E9DF87B433C1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D38423D0-956F-4BB2-92C2-227243E8E320} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {D63CB763-4700-42D2-84E6-B4E71008551C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {DDBFF41A-7EBF-4A03-AE8A-A5B97D6E540B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {DE539F01-B1B3-419F-8585-747AFF5B8065} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {DEF66DDB-B9D7-42C3-BFA1-CF66A428B182} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1795F9F-6917-4903-9B78-49B2FCCC2814} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {EAEE8EE7-2BA1-4808-BB4D-8D3EC9587B5B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D72586-0321-4188-98B6-9BF32482FBD8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2F935B8-45EF-4B68-A4B4-B771BF6323FF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F4DBC85D-324F-4E74-86DC-FF9C85C02F0F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F763C0DF-9C1D-4076-BEFF-4A660BAA6D12} - System32\Tasks\GoogleUpdateTaskMachineCore1d1fa95ee554208 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F9304E98-2549-4396-82E1-2147B082A563} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Celice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Michael - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-02-26 19:21 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-02-14 18:49 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-10-28 16:18 - 2016-11-17 05:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-11-08 17:22 - 2016-10-25 01:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-11 12:15 - 2016-11-16 17:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 17:22 - 2016-10-25 01:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-23 15:05 - 2016-12-23 15:05 - 01678560 _____ () C:\Users\Celice\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2015-11-23 08:44 - 2015-11-23 08:44 - 00403456 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2014-02-14 18:38 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-26 22:10 - 2016-04-26 22:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 15:16 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 23:59 - 2015-12-08 23:59 - 00580296 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-01-19 23:48 - 2013-03-10 09:58 - 02598496 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-02-17 18:34 - 2014-02-13 18:36 - 01304576 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2012-12-15 15:51 - 2009-08-22 20:25 - 00102400 _____ () C:\Users\Celice\Desktop\D3DOverrider\D3DOverrider.exe
2015-12-02 01:19 - 2015-12-02 01:19 - 00205000 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2015-11-23 08:44 - 2015-11-23 08:44 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2015-10-29 23:18 - 2015-10-29 23:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-12-16 10:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-16 10:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-16 10:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-16 10:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-16 10:44 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-14 18:36 - 2009-08-28 16:38 - 00131072 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 16:18 - 2016-11-17 05:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00032768 _____ () C:\Users\Celice\Desktop\D3DOverrider\D3DOverriderHooks.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-11 16:18 - 2016-07-11 16:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-12-07 08:44 - 2015-12-07 08:44 - 00225792 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-12-07 08:43 - 2015-12-07 08:43 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-12-07 08:44 - 2015-12-07 08:44 - 00657408 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-10-28 16:18 - 2016-11-17 02:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-28 16:18 - 2016-11-17 02:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-28 16:18 - 2016-11-17 02:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2014-02-14 20:01 - 2016-12-08 07:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-21 12:13 - 2016-12-19 18:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 14:53 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 18:57 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-02-14 20:01 - 2016-12-19 18:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 18:49 - 2016-07-04 14:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 18:46 - 2016-12-05 08:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2014-02-14 20:01 - 2016-12-19 18:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2014-12-15 20:13 - 2015-09-24 15:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2012-05-16 11:01 - 2012-05-16 11:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2014-01-19 23:48 - 2013-03-10 09:59 - 00215648 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 05:22 - 2012-06-17 05:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2016-10-28 16:18 - 2016-11-17 05:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-08-25 06:41 - 2016-08-24 16:49 - 01950392 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 06:41 - 2016-11-15 15:57 - 01058816 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 06:41 - 2016-11-15 15:57 - 03801088 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 06:41 - 2016-08-25 06:41 - 00894136 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 06:41 - 2016-08-25 06:41 - 01119416 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-25 06:41 - 2016-08-24 16:49 - 02230456 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 06:41 - 2016-08-24 16:49 - 00088760 _____ () C:\Users\Celice\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-12-23 15:05 - 2016-12-23 15:05 - 01244376 _____ () C:\Users\Celice\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-12-26 09:30 - 2016-12-26 09:30 - 00170496 _____ () \\?\C:\Users\Celice\AppData\Local\Temp\A9EC.tmp.node
2016-08-25 06:41 - 2016-10-13 20:40 - 02658304 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-01 15:44 - 2016-10-13 20:40 - 02147328 _____ () \\?\C:\Users\Celice\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-12-26 09:30 - 2016-12-26 09:30 - 00098816 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32api.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00110080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\pywintypes27.dll
2016-12-26 09:30 - 2016-12-26 09:30 - 00364544 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\pythoncom27.dll
2016-12-26 09:30 - 2016-12-26 09:30 - 00320512 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32com.shell.shell.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00914432 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_hashlib.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 01176576 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._core_.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00806400 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._gdi_.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00816128 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._windows_.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 01067008 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._controls_.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00733184 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._misc_.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00682496 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\pysqlite2._sqlite.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00088064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_ctypes.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00686080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\unicodedata.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00119808 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32file.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00108544 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32security.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00007168 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\hashobjs_ext.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00017920 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\thumbnails_ext.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00088064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\usb_ext.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00012800 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\common.time34.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00018432 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32event.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00167936 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32gui.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00046080 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_socket.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 01303552 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_ssl.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00128512 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_elementtree.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00127488 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\pyexpat.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00038912 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32inet.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00036864 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_psutil_windows.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00524248 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\windows._lib_cacheinvalidation.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00011264 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32crypt.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00123392 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._wizard.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00077312 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._html2.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00027648 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00020480 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\_yappi.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00035840 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32process.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00078848 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\wx._animate.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00024064 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32pipe.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00010240 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\select.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00025600 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32pdh.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00017408 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32profile.pyd
2016-12-26 09:30 - 2016-12-26 09:30 - 00022528 ____R () C:\Users\Celice\AppData\Local\Temp\_MEI75802\win32ts.pyd
2016-12-01 13:58 - 2016-11-28 14:22 - 53018112 _____ () C:\Program Files (x86)\GOG Galaxy\libcef.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00507968 _____ () C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01076800 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01854528 _____ () C:\Program Files (x86)\GOG Galaxy\PocoData.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00393280 _____ () C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 01589312 _____ () C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00307776 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00330816 _____ () C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00104000 _____ () C:\Program Files (x86)\GOG Galaxy\zlib.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00520768 _____ () C:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00272448 _____ () C:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00680000 _____ () C:\Program Files (x86)\GOG Galaxy\sqlite.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00425536 _____ () C:\Program Files (x86)\GOG Galaxy\pcre.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00157760 _____ () C:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2016-12-01 13:58 - 2016-12-20 11:07 - 00152128 _____ () C:\Program Files (x86)\GOG Galaxy\expat.dll
2016-12-01 13:58 - 2016-11-28 14:22 - 01738752 _____ () C:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2016-12-01 13:58 - 2016-11-28 14:22 - 00078848 _____ () C:\Program Files (x86)\GOG Galaxy\libegl.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00057344 _____ () C:\Users\Celice\Desktop\D3DOverrider\RTFC.dll
2012-12-15 15:51 - 2009-08-22 20:25 - 00106496 _____ () C:\Users\Celice\Desktop\D3DOverrider\RTUI.dll
2016-11-07 15:40 - 2016-11-07 15:40 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-11-07 15:38 - 2016-11-07 15:38 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2016-11-07 15:38 - 2016-11-07 15:38 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-06-10 09:19 - 2016-06-10 09:19 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-06-10 09:19 - 2016-06-10 09:19 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2015-11-23 08:43 - 2015-11-23 08:43 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2014-02-14 18:49 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.

IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\123simsen.com -> www.123simsen.com

There are 7920 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-370019636-3812784303-1355510123-1000\Control Panel\Desktop\\Wallpaper -> E:\Users\Celice\Desktop\DualMonitorTools-2.1\DmtWallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{26E3D7C5-A828-4BC4-9BCE-1EAAE298FB6A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5DC3F123-4F4E-45A6-B17D-8548CE17959F}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EAC57DD5-A590-47AC-B0BE-2084929E0895}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B66711C7-9DAC-4BC9-81C8-AD042CDF1C19}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{309745F1-CFBC-425D-8A2C-21221EFBB3A0}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{758F28BC-6F37-48E4-8325-DF3D50C6FD3D}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{C97BD20F-F957-493F-96D5-7879E4AD623E}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{57E8E355-B330-46A2-91A6-F99CFB900B65}C:\program files (x86)\deluge\deluge.exe] => C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{D1B6C31D-455A-46D5-9D00-9A640F72677B}] => C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{075DF3FE-AB90-4E05-80D1-D63265EB0722}] => C:\Program Files (x86)\Steam\SteamApps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{6261B0A5-2DF0-4F62-9D73-305B580B5864}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{337694FF-B912-42B1-A2F3-DE2E45FE425E}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{364972B0-C30A-4A53-9E52-716D3997C897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{940F687D-6E84-49D8-9F35-0ED0C25A18B4}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CC71C50A-D030-416D-9D1C-1DB1BBB48FFE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4974116D-009A-41B4-985F-7691A5102FB4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F1B485C-11FF-4D9D-9994-11DCE075B1D0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{347ED121-82F8-4506-AA13-D8B73ECE0F52}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D1AB936D-B518-4FCA-90DA-8467505F3C62}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF2092DC-2792-4FDC-B8AA-3E808B5F5B3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F25A1F81-10D2-4D48-B8C4-B699FB3BCDA8}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4BC69A30-F2E9-457A-9432-956DDC66A3AE}] => C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{46934AEA-B2FF-454C-9066-848A11603A35}] => C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{FB8B8EC8-29A5-42E8-A174-76457BBECA38}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7791CDCE-FC89-4D6D-9A39-87D293E9BD7D}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4EFC2CA5-E6CC-4D3B-8963-9C8D0D64DC96}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A34D8069-6047-4159-8833-023344177C92}] => C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{20997E37-E35F-4184-A703-435C155F9B5D}] => C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{8B72E108-8BBB-4242-9938-0A611A85CD1E}] => C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5BCEECF2-4C03-4962-9142-23101F958FD8}] => C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-12-2016 13:23:01 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2016 09:30:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.30.21727, time stamp: 0x54bce4af
Faulting module name: KERNELBASE.dll, version: 10.0.10586.672, time stamp: 0x580efb0a
Exception code: 0xe0434352
Fault offset: 0x000bdb18
Faulting process id: 0x25fc
Faulting application start time: 0x01d25f9dcebc41ba
Faulting application path: C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 9bb8ec28-048b-4fdd-b500-a9331bc29db0
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2016 09:30:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
at Avira.OE.WinCore.OeProductInfo.get_Culture()
at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/26/2016 09:30:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.30.21727, time stamp: 0x54bce4af
Faulting module name: KERNELBASE.dll, version: 10.0.10586.672, time stamp: 0x580efb0a
Exception code: 0xe0434352
Fault offset: 0x000bdb18
Faulting process id: 0x2444
Faulting application start time: 0x01d25f9dc84d03b1
Faulting application path: C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 91e5eb5a-1a40-4774-bb53-39de51b461c5
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2016 09:30:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
at Avira.OE.WinCore.OeProductInfo.get_Culture()
at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/26/2016 09:30:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.30.21735, time stamp: 0x54bce4be
Faulting module name: KERNELBASE.dll, version: 10.0.10586.672, time stamp: 0x580efb0a
Exception code: 0xe0434352
Fault offset: 0x000bdb18
Faulting process id: 0x21d8
Faulting application start time: 0x01d25f9db8e1b355
Faulting application path: C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: dc8cc616-793c-4951-8718-09856d79e429
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2016 09:30:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
at Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
at Avira.OE.WinCore.OeProductInfo.get_Culture()
at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
at Avira.OE.Systray.Program.Main(System.String[])

Error: (12/26/2016 09:30:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CELICE-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/26/2016 09:30:02 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: CELICE-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy5

Error: (12/26/2016 09:30:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Faulting module name: SearchUI.exe, version: 10.0.10586.672, time stamp: 0x580ee74d
Exception code: 0xc000027b
Fault offset: 0x00000000001a11fd
Faulting process id: 0x1900
Faulting application start time: 0x01d25f9db0b25bc2
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: bcd21780-9d38-4cf7-8d82-c0eed0788e78
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (12/26/2016 09:30:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CELICE-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/26/2016 09:30:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/26/2016 09:30:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/26/2016 09:30:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/26/2016 09:29:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (12/26/2016 09:29:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/25/2016 02:46:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_392b8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/25/2016 02:22:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: OneNote.

Error: (12/25/2016 02:20:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/25/2016 02:20:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/25/2016 02:20:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-12-15 21:16:40.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 11:04:22.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-13 22:27:25.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-13 22:14:23.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-10 16:34:29.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 16:20:18.527
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-11-09 16:20:18.400
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8077.87 MB
Available physical RAM: 4359.02 MB
Total Virtual: 16269.87 MB
Available Virtual: 11966.44 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.35 GB) (Free:13.97 GB) NTFS
Drive d: (The Dude) (Fixed) (Total:465.76 GB) (Free:356.62 GB) NTFS
Drive e: (Little John) (Fixed) (Total:931.41 GB) (Free:62.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1AEBD9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 92860E9E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 43A5D77C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 26 December 2016 - 03:03 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 26 December 2016 - 03:44 PM

Greetings John.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Celice] => explorer.exe hxxp://kb-ribaki.org
Task: {3A21E10B-821A-46AA-9F1A-9CC30BF437D0} - \Microsoft\Windows\Setup\gwx\rundetector
Task: {7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
FirewallRules: [{26E3D7C5-A828-4BC4-9BCE-1EAAE298FB6A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5DC3F123-4F4E-45A6-B17D-8548CE17959F}] => C:\Program Files\KMSpico\Service_KMS.exe
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • After your computer automatically reboots check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer behavior?

Edited by Oh My!, 26 December 2016 - 03:45 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Celice

Celice
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 27 December 2016 - 06:22 PM

The problem now appears to be solved! Thank you for your help. The registry entry did not return and for several restarts the browser appears normal. I will keep an eye in case the problem returns. For the second computer, should we make a new thread, or continue in this current one? Here are the request fixlog entries:

 

==========================================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Celice (26-12-2016 16:48:14) Run:4
Running from C:\Users\Celice\Desktop
Loaded Profiles: Celice (Available Profiles: Celice & test & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\...\Run: [Celice] => explorer.exe hxxp://kb-ribaki.org
Task: {3A21E10B-821A-46AA-9F1A-9CC30BF437D0} - \Microsoft\Windows\Setup\gwx\rundetector
Task: {7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
FirewallRules: [{26E3D7C5-A828-4BC4-9BCE-1EAAE298FB6A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5DC3F123-4F4E-45A6-B17D-8548CE17959F}] => C:\Program Files\KMSpico\Service_KMS.exe
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-370019636-3812784303-1355510123-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Celice => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A21E10B-821A-46AA-9F1A-9CC30BF437D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A21E10B-821A-46AA-9F1A-9CC30BF437D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C8DD2F9-7EC3-4581-96C1-FF0C262E6B91}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26E3D7C5-A828-4BC4-9BCE-1EAAE298FB6A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DC3F123-4F4E-45A6-B17D-8548CE17959F} => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6388016 B
Java, Flash, Steam htmlcache => 139187096 B
Windows/system/drivers => 1446256 B
Edge => 0 B
Chrome => 0 B
Firefox => 379297122 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 177554 B
NetworkService => 0 B
Celice => 44401409 B
test => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 544.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:48:22 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 27 December 2016 - 06:46 PM

Excellent,

Yes, you will need to start a new topic for the second computer. Send me a Personal Message with the new link, or post the new link on this Topic and I will reply right away.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 30 December 2016 - 05:22 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:49 PM

Posted 03 January 2017 - 10:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users