Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thousands Of Java opening in task manager every startup


  • This topic is locked This topic is locked
17 replies to this topic

#1 nomore568

nomore568

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 12:48 AM

I have no idea how it happened i left my pc on and went to my sisters for awhile and when i came back there was 5000 java processes. Not if virus related but i have no idea why its happening/

 

Frst Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Dareon (administrator) on OWNER-PC (22-01-2017 22:41:42)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF DefaultProfile: 0yk6n6lk.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default [2017-01-22]
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default [2016-11-23]
CHR Extension: (Google Drive) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-24] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-03] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-24] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-24] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-24] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-24] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-03] (Echobit, LLC)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 22:41 - 2017-01-22 22:42 - 00012480 _____ C:\Users\Dareon.Owner-PC\Desktop\FRST.txt
2017-01-22 22:41 - 2017-01-22 22:41 - 02420736 _____ (Farbar) C:\Users\Dareon.Owner-PC\Desktop\FRST64.exe
2017-01-22 22:41 - 2017-01-22 22:41 - 00000000 ____D C:\FRST
2017-01-22 14:30 - 2016-11-24 14:44 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-22 00:32 - 2017-01-22 00:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Oracle
2017-01-21 16:19 - 2017-01-21 16:19 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Lord_Loej
2017-01-20 17:43 - 2017-01-20 17:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity
2017-01-20 17:39 - 2017-01-20 17:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-17 23:37 - 2017-01-17 23:37 - 01075720 _____ C:\Users\Dareon.Owner-PC\Downloads\nzombies-master-workshop.zip
2017-01-17 12:22 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Dareon.Owner-PC\.android
2017-01-17 12:20 - 2017-01-17 18:48 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Rsupport
2017-01-17 12:20 - 2017-01-17 18:48 - 00000000 ____D C:\Program Files (x86)\RSUPPORT
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Public\Documents\Rsupport
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Dareon.Owner-PC\Documents\Mobizen
2017-01-17 12:18 - 2017-01-17 12:19 - 49886720 _____ (RSUPPORT ) C:\Users\Dareon.Owner-PC\Downloads\mobizen.exe
2017-01-17 01:42 - 2017-01-18 14:50 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CSO
2017-01-17 01:42 - 2017-01-17 01:42 - 00000000 ____D C:\ProgramData\Nexon
2017-01-17 01:41 - 2017-01-17 01:41 - 00000016 _____ C:\ProgramData\mntemp
2017-01-17 00:12 - 2017-01-17 00:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\BattlEye
2017-01-15 10:47 - 2017-01-15 10:47 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-10 20:32 - 2017-01-10 20:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\.ssh
2017-01-10 20:30 - 2017-01-10 20:31 - 09500041 _____ C:\Users\Dareon.Owner-PC\Downloads\Wurst-Client-v2.24.zip
2017-01-10 20:17 - 2017-01-10 20:22 - 23509731 _____ C:\Users\Dareon.Owner-PC\Downloads\Robot.rar
2017-01-10 20:06 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 20:06 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 20:06 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 20:06 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 20:06 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 15:46 - 2017-01-09 15:46 - 03452852 _____ C:\Users\Dareon.Owner-PC\Downloads\Find_the_Button_15_Levels.zip
2017-01-09 15:35 - 2017-01-09 15:35 - 00983656 _____ C:\Users\Dareon.Owner-PC\Downloads\Find The Button Plus.zip
2017-01-08 17:23 - 2017-01-08 17:41 - 128472618 _____ C:\Users\Dareon.Owner-PC\Downloads\Undertale.zip
2017-01-08 13:03 - 2017-01-08 13:05 - 16881411 _____ C:\Users\Dareon.Owner-PC\Downloads\Wolfram-v5.1-MC1.8.zip
2017-01-04 17:46 - 2017-01-04 17:46 - 00000000 __SHD C:\found.000
2017-01-04 12:29 - 2017-01-04 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\mcleaks
2017-01-04 12:29 - 2017-01-04 12:29 - 00017152 _____ C:\Users\Dareon.Owner-PC\Downloads\MCLeaksAuthenticator.zip
2017-01-01 13:43 - 2017-01-01 13:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.atlauncher
2017-01-01 13:41 - 2017-01-22 15:25 - 00000000 ____D C:\Program Files\Java
2017-01-01 13:41 - 2017-01-01 13:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-01 13:39 - 2017-01-01 13:40 - 63235648 _____ (Oracle Corporation) C:\Users\Dareon.Owner-PC\Downloads\jre-8u111-windows-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 22:37 - 2016-11-22 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Mozilla
2017-01-22 22:37 - 2016-09-24 15:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2017-01-22 22:36 - 2016-08-02 12:37 - 00107204 _____ C:\Windows\ntbtlog.txt
2017-01-22 22:32 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-22 22:32 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-22 22:31 - 2009-07-13 22:13 - 00862152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-22 22:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-01-22 22:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 22:18 - 2016-11-24 14:46 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480024000
2017-01-22 20:52 - 2014-05-23 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-22 15:25 - 2016-09-10 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2017-01-22 15:25 - 2016-08-21 15:12 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-22 15:25 - 2016-08-04 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 15:25 - 2016-08-04 04:38 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 15:25 - 2016-08-02 15:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 15:25 - 2016-08-02 12:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-22 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-01-22 14:31 - 2016-11-24 14:45 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-22 14:30 - 2016-11-24 14:44 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-22 14:28 - 2016-08-02 12:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2017-01-19 21:38 - 2016-08-09 14:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\UNDERTALE
2017-01-19 12:58 - 2016-09-14 22:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 16:52 - 2016-10-03 17:03 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Cubic
2017-01-17 16:48 - 2016-11-22 12:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CrashDumps
2017-01-17 00:12 - 2016-08-10 10:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Smartly Dressed Games
2017-01-16 23:50 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-14 18:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-01-14 14:11 - 2016-08-02 14:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2017-01-13 15:33 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-12 00:34 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2017-01-10 22:56 - 2014-05-21 11:49 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 22:56 - 2014-05-21 11:49 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 19:52 - 2016-11-22 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 19:52 - 2014-05-23 09:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 19:52 - 2014-05-23 09:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 17:42 - 2016-08-30 18:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2017-01-01 11:36 - 2016-11-05 23:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\ElevatedDiagnostics
2017-01-01 09:15 - 2014-10-08 19:30 - 00000000 ____D C:\Windows\Minidump
2017-01-01 09:14 - 2014-10-08 19:30 - 360193322 _____ C:\Windows\MEMORY.DMP

==================== Files in the root of some directories =======

2016-08-28 23:37 - 2011-10-09 15:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-28 23:37 - 2012-05-26 20:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 20:09 - 2016-08-24 20:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 03:24 - 2016-10-10 03:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 20:09 - 2016-08-24 20:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 20:09 - 2016-08-24 20:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 20:09 - 2016-08-24 20:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-10-10 03:27 - 2016-10-10 03:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-08-21 22:47 - 2016-12-02 01:13 - 0007600 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 03:24 - 2016-11-05 21:44 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 21:07 - 2016-08-15 21:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config
2017-01-17 01:41 - 2017-01-17 01:41 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-01-18 12:18 - 2017-01-18 12:18 - 0000512 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
2017-01-18 12:18 - 2017-01-19 23:53 - 0000068 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Temp\6661235007c3a8b3ec67fe567e120f6d.dll
2016-12-18 18:27 - 2016-12-18 18:27 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-485306706255226636.dll
2016-12-18 18:29 - 2016-12-18 18:29 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-5160920108959968050.dll
2016-12-20 11:49 - 2016-12-20 11:49 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8331114805938660893.dll
2016-12-18 18:17 - 2016-12-18 18:17 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8462684412327565368.dll
2017-01-14 12:21 - 2017-01-14 12:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2134510743460097422.dll
2017-01-10 20:56 - 2017-01-10 20:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2188506442376641153.dll
2017-01-04 15:34 - 2017-01-04 15:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2465940631920987783.dll
2017-01-05 10:55 - 2017-01-05 10:55 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-25047755383684624.dll
2017-01-05 16:15 - 2017-01-05 16:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3146629528680572176.dll
2017-01-03 11:54 - 2017-01-03 11:54 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3199706788566176208.dll
2017-01-05 21:51 - 2017-01-05 21:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3811883553042368084.dll
2017-01-08 16:45 - 2017-01-08 16:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4110756868221365020.dll
2017-01-04 18:34 - 2017-01-04 18:34 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4232310429758700343.dll
2017-01-10 19:20 - 2017-01-10 19:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4354823311508885284.dll
2017-01-08 22:33 - 2017-01-08 22:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4396768239888413657.dll
2017-01-10 15:35 - 2017-01-10 15:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4843478029480013167.dll
2017-01-06 15:40 - 2017-01-06 15:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4977896328613604076.dll
2017-01-04 12:21 - 2017-01-04 12:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-515263497394349128.dll
2017-01-08 15:56 - 2017-01-08 15:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5421618471429714544.dll
2017-01-14 10:15 - 2017-01-14 10:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5627399304080037155.dll
2017-01-08 17:18 - 2017-01-08 17:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6011843968407813096.dll
2017-01-01 19:28 - 2017-01-01 19:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6163034191336247038.dll
2017-01-12 22:48 - 2017-01-12 22:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7096615961669021527.dll
2017-01-12 00:37 - 2017-01-12 00:37 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7106060213880093691.dll
2017-01-08 15:45 - 2017-01-08 15:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7112034802142007985.dll
2017-01-08 17:45 - 2017-01-08 17:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8136980701160219234.dll
2017-01-09 16:52 - 2017-01-09 16:52 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8290584035581656547.dll
2017-01-04 19:49 - 2017-01-04 19:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9155735392595224076.dll
2017-01-08 14:17 - 2017-01-08 14:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9170157960519544152.dll
2017-01-04 12:24 - 2017-01-04 12:24 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-959060626463688853.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 13:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Dareon (22-01-2017 22:43:03)
Running from C:\Users\Dareon.Owner-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BLOCKADE 3D (HKLM\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Counter-Strike Nexon: Zombies (HKLM\...\Steam App 273110) (Version:  - Nexon)
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
Remote osu! Keyboard Server version 1.3.2 (HKLM\...\{50E9CD66-5078-4347-B801-B2759D6E1823}_is1) (Version: 1.3.2 - TimiimiT)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
S.K.I.L.L. - Special Force 2 (HKLM\...\Steam App 286940) (Version:  - Dragonfly GF Co., LTD)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {201514DA-200E-481B-8F3D-96F5BAF02B18} - System32\Tasks\SafeZone scheduled Autoupdate 1480024000 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {5646259F-3E26-4148-9280-A012C752CBFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {5A4D88D4-D311-46F1-A797-CF1C00A4671D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-24] (AVAST Software)
Task: {C36F0A2F-AEDC-4441-BBC9-245DD922A15A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {D99071C8-02C6-4E96-BC3A-05912D4ECE25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-10 19:52 - 2017-01-10 19:52 - 27244120 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-11-23 15:57 - 00000006 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: Discord => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
MSCONFIG\startupreg: RazerCortex => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{B286C7E0-28F3-4C4F-93AA-68D6DF3534AC}] => C:\Program Files\Remote osu! Keyboard Server\Ro!KS.exe
FirewallRules: [TCP Query User{82B09CB9-838C-43C3-9BC1-89A05E3055B0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{D203FD8A-3C9D-4817-AF8D-F0E71AD45D76}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [{E2F02839-86A0-4BB2-93C9-32B258AA599F}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66435BC5-4D7B-4905-BF02-322F643F2D7B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{9D4749BE-A8CA-45DA-96D4-8D73AAA58C57}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EB6AB75-C83C-4E28-ACB5-0C539B23A957}] => LPort=2869
FirewallRules: [{E83EEFD6-8BF0-4CBB-AB55-CB7BFDFA4A4A}] => LPort=1900
FirewallRules: [{2B5553B3-A8A7-4C0A-B0E5-493A3E1A3628}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46C40840-B6F4-4D4D-92BF-53008E092193}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3D3ED78A-3986-4656-8EB9-F4A62B66C265}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{417F37AB-D48F-4E0D-AF07-73B412D54133}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F19D885D-FBE7-4139-B292-05DAD9F3BEDF}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4EE14E68-15AF-4D2F-AFB0-0FFD2EB2B4A6}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EAC7DE43-89B0-4D0F-974B-F456A9D347D0}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EBC8E625-5B8B-4666-8244-8B331FC3BEFD}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1572A73C-EFFC-4F49-ACD2-427C9DD2BD20}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{FE9C27A9-E13D-452F-BA9A-CAAED51DCA08}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{7B7B363B-BBD7-4FD2-BD88-FCEBAB3213C5}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{046D89D7-A48B-4C8D-8FDF-D54CA57CBDBA}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe
FirewallRules: [{E5511A81-8AAF-4DF9-B50F-24FCFCC32147}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe

==================== Restore Points =========================

24-11-2016 15:19:53 End of disinfection
01-12-2016 17:57:02 Windows Live Essentials
01-12-2016 17:57:59 Installed DirectX
01-12-2016 17:59:10 Installed DirectX
01-12-2016 17:59:44 Installed DirectX
01-12-2016 18:01:49 WLSetup
08-12-2016 22:55:28 Scheduled Checkpoint
14-12-2016 02:42:03 Windows Update
01-01-2017 23:27:03 Scheduled Checkpoint
10-01-2017 11:33:20 Scheduled Checkpoint
10-01-2017 22:55:07 Windows Update
18-01-2017 13:24:16 Scheduled Checkpoint
20-01-2017 17:39:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-01-2017 17:40:13 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
20-01-2017 17:41:42 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
20-01-2017 17:42:30 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2017 07:50:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/22/2017 12:37:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/21/2017 05:27:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/20/2017 12:08:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/19/2017 03:52:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 08:51:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 10:55:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/17/2017 04:48:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Rsupport Mobizen Mirroring because of this error.

Program: Rsupport Mobizen Mirroring
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/17/2017 04:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mobizen.exe, version: 2.21.5.1, time stamp: 0x587d74f0
Faulting module name: MView20.dll_unloaded, version: 0.0.0.0, time stamp: 0x5732883a
Exception code: 0xc000001d
Fault offset: 0x0398c476
Faulting process id: 0xb08
Faulting application start time: 0x01d2711c1bc902f8
Faulting application path: C:\Program Files (x86)\RSUPPORT\Mobizen\Mobizen.exe
Faulting module path: MView20.dll
Report Id: 6c8f9198-dd0f-11e6-bc45-94fbb221c4f3

Error: (01/17/2017 12:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mobizen.exe, version: 2.21.5.1, time stamp: 0x587d74f0
Faulting module name: ADBI.dll_unloaded, version: 0.0.0.0, time stamp: 0x58572aca
Exception code: 0xc0000005
Fault offset: 0x03b5c476
Faulting process id: 0x260
Faulting application start time: 0x01d270f82a853150
Faulting application path: C:\Program Files (x86)\RSUPPORT\Mobizen\Mobizen.exe
Faulting module path: ADBI.dll
Report Id: 74a77e50-dceb-11e6-929d-94fbb221c4f3


System errors:
=============
Error: (01/22/2017 10:41:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:41:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:41:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:41:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:41:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:41:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/22/2017 10:38:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-01-22 22:22:20.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:22:20.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:12:17.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:12:17.356
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 14:27:36.812
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 14:27:36.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 10:29:07.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 10:29:07.122
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 00:26:09.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 00:26:08.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 27%
Total physical RAM: 3839.37 MB
Available physical RAM: 2789.75 MB
Total Virtual: 7676.92 MB
Available Virtual: 6690.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:339.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 23 January 2017 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please run the Farbar tool one more time.
Post fresh FRST and Addition.txt logs for my review.
Include the logs from for the JRT and RogueKiller scan.

#3 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 01:25 PM

Thanks For Helping Me Nasdaq also i have to launch the computer in safe mode.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Dareon (Limited) on Mon 01/23/2017 at 11:15:44.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\extensions\trash (Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DM6BZ4C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5SACK7P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1K8N7C7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLCL7GWF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DM6BZ4C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5SACK7P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1K8N7C7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLCL7GWF (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/23/2017 at 11:18:05.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 02:21 PM

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Dareon [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/23/2017 11:43:35 (Duration : 00:32:57)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721064CLA SCSI Disk Device +++++
--- User ---
[MBR] fa4522d660170674e77006f989f3a967
[BSP] 86f8c5f72cde3154c43b52894df670e2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Dareon (administrator) on OWNER-PC (23-01-2017 12:17:49)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF DefaultProfile: 0yk6n6lk.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default [2017-01-23]
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default [2016-11-23]
CHR Extension: (Google Drive) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-24] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-03] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-24] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-24] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-24] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-24] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-03] (Echobit, LLC)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-23] ()
S1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-23 11:29 - 2017-01-23 11:29 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-23 11:26 - 2017-01-23 11:27 - 34726608 _____ (Adlice Software ) C:\Users\Dareon.Owner-PC\Desktop\setup.exe
2017-01-23 11:18 - 2017-01-23 11:18 - 00002096 _____ C:\Users\Dareon.Owner-PC\Desktop\JRT.txt
2017-01-23 11:14 - 2017-01-23 11:14 - 01663040 _____ (Malwarebytes) C:\Users\Dareon.Owner-PC\Desktop\JRT.exe
2017-01-22 22:43 - 2017-01-22 22:43 - 00046121 _____ C:\Users\Dareon.Owner-PC\Desktop\Addition.txt
2017-01-22 22:41 - 2017-01-23 12:17 - 00012326 _____ C:\Users\Dareon.Owner-PC\Desktop\FRST.txt
2017-01-22 22:41 - 2017-01-23 12:17 - 00000000 ____D C:\FRST
2017-01-22 22:41 - 2017-01-22 22:41 - 02420736 _____ (Farbar) C:\Users\Dareon.Owner-PC\Desktop\FRST64.exe
2017-01-22 14:30 - 2016-11-24 14:44 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-22 00:32 - 2017-01-22 00:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Oracle
2017-01-21 16:19 - 2017-01-21 16:19 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Lord_Loej
2017-01-20 17:43 - 2017-01-20 17:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity
2017-01-20 17:39 - 2017-01-20 17:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-17 23:37 - 2017-01-17 23:37 - 01075720 _____ C:\Users\Dareon.Owner-PC\Downloads\nzombies-master-workshop.zip
2017-01-17 12:22 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Dareon.Owner-PC\.android
2017-01-17 12:20 - 2017-01-17 18:48 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Rsupport
2017-01-17 12:20 - 2017-01-17 18:48 - 00000000 ____D C:\Program Files (x86)\RSUPPORT
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Public\Documents\Rsupport
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Dareon.Owner-PC\Documents\Mobizen
2017-01-17 12:18 - 2017-01-17 12:19 - 49886720 _____ (RSUPPORT ) C:\Users\Dareon.Owner-PC\Downloads\mobizen.exe
2017-01-17 01:42 - 2017-01-18 14:50 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CSO
2017-01-17 01:42 - 2017-01-17 01:42 - 00000000 ____D C:\ProgramData\Nexon
2017-01-17 00:12 - 2017-01-17 00:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\BattlEye
2017-01-15 10:47 - 2017-01-15 10:47 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-10 20:32 - 2017-01-10 20:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\.ssh
2017-01-10 20:30 - 2017-01-10 20:31 - 09500041 _____ C:\Users\Dareon.Owner-PC\Downloads\Wurst-Client-v2.24.zip
2017-01-10 20:17 - 2017-01-10 20:22 - 23509731 _____ C:\Users\Dareon.Owner-PC\Downloads\Robot.rar
2017-01-10 20:06 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 20:06 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 20:06 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 20:06 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 20:06 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 15:46 - 2017-01-09 15:46 - 03452852 _____ C:\Users\Dareon.Owner-PC\Downloads\Find_the_Button_15_Levels.zip
2017-01-09 15:35 - 2017-01-09 15:35 - 00983656 _____ C:\Users\Dareon.Owner-PC\Downloads\Find The Button Plus.zip
2017-01-08 17:23 - 2017-01-08 17:41 - 128472618 _____ C:\Users\Dareon.Owner-PC\Downloads\Undertale.zip
2017-01-08 13:03 - 2017-01-08 13:05 - 16881411 _____ C:\Users\Dareon.Owner-PC\Downloads\Wolfram-v5.1-MC1.8.zip
2017-01-04 17:46 - 2017-01-04 17:46 - 00000000 __SHD C:\found.000
2017-01-04 12:29 - 2017-01-04 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\mcleaks
2017-01-04 12:29 - 2017-01-04 12:29 - 00017152 _____ C:\Users\Dareon.Owner-PC\Downloads\MCLeaksAuthenticator.zip
2017-01-01 13:43 - 2017-01-01 13:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.atlauncher
2017-01-01 13:41 - 2017-01-22 15:25 - 00000000 ____D C:\Program Files\Java
2017-01-01 13:41 - 2017-01-01 13:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-01 13:39 - 2017-01-01 13:40 - 63235648 _____ (Oracle Corporation) C:\Users\Dareon.Owner-PC\Downloads\jre-8u111-windows-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-23 12:17 - 2016-11-22 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Mozilla
2017-01-23 12:16 - 2016-11-20 16:37 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-23 11:43 - 2016-11-20 16:37 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-23 11:43 - 2016-08-02 12:37 - 00107274 _____ C:\Windows\ntbtlog.txt
2017-01-23 11:29 - 2016-11-20 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-22 22:37 - 2016-09-24 15:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2017-01-22 22:32 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-22 22:32 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-22 22:31 - 2009-07-13 22:13 - 00862152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-22 22:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-01-22 22:22 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 22:18 - 2016-11-24 14:46 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480024000
2017-01-22 20:52 - 2014-05-23 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-22 15:25 - 2016-09-10 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2017-01-22 15:25 - 2016-08-21 15:12 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-22 15:25 - 2016-08-04 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 15:25 - 2016-08-04 04:38 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 15:25 - 2016-08-02 15:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 15:25 - 2016-08-02 12:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-22 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-01-22 14:31 - 2016-11-24 14:45 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-22 14:30 - 2016-11-24 14:44 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-22 14:28 - 2016-08-02 12:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2017-01-19 21:38 - 2016-08-09 14:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\UNDERTALE
2017-01-19 12:58 - 2016-09-14 22:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 16:52 - 2016-10-03 17:03 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Cubic
2017-01-17 16:48 - 2016-11-22 12:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CrashDumps
2017-01-17 00:12 - 2016-08-10 10:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Smartly Dressed Games
2017-01-16 23:50 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-14 18:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-01-14 14:11 - 2016-08-02 14:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2017-01-13 15:33 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-12 00:34 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2017-01-10 22:56 - 2014-05-21 11:49 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 22:56 - 2014-05-21 11:49 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 19:52 - 2016-11-22 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 19:52 - 2014-05-23 09:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 19:52 - 2014-05-23 09:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 17:42 - 2016-08-30 18:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2017-01-01 11:36 - 2016-11-05 23:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\ElevatedDiagnostics
2017-01-01 09:15 - 2014-10-08 19:30 - 00000000 ____D C:\Windows\Minidump
2017-01-01 09:14 - 2014-10-08 19:30 - 360193322 _____ C:\Windows\MEMORY.DMP

==================== Files in the root of some directories =======

2016-08-28 23:37 - 2011-10-09 15:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-28 23:37 - 2012-05-26 20:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 20:09 - 2016-08-24 20:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 03:24 - 2016-10-10 03:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 20:09 - 2016-08-24 20:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 20:09 - 2016-08-24 20:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 20:09 - 2016-08-24 20:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-10-10 03:27 - 2016-10-10 03:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-08-21 22:47 - 2016-12-02 01:13 - 0007600 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 03:24 - 2016-11-05 21:44 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 21:07 - 2016-08-15 21:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config

Some files in TEMP:
====================
2017-01-18 12:18 - 2017-01-18 12:18 - 0000512 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
2017-01-18 12:18 - 2017-01-19 23:53 - 0000068 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Temp\6661235007c3a8b3ec67fe567e120f6d.dll
2017-01-23 11:42 - 2016-10-11 08:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\dllnt_dump.dll
2016-12-18 18:27 - 2016-12-18 18:27 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-485306706255226636.dll
2016-12-18 18:29 - 2016-12-18 18:29 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-5160920108959968050.dll
2016-12-20 11:49 - 2016-12-20 11:49 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8331114805938660893.dll
2016-12-18 18:17 - 2016-12-18 18:17 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8462684412327565368.dll
2017-01-14 12:21 - 2017-01-14 12:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2134510743460097422.dll
2017-01-10 20:56 - 2017-01-10 20:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2188506442376641153.dll
2017-01-04 15:34 - 2017-01-04 15:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2465940631920987783.dll
2017-01-05 10:55 - 2017-01-05 10:55 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-25047755383684624.dll
2017-01-05 16:15 - 2017-01-05 16:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3146629528680572176.dll
2017-01-03 11:54 - 2017-01-03 11:54 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3199706788566176208.dll
2017-01-05 21:51 - 2017-01-05 21:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3811883553042368084.dll
2017-01-08 16:45 - 2017-01-08 16:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4110756868221365020.dll
2017-01-04 18:34 - 2017-01-04 18:34 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4232310429758700343.dll
2017-01-10 19:20 - 2017-01-10 19:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4354823311508885284.dll
2017-01-08 22:33 - 2017-01-08 22:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4396768239888413657.dll
2017-01-10 15:35 - 2017-01-10 15:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4843478029480013167.dll
2017-01-06 15:40 - 2017-01-06 15:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4977896328613604076.dll
2017-01-04 12:21 - 2017-01-04 12:21 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-515263497394349128.dll
2017-01-08 15:56 - 2017-01-08 15:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5421618471429714544.dll
2017-01-14 10:15 - 2017-01-14 10:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5627399304080037155.dll
2017-01-08 17:18 - 2017-01-08 17:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6011843968407813096.dll
2017-01-01 19:28 - 2017-01-01 19:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6163034191336247038.dll
2017-01-12 22:48 - 2017-01-12 22:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7096615961669021527.dll
2017-01-12 00:37 - 2017-01-12 00:37 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7106060213880093691.dll
2017-01-08 15:45 - 2017-01-08 15:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7112034802142007985.dll
2017-01-08 17:45 - 2017-01-08 17:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8136980701160219234.dll
2017-01-09 16:52 - 2017-01-09 16:52 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8290584035581656547.dll
2017-01-04 19:49 - 2017-01-04 19:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9155735392595224076.dll
2017-01-08 14:17 - 2017-01-08 14:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9170157960519544152.dll
2017-01-04 12:24 - 2017-01-04 12:24 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-959060626463688853.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 13:28

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Dareon (23-01-2017 12:18:54)
Running from C:\Users\Dareon.Owner-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BLOCKADE 3D (HKLM\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Counter-Strike Nexon: Zombies (HKLM\...\Steam App 273110) (Version:  - Nexon)
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
Remote osu! Keyboard Server version 1.3.2 (HKLM\...\{50E9CD66-5078-4347-B801-B2759D6E1823}_is1) (Version: 1.3.2 - TimiimiT)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
S.K.I.L.L. - Special Force 2 (HKLM\...\Steam App 286940) (Version:  - Dragonfly GF Co., LTD)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {201514DA-200E-481B-8F3D-96F5BAF02B18} - System32\Tasks\SafeZone scheduled Autoupdate 1480024000 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {5646259F-3E26-4148-9280-A012C752CBFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {5A4D88D4-D311-46F1-A797-CF1C00A4671D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-24] (AVAST Software)
Task: {C36F0A2F-AEDC-4441-BBC9-245DD922A15A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {D99071C8-02C6-4E96-BC3A-05912D4ECE25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-11-23 15:57 - 00000006 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: Discord => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
MSCONFIG\startupreg: RazerCortex => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{B286C7E0-28F3-4C4F-93AA-68D6DF3534AC}] => C:\Program Files\Remote osu! Keyboard Server\Ro!KS.exe
FirewallRules: [TCP Query User{82B09CB9-838C-43C3-9BC1-89A05E3055B0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{D203FD8A-3C9D-4817-AF8D-F0E71AD45D76}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [{E2F02839-86A0-4BB2-93C9-32B258AA599F}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66435BC5-4D7B-4905-BF02-322F643F2D7B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{9D4749BE-A8CA-45DA-96D4-8D73AAA58C57}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EB6AB75-C83C-4E28-ACB5-0C539B23A957}] => LPort=2869
FirewallRules: [{E83EEFD6-8BF0-4CBB-AB55-CB7BFDFA4A4A}] => LPort=1900
FirewallRules: [{2B5553B3-A8A7-4C0A-B0E5-493A3E1A3628}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46C40840-B6F4-4D4D-92BF-53008E092193}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3D3ED78A-3986-4656-8EB9-F4A62B66C265}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{417F37AB-D48F-4E0D-AF07-73B412D54133}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F19D885D-FBE7-4139-B292-05DAD9F3BEDF}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4EE14E68-15AF-4D2F-AFB0-0FFD2EB2B4A6}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EAC7DE43-89B0-4D0F-974B-F456A9D347D0}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EBC8E625-5B8B-4666-8244-8B331FC3BEFD}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1572A73C-EFFC-4F49-ACD2-427C9DD2BD20}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{FE9C27A9-E13D-452F-BA9A-CAAED51DCA08}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{7B7B363B-BBD7-4FD2-BD88-FCEBAB3213C5}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{046D89D7-A48B-4C8D-8FDF-D54CA57CBDBA}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe
FirewallRules: [{E5511A81-8AAF-4DF9-B50F-24FCFCC32147}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe

==================== Restore Points =========================

24-11-2016 15:19:53 End of disinfection
01-12-2016 17:57:02 Windows Live Essentials
01-12-2016 17:57:59 Installed DirectX
01-12-2016 17:59:10 Installed DirectX
01-12-2016 17:59:44 Installed DirectX
01-12-2016 18:01:49 WLSetup
08-12-2016 22:55:28 Scheduled Checkpoint
14-12-2016 02:42:03 Windows Update
01-01-2017 23:27:03 Scheduled Checkpoint
10-01-2017 11:33:20 Scheduled Checkpoint
10-01-2017 22:55:07 Windows Update
18-01-2017 13:24:16 Scheduled Checkpoint
20-01-2017 17:39:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-01-2017 17:40:13 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
20-01-2017 17:41:42 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
20-01-2017 17:42:30 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2017 11:15:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\DAREON~1.OWN\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (01/22/2017 07:50:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/22/2017 12:37:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/21/2017 05:27:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/20/2017 12:08:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/19/2017 03:52:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 08:51:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 10:55:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/17/2017 04:48:20 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Rsupport Mobizen Mirroring because of this error.

Program: Rsupport Mobizen Mirroring
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/17/2017 04:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mobizen.exe, version: 2.21.5.1, time stamp: 0x587d74f0
Faulting module name: MView20.dll_unloaded, version: 0.0.0.0, time stamp: 0x5732883a
Exception code: 0xc000001d
Fault offset: 0x0398c476
Faulting process id: 0xb08
Faulting application start time: 0x01d2711c1bc902f8
Faulting application path: C:\Program Files (x86)\RSUPPORT\Mobizen\Mobizen.exe
Faulting module path: MView20.dll
Report Id: 6c8f9198-dd0f-11e6-bc45-94fbb221c4f3


System errors:
=============
Error: (01/23/2017 12:18:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:18:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:18:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:17:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/23/2017 12:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-01-22 22:22:20.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:22:20.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:12:17.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:12:17.356
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 14:27:36.812
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 14:27:36.562
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 10:29:07.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 10:29:07.122
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 00:26:09.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 00:26:08.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 29%
Total physical RAM: 3839.37 MB
Available physical RAM: 2695.75 MB
Total Virtual: 7676.92 MB
Available Virtual: 6833.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:339.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 23 January 2017 - 02:21 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\MEMORY.DMP

C:\Users\Dareon.Owner-PC\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\6661235007c3a8b3ec67fe567e120f6d.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-485306706255226636.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-5160920108959968050.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8331114805938660893.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8462684412327565368.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2134510743460097422.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2188506442376641153.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2465940631920987783.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-25047755383684624.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3146629528680572176.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3199706788566176208.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3811883553042368084.dll
 C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4110756868221365020.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4232310429758700343.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4354823311508885284.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4396768239888413657.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4843478029480013167.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4977896328613604076.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-515263497394349128.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5421618471429714544.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5627399304080037155.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6011843968407813096.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6163034191336247038.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7096615961669021527.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7106060213880093691.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7112034802142007985.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8136980701160219234.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8290584035581656547.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9155735392595224076.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9170157960519544152.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-959060626463688853.dll

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.
===

You may be able to run this tool in Save mode.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
===

p.s.
You have many Restore points.
If all fails to restore Normal Mode can you restore the computer to a date prior to the loan of this computer?

#6 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 02:22 PM

do i restart the computer in normal or safe mode Edit: im just doing safe mode


Edited by nomore568, 23 January 2017 - 02:26 PM.


#7 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 02:29 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Dareon (23-01-2017 12:27:11) Run:1
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\MEMORY.DMP

C:\Users\Dareon.Owner-PC\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\6661235007c3a8b3ec67fe567e120f6d.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-485306706255226636.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-5160920108959968050.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8331114805938660893.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8462684412327565368.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2134510743460097422.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2188506442376641153.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2465940631920987783.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-25047755383684624.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3146629528680572176.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3199706788566176208.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3811883553042368084.dll
 C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4110756868221365020.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4232310429758700343.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4354823311508885284.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4396768239888413657.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4843478029480013167.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4977896328613604076.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-515263497394349128.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5421618471429714544.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5627399304080037155.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6011843968407813096.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6163034191336247038.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7096615961669021527.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7106060213880093691.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7112034802142007985.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8136980701160219234.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8290584035581656547.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9155735392595224076.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9170157960519544152.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-959060626463688853.dll

Reboot:


End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key removed successfully
C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\Mobizen plugin => key removed successfully
Mobizen plugin => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
C:\Windows\MEMORY.DMP => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\3d51890c7b88e4feeeed777176b46429.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\6661235007c3a8b3ec67fe567e120f6d.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-485306706255226636.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-5160920108959968050.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8331114805938660893.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-32-8462684412327565368.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2134510743460097422.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2188506442376641153.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-2465940631920987783.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-25047755383684624.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3146629528680572176.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3199706788566176208.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-3811883553042368084.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4110756868221365020.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4232310429758700343.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4354823311508885284.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4396768239888413657.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4843478029480013167.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-4977896328613604076.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-515263497394349128.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5421618471429714544.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-5627399304080037155.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6011843968407813096.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6163034191336247038.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7096615961669021527.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7106060213880093691.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-7112034802142007985.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8136980701160219234.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-8290584035581656547.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9155735392595224076.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-9170157960519544152.dll => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-959060626463688853.dll => moved successfully


The system needed a reboot.

==== End of Fixlog 12:27:11 ====



#8 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 January 2017 - 03:02 PM

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Dareon on Mon 01/23/2017 at 12:32:11.00.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Dareon.Owner-PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~3\BlueStacksSetup deleted successfully
C:\Users\Dareon.Owner-PC\AppData\Roaming\Rsupport deleted successfully
C:\Users\Dareon\AppData\Local\Google deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{374793B5-4D7A-41CF-A56F-1CFEBC616545} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424E50CD-20C9-4C38-A2BC-622F06AE7762} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{613D18CF-3431-44DC-849D-258D2F55D231} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62BCBE7D-6A22-413B-91AF-08B112FBF4D5} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76BC659E-EAD4-4D1A-973F-2F131752AC18} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909CCEC3-6CC4-4010-B8CF-0E3471B0D0B3} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95C44140-A720-45FF-BF79-D9707B58366C} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E31CE1D1-9C7D-449E-B100-EFF1FF20F8A0} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6F3856E-EFB4-4088-8678-7717E65860D1} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA827FC1-EFAD-40C3-A343-2A70F5B7D884} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9776290-A94C-4282-A902-16B885ECFF8B} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE3FCB4B-B8DC-4BC1-A50F-D1E7F3B94D6D} deleted successfully
HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFA39F28-9A57-4CF5-919B-743495BDE67E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\prefs.js:

Added to C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20170123_1248_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Dareon.Owner-PC\.android deleted
C:\Windows\sysWoW64\config\systemprofile\.android deleted
C:\found.000 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity deleted
C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\Yahoo Inc deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01/22/2017 02:30 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01/22/2017 02:30 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\DAREON~1.OWN\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default
CD9AD396445215BA2B050EED7194193B    - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll -    Silverlight Plug-In
C940C1079C9202591865EAEDC010926C    - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrlui.dll -    Microsoft® Silverlight
88FA0CA7409ED3BC48DBE2CDDF794E67    - C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\NPRobloxProxy.dll -    Roblox Launcher Plugin


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.71



==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Dareon.Owner-PC\AppData\Local\Clickertale\User Data\Default\Preferences was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Clickertale\User Data\Default\Secure Preferences was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Clickertale\User Data\Default\Web Data was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Clickertale\User Data\Default\Web Data-journal was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerCortex deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dareon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Dareon\AppData\Local\Mozilla\Firefox\Profiles\qv6wxfua.default\Cache emptied successfully
C:\Users\Dareon\AppData\Local\Mozilla\Firefox\Profiles\qv6wxfua.default\cache2 emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Mozilla\Firefox\Profiles\0yk6n6lk.default\cache2 emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Mozilla\Firefox\Profiles\etio5tsa.default\cache2 emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\storage\default\https+++www.dropbox.com\cache emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\storage\default\https+++www.orlygift.com\cache emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\storage\default\https+++www.roblox.com\cache emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Dareon.Owner-PC\AppData\Local\Clickertale\User Data\Default\Cache emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=51 folders=41 46588431 bytes)

==== Empty Temp Folders ======================

C:\Users\Dareon\AppData\Local\Temp emptied successfully
C:\Users\Dareon.Owner-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DAREON~1.OWN\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 01/23/2017 at 12:59:48.93 ======================
 

 

Pc Update: Haven't launched in normal yet, would you like me to?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 24 January 2017 - 08:22 AM



Pc Update: Haven't launched in normal yet, would you like me to?


Yes, it's the only way will find out if it's working.

Keep me posted.

If you get any error message please post it.

#10 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 24 January 2017 - 12:20 PM

Still no luck booted in normal mode and 10 mins after startup thousands of javaws.exe opened in task manager i tried to do a frst scan while they opened but it couldn't finish before all the memory was used. I did get a log i don't thinks its complete but it does show a lot of java's open in the process list of it not nearly as many as there were open but it shows quite a bit ill just past that part if you want the full log i got just ask.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Dareon (administrator) on OWNER-PC (24-01-2017 10:06:22)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe
 


Edited by nomore568, 24 January 2017 - 12:22 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 24 January 2017 - 01:57 PM

In Safe Mode rename these files in bold as follows.

C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe -> rename it javaws.exe.old

Reboot in Normal Mode.

If can you go to the Control Panel > Programs> Programs and Features and remove all of the Oracle Java program(s) installed.

Restart the computer normally.

Run the Farbar tool in normal mode and post both logs for my review.

If unable to do this let me know.

#12 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 24 January 2017 - 02:32 PM

Did what you said just when i was uninstalling one of the javas it gave me a error saying "can not find message file" but here are the frst logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Dareon (administrator) on OWNER-PC (24-01-2017 12:23:36)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF DefaultProfile: 0yk6n6lk.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default [2017-01-24]
FF NewTab: Mozilla\Firefox\Profiles\0yk6n6lk.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\0yk6n6lk.default -> about:home
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\0yk6n6lk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-24] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-03] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2017-01-24] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-24] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-03] (Echobit, LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-23] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 10:12 - 2017-01-24 09:53 - 00082936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-01-23 12:50 - 2017-01-23 12:32 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-01-23 12:30 - 2017-01-23 12:48 - 00000000 ____D C:\zoek_backup
2017-01-23 12:27 - 2017-01-23 12:27 - 00008239 _____ C:\Users\Dareon.Owner-PC\Desktop\Fixlog.txt
2017-01-23 12:23 - 2017-01-23 12:23 - 01309184 _____ C:\Users\Dareon.Owner-PC\Desktop\zoek.exe
2017-01-23 12:16 - 2017-01-23 12:16 - 00004804 _____ C:\Users\Dareon.Owner-PC\Desktop\ReportRouge.txt
2017-01-23 11:29 - 2017-01-23 11:29 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-23 11:26 - 2017-01-23 11:27 - 34726608 _____ (Adlice Software ) C:\Users\Dareon.Owner-PC\Desktop\setup.exe
2017-01-23 11:18 - 2017-01-23 11:18 - 00002096 _____ C:\Users\Dareon.Owner-PC\Desktop\JRT.txt
2017-01-23 11:14 - 2017-01-23 11:14 - 01663040 _____ (Malwarebytes) C:\Users\Dareon.Owner-PC\Desktop\JRT.exe
2017-01-22 22:43 - 2017-01-24 10:07 - 00013691 _____ C:\Users\Dareon.Owner-PC\Desktop\Addition.txt
2017-01-22 22:41 - 2017-01-24 12:24 - 00011569 _____ C:\Users\Dareon.Owner-PC\Desktop\FRST.txt
2017-01-22 22:41 - 2017-01-24 09:56 - 00000000 ____D C:\FRST
2017-01-22 22:41 - 2017-01-22 22:41 - 02420736 _____ (Farbar) C:\Users\Dareon.Owner-PC\Desktop\FRST64.exe
2017-01-22 14:30 - 2016-11-24 14:44 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-22 00:32 - 2017-01-22 00:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Oracle
2017-01-21 16:19 - 2017-01-21 16:19 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Lord_Loej
2017-01-17 23:37 - 2017-01-17 23:37 - 01075720 _____ C:\Users\Dareon.Owner-PC\Downloads\nzombies-master-workshop.zip
2017-01-17 12:20 - 2017-01-17 18:48 - 00000000 ____D C:\Program Files (x86)\RSUPPORT
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Public\Documents\Rsupport
2017-01-17 12:20 - 2017-01-17 12:20 - 00000000 ____D C:\Users\Dareon.Owner-PC\Documents\Mobizen
2017-01-17 12:18 - 2017-01-17 12:19 - 49886720 _____ (RSUPPORT ) C:\Users\Dareon.Owner-PC\Downloads\mobizen.exe
2017-01-17 01:42 - 2017-01-18 14:50 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CSO
2017-01-17 01:42 - 2017-01-17 01:42 - 00000000 ____D C:\ProgramData\Nexon
2017-01-17 00:12 - 2017-01-17 00:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\BattlEye
2017-01-10 20:32 - 2017-01-10 20:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\.ssh
2017-01-10 20:30 - 2017-01-10 20:31 - 09500041 _____ C:\Users\Dareon.Owner-PC\Downloads\Wurst-Client-v2.24.zip
2017-01-10 20:17 - 2017-01-10 20:22 - 23509731 _____ C:\Users\Dareon.Owner-PC\Downloads\Robot.rar
2017-01-10 20:06 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 20:06 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 20:06 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 20:06 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 20:06 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 20:06 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 20:06 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 20:06 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 20:06 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 20:06 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-09 15:46 - 2017-01-09 15:46 - 03452852 _____ C:\Users\Dareon.Owner-PC\Downloads\Find_the_Button_15_Levels.zip
2017-01-09 15:35 - 2017-01-09 15:35 - 00983656 _____ C:\Users\Dareon.Owner-PC\Downloads\Find The Button Plus.zip
2017-01-08 17:23 - 2017-01-08 17:41 - 128472618 _____ C:\Users\Dareon.Owner-PC\Downloads\Undertale.zip
2017-01-08 13:03 - 2017-01-08 13:05 - 16881411 _____ C:\Users\Dareon.Owner-PC\Downloads\Wolfram-v5.1-MC1.8.zip
2017-01-04 12:29 - 2017-01-04 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\mcleaks
2017-01-04 12:29 - 2017-01-04 12:29 - 00017152 _____ C:\Users\Dareon.Owner-PC\Downloads\MCLeaksAuthenticator.zip
2017-01-01 13:43 - 2017-01-01 13:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.atlauncher
2017-01-01 13:41 - 2017-01-24 12:16 - 00000000 ____D C:\Program Files\Java
2017-01-01 13:39 - 2017-01-01 13:40 - 63235648 _____ (Oracle Corporation) C:\Users\Dareon.Owner-PC\Downloads\jre-8u111-windows-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 12:22 - 2016-09-24 15:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2017-01-24 12:20 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-24 12:18 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-24 12:18 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-24 12:17 - 2009-07-13 22:13 - 00862152 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-24 12:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-01-24 12:15 - 2016-08-04 04:38 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-24 12:09 - 2014-05-23 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-24 12:06 - 2016-11-23 09:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 12:06 - 2016-11-22 12:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Mozilla
2017-01-24 12:05 - 2016-08-02 12:37 - 00457164 _____ C:\Windows\ntbtlog.txt
2017-01-24 09:52 - 2014-05-23 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-23 17:45 - 2016-11-20 16:37 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-23 12:48 - 2016-08-02 12:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2017-01-23 11:43 - 2016-11-20 16:37 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-23 11:29 - 2016-11-20 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-22 22:18 - 2016-11-24 14:46 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480024000
2017-01-22 15:25 - 2016-09-10 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2017-01-22 15:25 - 2016-08-21 15:12 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-22 15:25 - 2016-08-02 15:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 15:25 - 2016-08-02 12:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-22 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-01-22 14:31 - 2016-11-24 14:45 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-22 14:30 - 2016-11-24 14:44 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-19 21:38 - 2016-08-09 14:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\UNDERTALE
2017-01-19 12:58 - 2016-09-14 22:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 16:52 - 2016-10-03 17:03 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Cubic
2017-01-17 16:48 - 2016-11-22 12:32 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CrashDumps
2017-01-17 00:12 - 2016-08-10 10:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Smartly Dressed Games
2017-01-16 23:50 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-14 18:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-01-14 14:11 - 2016-08-02 14:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2017-01-13 15:33 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-12 00:34 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2017-01-10 22:56 - 2014-05-21 11:49 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 22:56 - 2014-05-21 11:49 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 19:52 - 2016-11-22 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 19:52 - 2014-05-23 09:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 19:52 - 2014-05-23 09:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 19:52 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 17:42 - 2016-08-30 18:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2017-01-01 11:36 - 2016-11-05 23:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\ElevatedDiagnostics
2017-01-01 09:15 - 2014-10-08 19:30 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2016-08-28 23:37 - 2011-10-09 15:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-28 23:37 - 2012-05-26 20:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 20:09 - 2016-08-24 20:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 03:24 - 2016-10-10 03:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 20:09 - 2016-08-24 20:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 20:09 - 2016-08-24 20:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 20:09 - 2016-08-24 20:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-10-10 03:27 - 2016-10-10 03:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-08-21 22:47 - 2016-12-02 01:13 - 0007600 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 03:24 - 2016-11-05 21:44 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 21:07 - 2016-08-15 21:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config

Some files in TEMP:
====================
2017-01-23 17:46 - 2016-10-11 08:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Dareon.Owner-PC\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 13:28

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Dareon (24-01-2017 12:24:56)
Running from C:\Users\Dareon.Owner-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BLOCKADE 3D (HKLM\...\Steam App 302830) (Version:  - Shumkov Dmitriy)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Counter-Strike Nexon: Zombies (HKLM\...\Steam App 273110) (Version:  - Nexon)
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0 (x64 en-US) (HKLM\...\Mozilla Firefox 51.0 (x64 en-US)) (Version: 51.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.0.6227 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
Remote osu! Keyboard Server version 1.3.2 (HKLM\...\{50E9CD66-5078-4347-B801-B2759D6E1823}_is1) (Version: 1.3.2 - TimiimiT)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
S.K.I.L.L. - Special Force 2 (HKLM\...\Steam App 286940) (Version:  - Dragonfly GF Co., LTD)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {201514DA-200E-481B-8F3D-96F5BAF02B18} - System32\Tasks\SafeZone scheduled Autoupdate 1480024000 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-24] (AVAST Software)
Task: {5646259F-3E26-4148-9280-A012C752CBFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {5A4D88D4-D311-46F1-A797-CF1C00A4671D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-24] (AVAST Software)
Task: {C36F0A2F-AEDC-4441-BBC9-245DD922A15A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {D99071C8-02C6-4E96-BC3A-05912D4ECE25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 11:34 - 2015-01-30 17:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-29 00:06 - 2016-08-29 00:06 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-11-24 14:44 - 2016-11-24 14:44 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-24 12:13 - 2017-01-24 12:13 - 04458584 _____ () C:\Program Files\AVAST Software\Avast\defs\17012405\algo.dll
2016-11-24 14:44 - 2016-11-24 14:44 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-24 14:44 - 2016-11-24 14:44 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-11-23 15:57 - 00000006 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: Discord => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => C:\program files\unity\editor\unity.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => C:\program files (x86)\mumble\murmur.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{B286C7E0-28F3-4C4F-93AA-68D6DF3534AC}] => C:\Program Files\Remote osu! Keyboard Server\Ro!KS.exe
FirewallRules: [TCP Query User{82B09CB9-838C-43C3-9BC1-89A05E3055B0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{D203FD8A-3C9D-4817-AF8D-F0E71AD45D76}C:\program files (x86)\secondlifeviewer\slvoice.exe] => C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [{E2F02839-86A0-4BB2-93C9-32B258AA599F}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66435BC5-4D7B-4905-BF02-322F643F2D7B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{9D4749BE-A8CA-45DA-96D4-8D73AAA58C57}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EB6AB75-C83C-4E28-ACB5-0C539B23A957}] => LPort=2869
FirewallRules: [{E83EEFD6-8BF0-4CBB-AB55-CB7BFDFA4A4A}] => LPort=1900
FirewallRules: [{2B5553B3-A8A7-4C0A-B0E5-493A3E1A3628}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46C40840-B6F4-4D4D-92BF-53008E092193}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3D3ED78A-3986-4656-8EB9-F4A62B66C265}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{417F37AB-D48F-4E0D-AF07-73B412D54133}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F19D885D-FBE7-4139-B292-05DAD9F3BEDF}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4EE14E68-15AF-4D2F-AFB0-0FFD2EB2B4A6}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EAC7DE43-89B0-4D0F-974B-F456A9D347D0}] => C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{EBC8E625-5B8B-4666-8244-8B331FC3BEFD}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{1572A73C-EFFC-4F49-ACD2-427C9DD2BD20}] => C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{FE9C27A9-E13D-452F-BA9A-CAAED51DCA08}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{7B7B363B-BBD7-4FD2-BD88-FCEBAB3213C5}] => C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{046D89D7-A48B-4C8D-8FDF-D54CA57CBDBA}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe
FirewallRules: [{E5511A81-8AAF-4DF9-B50F-24FCFCC32147}] => C:\Program Files (x86)\Steam\steamapps\common\Blockade3d\main.exe

==================== Restore Points =========================

24-11-2016 15:19:53 End of disinfection
01-12-2016 17:57:02 Windows Live Essentials
01-12-2016 17:57:59 Installed DirectX
01-12-2016 17:59:10 Installed DirectX
01-12-2016 17:59:44 Installed DirectX
01-12-2016 18:01:49 WLSetup
08-12-2016 22:55:28 Scheduled Checkpoint
14-12-2016 02:42:03 Windows Update
01-01-2017 23:27:03 Scheduled Checkpoint
10-01-2017 11:33:20 Scheduled Checkpoint
10-01-2017 22:55:07 Windows Update
18-01-2017 13:24:16 Scheduled Checkpoint
20-01-2017 17:39:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-01-2017 17:40:13 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
20-01-2017 17:41:42 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
20-01-2017 17:42:30 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
24-01-2017 12:14:32 Removed Java 8 Update 111
24-01-2017 12:16:14 Removed Java 8 Update 111 (64-bit)

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 12:09:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/23/2017 12:33:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).

Error: (01/23/2017 11:15:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\DAREON~1.OWN\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (01/22/2017 07:50:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/22/2017 12:37:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/21/2017 05:27:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/20/2017 12:08:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/19/2017 03:52:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 08:51:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (01/18/2017 10:55:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (01/24/2017 12:13:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/24/2017 12:07:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 12:07:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-01-24 12:20:20.136
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 12:20:19.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 12:11:00.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 12:11:00.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 10:00:30.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 10:00:30.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 09:50:20.233
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-24 09:50:19.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:22:20.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 22:22:20.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 26%
Total physical RAM: 3839.37 MB
Available physical RAM: 2805.96 MB
Total Virtual: 7676.92 MB
Available Virtual: 6606.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:338.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 25 January 2017 - 08:02 AM

If you did not installed this program in bold or do not use it remove it via the Control Panel > Programs > Programs and Features.
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
===

Will remove all references to Java.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

How is the computer running now?

p.s.
If you can run the Zoek tool and post the log for my review.

#14 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 25 January 2017 - 11:33 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017
Ran by Dareon (25-01-2017 09:23:26) Run:2
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => C:\program files\java\jre1.8.0_111\bin\javaw.exe
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4B3F54A3-7F99-4DAC-B2D8-F0F0DF5C787F}C:\program files\java\jre1.8.0_102\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{91092B4D-6742-4117-A86B-0E59073D0B90}C:\program files\java\jre1.8.0_102\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B590957F-A22A-4D8D-B593-A278AE974C29}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8F638F02-D083-4824-8839-48C963FC08FF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC73D6DC-6BB0-4DD5-B4B8-DECCBDBE8A1A}C:\program files\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F2BB9511-2ADC-4354-A464-C0188AB16A93}C:\program files\java\jre1.8.0_111\bin\javaw.exe => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13991553 B
Java, Flash, Steam htmlcache => 116047005 B
Windows/system/drivers => 452571 B
Edge => 0 B
Chrome => 812943 B
Firefox => 348293750 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Dareon.Owner-PC => 4949426 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 462.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:24:30 ====

 

PC Update: Working Fine Now No Other Problems I Can See But Will I Be Able To Reinstall Java When We Are Done?



#15 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 25 January 2017 - 11:43 AM

I have no extra time right now so ill get the zoek scan done later today or tommarow






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users