Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads Playing in Background


  • This topic is locked This topic is locked
12 replies to this topic

#1 25thBaam

25thBaam

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 26 January 2017 - 05:14 PM

Hi, yesterday my computer was attacked by a virus and after running in safe mode I uninstalled programs that were new and I've never seen before or that were suspicious. I noticed one of the files mentioning Trojan. I then ran malware-bytes which appeared to have removed some of the malicious software. As of right now, when connected to the internet I hear auto mouse clicking sounds and ads that play without any programs/browsers open. My computer is also significantly slower. Malware-bytes also constantly reminds me that it has blocked a website under the file "C:\Program Files (x86)\Powerful\matsu.exe" and "C:\Program Files (x86)\Bellville\matsu.exe" I tried running adwcleaner which says it found four threats which I cleaned, but after restarting, nothing appears to have changed. I just ran the FRST program to share these logs. I am scared for my computer. Help is extremely appreciated. Thank you.

Attached Files


Edited by 25thBaam, 26 January 2017 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 27 January 2017 - 05:32 PM

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Reset your browsers to default. For information click here.

 

Give it a try and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 25thBaam

25thBaam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 27 January 2017 - 08:54 PM

Thank you so much for responding and so quickly. I did as you described as well as reset my browser. I don't know if there were any expected outcomes to my computer when running the program, but now my computer seems to run a lot faster. Other than that and resetting the browser, nothing else appears to have changed.

 

I was wondering if I should run these programs and my computer in general in Safe Mode with Networking. Would this impact the ability of the programs to do their job?

 

Again, thank you for taking the time to help me. I give you my utmost appreciation.

 

Here is the log file that was saved:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Sagan (27-01-2017 20:14:11) Run:1
Running from C:\Users\Sagan Medved\Desktop\FRST
Loaded Profiles: Sagan (Available Profiles: Sagan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
HKLM-x32\...\Run: [MapsGalaxy] => C:\WINDOWS\Temp\C6DC.tmp -start <===== ATTENTION
C:\WINDOWS\Temp\C6DC.tmp
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [amttgm] => rundll32.exe "C:\Users\Sagan Medved\AppData\Local\amttgm.dll",amttgm <===== ATTENTION
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
2015-10-04 14:00 - 2015-10-04 14:00 - 0000000 ____D () C:\Users\Sagan Medved\AppData\Local\Temp\avgnt.exe
2010-05-05 16:44 - 2010-05-05 16:44 - 1048576 _____ (Line 6) C:\Users\Sagan Medved\AppData\Local\Temp\L6GPInst.dll
2016-02-11 22:09 - 2016-02-11 22:10 - 6354864 _____ (Black Tree Gaming                                           ) C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.12.exe
2016-02-18 21:07 - 2016-02-18 21:08 - 6356128 _____ (Black Tree Gaming                                           ) C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.13.exe
2016-06-25 10:04 - 2016-06-25 10:04 - 6359496 _____ (Black Tree Gaming                                           ) C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
2016-01-09 18:55 - 2016-01-09 18:55 - 6341776 _____ (Black Tree Gaming                                           ) C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.5.exe
2016-09-04 12:46 - 2016-09-04 12:46 - 4211112 _____ () C:\Users\Sagan Medved\AppData\Local\Temp\npp.6.9.2.Installer.exe
2015-08-07 00:34 - 2015-11-02 08:18 - 0715600 _____ (NVIDIA Corporation) C:\Users\Sagan Medved\AppData\Local\Temp\nvSCPAPI.dll
2015-08-07 00:34 - 2015-11-02 08:18 - 0835776 _____ (NVIDIA Corporation) C:\Users\Sagan Medved\AppData\Local\Temp\nvSCPAPI64.dll
2015-11-06 15:26 - 2015-11-02 08:18 - 0316024 _____ (NVIDIA Corporation) C:\Users\Sagan Medved\AppData\Local\Temp\nvStInst.exe
2015-08-14 07:29 - 2015-07-29 15:08 - 0681097 _____ (SQLite Development Team) C:\Users\Sagan Medved\AppData\Local\Temp\sqlite3.dll
2016-12-18 21:33 - 2016-12-18 21:33 - 133525984 _____ (Twitch) C:\Users\Sagan Medved\AppData\Local\Temp\TwitchLauncherInstaller.exe
2015-07-31 19:51 - 2015-07-31 19:51 - 2702160 _____ (Microsoft Corporation) C:\Users\Sagan Medved\AppData\Local\Temp\vcredist_x86.exe
2015-08-02 18:58 - 2015-08-02 18:58 - 0118784 _____ () C:\Users\Sagan Medved\AppData\Local\Temp\xmlUpdater.exe
CustomCLSID: HKU\S-1-5-21-1491799989-36793466-3983917921-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49FE225D9C84}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {0548EB2D-F58E-4981-BE58-99F69D9909C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22B5AA6A-609A-44B5-A12F-7B42763E9F79} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4764DD4E-2353-47B7-A94B-C31BFF6CA2B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8489A063-702A-440E-8142-2A81E1152178} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96D9E961-90B5-460C-84E5-A27E9AB1F503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B10D78E7-3004-490F-A059-070C0F927D33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B226F0CC-113E-43A7-941A-7A2931354EDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C388E4B2-9BB7-4146-B6F2-C810F7EAB1A7} - \{09040F47-0A7F-7908-0A11-040C04081104} -> No File <==== ATTENTION
Task: {C9EC8FF5-D40D-4424-8F8A-B3F92325741B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D478411C-6D4C-4A3D-9650-FEFFBE37497D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DAE32673-1B69-42EE-A1DF-C5A5720EB172} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB3A21AA-E3D9-4D51-B18F-C09C6E58C228} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0548EB2D-F58E-4981-BE58-99F69D9909C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22B5AA6A-609A-44B5-A12F-7B42763E9F79} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4764DD4E-2353-47B7-A94B-C31BFF6CA2B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8489A063-702A-440E-8142-2A81E1152178} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96D9E961-90B5-460C-84E5-A27E9AB1F503} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B10D78E7-3004-490F-A059-070C0F927D33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B226F0CC-113E-43A7-941A-7A2931354EDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C388E4B2-9BB7-4146-B6F2-C810F7EAB1A7} - \{09040F47-0A7F-7908-0A11-040C04081104} -> No File <==== ATTENTION
Task: {C9EC8FF5-D40D-4424-8F8A-B3F92325741B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D478411C-6D4C-4A3D-9650-FEFFBE37497D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DAE32673-1B69-42EE-A1DF-C5A5720EB172} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FB3A21AA-E3D9-4D51-B18F-C09C6E58C228} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
Reboot:
 
*****************
 
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy => value removed successfully
"C:\WINDOWS\Temp\C6DC.tmp" => not found.
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\Software\Microsoft\Windows\CurrentVersion\Run\\amttgm => value removed successfully
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => key removed successfully
C:\Users\Sagan Medved\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\L6GPInst.dll => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.12.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.13.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\Nexus Mod Manager-0.61.5.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\npp.6.9.2.Installer.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\TwitchLauncherInstaller.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\vcredist_x86.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\xmlUpdater.exe => moved successfully
HKU\S-1-5-21-1491799989-36793466-3983917921-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-49FE225D9C84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0548EB2D-F58E-4981-BE58-99F69D9909C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0548EB2D-F58E-4981-BE58-99F69D9909C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22B5AA6A-609A-44B5-A12F-7B42763E9F79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22B5AA6A-609A-44B5-A12F-7B42763E9F79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4764DD4E-2353-47B7-A94B-C31BFF6CA2B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4764DD4E-2353-47B7-A94B-C31BFF6CA2B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8489A063-702A-440E-8142-2A81E1152178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8489A063-702A-440E-8142-2A81E1152178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96D9E961-90B5-460C-84E5-A27E9AB1F503} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96D9E961-90B5-460C-84E5-A27E9AB1F503} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B10D78E7-3004-490F-A059-070C0F927D33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B10D78E7-3004-490F-A059-070C0F927D33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B226F0CC-113E-43A7-941A-7A2931354EDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B226F0CC-113E-43A7-941A-7A2931354EDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C388E4B2-9BB7-4146-B6F2-C810F7EAB1A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C388E4B2-9BB7-4146-B6F2-C810F7EAB1A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09040F47-0A7F-7908-0A11-040C04081104} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9EC8FF5-D40D-4424-8F8A-B3F92325741B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9EC8FF5-D40D-4424-8F8A-B3F92325741B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D478411C-6D4C-4A3D-9650-FEFFBE37497D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D478411C-6D4C-4A3D-9650-FEFFBE37497D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAE32673-1B69-42EE-A1DF-C5A5720EB172} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE32673-1B69-42EE-A1DF-C5A5720EB172} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB3A21AA-E3D9-4D51-B18F-C09C6E58C228} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3A21AA-E3D9-4D51-B18F-C09C6E58C228} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0548EB2D-F58E-4981-BE58-99F69D9909C4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22B5AA6A-609A-44B5-A12F-7B42763E9F79} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4764DD4E-2353-47B7-A94B-C31BFF6CA2B8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8489A063-702A-440E-8142-2A81E1152178} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96D9E961-90B5-460C-84E5-A27E9AB1F503} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B10D78E7-3004-490F-A059-070C0F927D33} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B226F0CC-113E-43A7-941A-7A2931354EDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C388E4B2-9BB7-4146-B6F2-C810F7EAB1A7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09040F47-0A7F-7908-0A11-040C04081104} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9EC8FF5-D40D-4424-8F8A-B3F92325741B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D478411C-6D4C-4A3D-9650-FEFFBE37497D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE32673-1B69-42EE-A1DF-C5A5720EB172} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3A21AA-E3D9-4D51-B18F-C09C6E58C228} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{DCF7836D-4317-48DB-87E3-7BA6FAD4456B} canceled.
{33E01A69-6F36-4318-A7A9-60F6E66B6F2F} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35696662 B
Java, Flash, Steam htmlcache => 142092 B
Windows/system/drivers => 263677956 B
Edge => 848765 B
Chrome => 119821470 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 105376 B
NetworkService => 4486888 B


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 28 January 2017 - 09:02 AM

They should work better in Normal Mode.

 

Please download Junkware Removal Tool to your Desktop.
 

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

 

 

Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

AdwScan.jpg?


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Re-run FRST and post the new FRST.txt report. Make sure the addition.txt is checked and post also the addition.txt report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 25thBaam

25thBaam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 28 January 2017 - 12:03 PM

Hi, so far everything is still the same such as the audio ads and mouse clicking. However, when I try to start Malware-bytes is gives me the message "unable to connect the service" and won't open even though when I start my computer, it still gives me the pop-ups saying it has blocked a website. Only when I quit malware-bytes from the task bar does it go away.

 

Windows 10 Upgrade Assistant has just been added to my desktop after scanning with FRST64, but I did uninstall it originally when the problem started just in case. I'll just keep it there for now I guess.

 

Here are all the logs that you requested starting with the JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Sagan (Administrator) on Sat 01/28/2017 at 10:47:06.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/28/2017 at 10:59:34.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And then the AdwCleaner log:
 
# AdwCleaner v6.043 - Logfile created 28/01/2017 at 11:06:04
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-28.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Sagan - SAGANMEDVED-PC
# Running from : C:\Users\Sagan Medved\Desktop\adwcleaner_6.043.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Sagan Medved\AppData\Roaming\Installer.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1357 Bytes] - [26/01/2017 15:31:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [1502 Bytes] - [26/01/2017 15:42:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [1577 Bytes] - [28/01/2017 11:06:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [1446 Bytes] - [26/01/2017 15:30:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1591 Bytes] - [26/01/2017 15:42:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [1945 Bytes] - [28/01/2017 11:04:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1869 Bytes] ##########
 
 
FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Sagan (administrator) on SAGANMEDVED-PC (28-01-2017 11:25:03)
Running from C:\Users\Sagan Medved\Desktop\FRST
Loaded Profiles: Sagan & DefaultAppPool (Available Profiles: Sagan & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Matsu) C:\Program Files (x86)\Bellville\matsu.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Matsu) C:\Program Files (x86)\Bellville\matsu.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Matsu) C:\Program Files (x86)\Bellville\matsu.exe
() C:\Program Files (x86)\lynne\conceptualization.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Matsu) C:\Program Files (x86)\Powerful\matsu.exe
(Matsu) C:\Program Files (x86)\Bellville\matsu.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\System32\MusNotification.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\WINDOWS\UpdateAssistant\Windows10Upgrade.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Razer, Inc.) C:\Users\Sagan Medved\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
(Razer, Inc.) C:\Users\Sagan Medved\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\WINDOWS\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [bev] => C:\Program Files (x86)\Powerful\matsu.exe [8704 2017-01-25] (Matsu)
HKLM\...\Run: [bevbev] => C:\Program Files (x86)\Bellville\matsu.exe [8704 2017-01-25] (Matsu)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [facials] => C:\Program Files (x86)\Powerful\matsu.exe [8704 2017-01-25] (Matsu)
HKLM-x32\...\Run: [facialsfacials] => C:\Program Files (x86)\Bellville\matsu.exe [8704 2017-01-25] (Matsu)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [stuttgart] => C:\Program Files (x86)\Powerful\matsu.exe [8704 2017-01-25] (Matsu)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [stuttgartstuttgart] => C:\Program Files (x86)\Bellville\matsu.exe [8704 2017-01-25] (Matsu)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [reverser] => C:\Program Files (x86)\Powerful\matsu.exe [8704 2017-01-25] (Matsu)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [reverserreverser] => C:\Program Files (x86)\Bellville\matsu.exe [8704 2017-01-25] (Matsu)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [conceptualization] => C:\Program Files (x86)\lynne\conceptualization.exe [68880 2017-01-25] ()
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Run: [rosengarten] => C:\Program Files (x86)\Powerful\matsu.exe [8704 2017-01-25] (Matsu)
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\RunOnce: [Uninstall C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\MountPoints2: {69b67382-2404-11e5-8f58-74d02b31cb2d} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2016-10-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sagan Medved\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-07] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sagan Medved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2014-03-25] (Leader Technologies)
Startup: C:\Users\Sagan Medved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\securitized.lnk [2017-01-25]
ShortcutTarget: securitized.lnk -> C:\Program Files (x86)\Powerful\matsu.exe (Matsu)
Startup: C:\Users\Sagan Medved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-01-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fb2abe0-0628-419e-9fc4-72452ffe2009}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1fb2abe0-0628-419e-9fc4-72452ffe2009}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cee54e60-3cbe-11e5-9bc2-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f204fc7e-7e24-4565-a646-171d1a1cadf0}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1491799989-36793466-3983917921-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-15] [not signed]
FF HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1491799989-36793466-3983917921-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sagan Medved\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://tweetdeck.twitter.com/"
CHR Profile: C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Google Docs) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2016-12-18]
CHR Extension: (YouTube) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-11]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2016-10-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-25]
CHR Extension: (Voice Recognition) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (ChromeHue for Philips Hue) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofhimkkaomaoilmnmfhmdoekoaeclkoa [2017-01-18]
CHR Extension: (Pacman) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\palgcoflnoaklkflllnmheiollkgkipm [2017-01-26]
CHR Extension: (Gmail) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Sagan Medved\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [232208 2016-06-30] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-03] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-11-27] (Intel Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-03] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-03] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [57856 2016-01-10] (Razer Inc.) [File not signed]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-11-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [595456 2014-09-19] (C-MEDIA)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2015-08-26] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2015-08-26] (Windows ® Win 7 DDK provider)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2015-11-27] ()
R3 L6UX2; C:\WINDOWS\System32\Drivers\L6UX264.sys [777728 2015-08-21] (Line 6)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-28] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51224 2016-08-24] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-05-18] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 11:14 - 2017-01-28 11:14 - 00001956 _____ C:\Users\Sagan Medved\Desktop\AdwCleaner[C3].txt
2017-01-28 11:10 - 2017-01-28 11:10 - 00016148 _____ C:\WINDOWS\system32\SAGANMEDVED-PC_Sagan_HistoryPrediction.bin
2017-01-28 11:00 - 2017-01-28 11:00 - 04015056 _____ C:\Users\Sagan Medved\Desktop\adwcleaner_6.043.exe
2017-01-28 10:59 - 2017-01-28 10:59 - 00000554 _____ C:\Users\Sagan Medved\Desktop\JRT.txt
2017-01-28 10:39 - 2017-01-28 10:40 - 01663040 _____ (Malwarebytes) C:\Users\Sagan Medved\Desktop\JRT.exe
2017-01-27 20:11 - 2017-01-28 11:21 - 00000000 ____D C:\Users\Sagan Medved\Desktop\FRST
2017-01-26 16:32 - 2017-01-28 11:22 - 00000000 ____D C:\FRST
2017-01-26 16:12 - 2017-01-26 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-01-26 16:12 - 2017-01-26 16:12 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-01-26 16:09 - 2017-01-26 16:09 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Sagan Medved\Downloads\cbSetup.exe
2017-01-26 15:41 - 2017-01-26 15:42 - 00000000 ____D C:\Windows10Upgrade
2017-01-26 15:29 - 2017-01-28 11:06 - 00000000 ____D C:\AdwCleaner
2017-01-26 15:29 - 2017-01-26 15:29 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Sagan Medved\Downloads\tdsskiller.exe
2017-01-26 15:24 - 2017-01-26 15:25 - 34726608 _____ (Adlice Software ) C:\Users\Sagan Medved\Downloads\setup.exe
2017-01-26 15:24 - 2017-01-26 15:24 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sagan Medved\Downloads\mbar-1.09.3.1001.exe
2017-01-25 23:38 - 2017-01-25 23:38 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\48D0739C.sys
2017-01-25 22:17 - 2017-01-25 22:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-25 20:25 - 2017-01-28 11:09 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-25 20:25 - 2017-01-28 11:09 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-25 20:25 - 2017-01-28 11:09 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-25 20:25 - 2017-01-28 11:09 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-25 20:25 - 2017-01-28 11:09 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-25 20:25 - 2017-01-25 20:25 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-25 20:25 - 2017-01-25 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-25 20:25 - 2017-01-25 20:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-25 20:25 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-25 20:23 - 2017-01-25 20:23 - 55566792 _____ (Malwarebytes ) C:\Users\Sagan Medved\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-25 19:32 - 2017-01-26 14:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-25 18:56 - 2017-01-25 21:18 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-01-25 18:49 - 2017-01-25 21:33 - 00000000 ____D C:\Program Files\NJXC557SNT
2017-01-25 18:48 - 2017-01-25 18:48 - 00000000 ___HD C:\Program Files (x86)\Powerful
2017-01-25 18:48 - 2017-01-25 18:48 - 00000000 ___HD C:\Program Files (x86)\lynne
2017-01-25 18:48 - 2017-01-25 18:48 - 00000000 ___HD C:\Program Files (x86)\Bellville
2017-01-25 18:48 - 2017-01-25 18:48 - 00000000 ____D C:\Program Files (x86)\decisiveness
2017-01-25 18:46 - 2017-01-25 21:21 - 00000000 ____D C:\Program Files\COMODO
2017-01-25 18:46 - 2017-01-25 21:18 - 00000000 ____D C:\ProgramData\COMODO
2017-01-25 18:43 - 2017-01-25 21:23 - 00000000 ____D C:\Program Files\LL8VYM1JN7
2017-01-25 18:42 - 2017-01-25 19:51 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-25 18:41 - 2017-01-25 21:33 - 00000000 ____D C:\Program Files\LVVW700POX
2017-01-25 18:41 - 2017-01-25 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2017-01-25 18:41 - 2017-01-25 18:41 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-25 18:09 - 2017-01-25 18:09 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-01-25 18:09 - 2017-01-25 18:09 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-01-25 18:04 - 2017-01-25 18:07 - 00000000 ____D C:\InstallationID
2017-01-25 14:00 - 2017-01-25 14:00 - 03215038 _____ C:\WINDOWS\d5ff48ee7ab3f3aa306d1ff7bad7a4e7.exe
2017-01-25 02:43 - 2017-01-25 02:43 - 00008704 _____ (Matsu) C:\WINDOWS\filters.exe
2017-01-25 02:43 - 2017-01-25 02:43 - 00008704 _____ (Matsu) C:\Users\Sagan Medved\AppData\Local\matsu.exe
2017-01-25 01:02 - 2017-01-25 01:02 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign50322f1e5bf45233
2017-01-25 00:49 - 2017-01-25 00:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna2d612c18e8e01d8
2017-01-25 00:48 - 2017-01-25 00:48 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c3163bc182a03b
2017-01-25 00:33 - 2017-01-25 00:33 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2b33de9dd8224847
2017-01-25 00:24 - 2017-01-25 00:24 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign61396d1ab141a0c8
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignd96f1baa3bb4a723
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b8c982f00a55008
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign173b72d97f1bd37e
2017-01-24 20:36 - 2017-01-24 20:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign469e522edab8868f
2017-01-24 20:34 - 2017-01-24 20:34 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0b332405db9c42b4
2017-01-24 20:30 - 2017-01-24 20:30 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5f81cdd46171264a
2017-01-24 20:30 - 2017-01-24 20:30 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign051a922a61c47d40
2017-01-24 17:58 - 2017-01-24 17:58 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign362b5adfb2693638
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna94ac0557d88bad9
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7430b0ff825aa6d4
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6aebdaa212a1a973
2017-01-24 17:51 - 2017-01-24 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7c425440d10aa745
2017-01-24 17:49 - 2017-01-24 17:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigne014fa64187deb7e
2017-01-24 17:49 - 2017-01-24 17:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign68ddbfe32d8c54aa
2017-01-24 17:45 - 2017-01-24 17:45 - 00000000 ____D C:\ProgramData\Google
2017-01-24 17:40 - 2017-01-24 17:42 - 11759616 _____ C:\Users\Sagan Medved\Downloads\chromeremotedesktophost.msi
2017-01-24 17:39 - 2017-01-24 17:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-24 15:01 - 2017-01-24 16:49 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-23 14:46 - 2017-01-23 14:46 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7967e46a7069286b
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4bf11175df3af00
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigndad5bf72980014f8
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc459905a116bc828
2017-01-20 14:34 - 2017-01-24 15:01 - 00000036 _____ C:\WINDOWS\progress.ini
2017-01-20 14:26 - 2017-01-24 15:30 - 00000000 ___HD C:\$GetCurrent
2017-01-20 14:25 - 2017-01-20 14:25 - 00000000 ____D C:\WINDOWS\UpdateAssistant
2017-01-15 23:42 - 2017-01-15 23:42 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3dc65e1000ab5c44
2017-01-15 23:40 - 2017-01-15 23:40 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6b66b1facc85b7bc
2017-01-15 23:39 - 2017-01-15 23:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c6a5f6e6e31283
2017-01-15 23:39 - 2017-01-15 23:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc1c4c859217f4a41
2017-01-10 19:59 - 2016-12-21 05:12 - 01023208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-01-10 19:59 - 2016-12-21 05:10 - 00652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-10 19:59 - 2016-12-21 05:09 - 01538176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:59 - 2016-12-21 04:59 - 01591304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-10 19:59 - 2016-12-21 03:55 - 00983392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-01-10 19:59 - 2016-12-21 03:22 - 01365584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-10 19:59 - 2016-12-21 01:08 - 21855232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:59 - 2016-12-21 00:57 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-10 19:59 - 2016-12-21 00:04 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-10 19:59 - 2016-12-21 00:00 - 18796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:59 - 2016-11-11 01:22 - 00862024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-01-10 19:59 - 2016-11-11 01:17 - 01298000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-01-10 19:59 - 2016-11-11 01:17 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignfe1e2afb4d13c32e
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneefdbb8c86630055
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign89272f2712f8626f
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign16009bcc4c346c52
2017-01-03 06:45 - 2017-01-03 06:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign4cb5406b7b345a8c
2017-01-03 06:41 - 2017-01-03 06:41 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign117a2d30a77196cb
2017-01-03 06:39 - 2017-01-03 06:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7a1e560cb83b62fa
2017-01-03 06:38 - 2017-01-03 06:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b3967b54642efd6
2017-01-03 06:38 - 2017-01-03 06:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11e73c36d43e92dc
2017-01-01 21:42 - 2017-01-01 21:42 - 00000000 ____D C:\Users\Sagan Medved\AppData\LocalLow\BuKaGameStudio
2017-01-01 20:51 - 2017-01-01 20:51 - 00774825 _____ C:\Users\Sagan Medved\Downloads\steamcmd.zip
2017-01-01 20:32 - 2017-01-01 20:49 - 00000000 ____D C:\steamcmd
2017-01-01 20:32 - 2017-01-01 20:32 - 00000000 ____D C:\game-servers
2017-01-01 17:52 - 2017-01-01 17:52 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2cf240e3f83b1104
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf79d9ad20589acd1
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3e9afb9e43d26700
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2a454fc798711973
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign071969faf26c60c7
2017-01-01 17:45 - 2017-01-01 17:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign978d2c4a21ca0ae7
2017-01-01 17:38 - 2017-01-01 17:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5bc7007233ef0f5e
2017-01-01 17:37 - 2017-01-01 17:37 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11fe57d88b22b21f
2017-01-01 17:36 - 2017-01-01 17:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign1da317bb4c0d7ada
2017-01-01 17:35 - 2017-01-01 17:35 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignebb4714eb9bea694
2017-01-01 17:35 - 2017-01-01 17:35 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign932f1334b21ce07a
2017-01-01 04:44 - 2017-01-01 04:44 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncc84f0e1e6e94e97
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneec25a96089be3fa
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign56bee7fe0fc9ef61
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0f368d0194825825
2017-01-01 04:39 - 2017-01-01 04:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0adfcf23116e13cc
2017-01-01 04:32 - 2017-01-01 04:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna33e42b8bb42244a
2017-01-01 04:27 - 2017-01-01 04:27 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncbe7a5407a8c115a
2017-01-01 04:26 - 2017-01-01 04:26 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignaea9493a377fa1f0
2017-01-01 04:26 - 2017-01-01 04:26 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign832e639f17e88423
2017-01-01 03:57 - 2017-01-01 17:35 - 00001254 _____ C:\Users\Sagan Medved\Desktop\Photoshop.lnk
2017-01-01 03:45 - 2017-01-01 03:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf226bf6e51954d6b
2017-01-01 03:44 - 2017-01-01 03:44 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign353bf922cbfd6e93
2017-01-01 03:36 - 2017-01-01 03:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign52076e5747b358fe
2017-01-01 03:36 - 2017-01-01 03:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2f4bb7312d323d02
2017-01-01 03:33 - 2017-01-01 03:33 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6baf482f336217cd
2017-01-01 03:32 - 2017-01-01 03:32 - 00003668 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sagan.medved@gmail.com
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4216278cfe2135a
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna821c6227925c5d1
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2c04aa86ac23d6d9
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0841ca2c17a975a2
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-01 03:31 - 2017-01-01 03:31 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-01-01 03:31 - 2017-01-01 03:31 - 00000000 ____D C:\Users\Sagan Medved\Documents\Adobe
2017-01-01 03:26 - 2017-01-01 03:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-01 03:26 - 2017-01-01 03:26 - 00000000 ____D C:\Program Files\Adobe
2017-01-01 03:25 - 2017-01-03 05:57 - 00000000 ___RD C:\Users\Sagan Medved\Creative Cloud Files
2017-01-01 03:25 - 2017-01-01 03:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-01 03:21 - 2017-01-01 03:21 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-12-29 15:43 - 2016-11-19 05:29 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-29 15:43 - 2016-11-19 05:28 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-12-29 15:43 - 2016-11-19 05:26 - 08015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-29 15:43 - 2016-11-19 05:19 - 02640872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2016-12-29 15:43 - 2016-11-19 04:44 - 06525424 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-12-29 15:43 - 2016-11-19 04:44 - 01134792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-12-29 15:43 - 2016-11-19 04:43 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-12-29 15:43 - 2016-11-19 04:19 - 00671584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-12-29 15:43 - 2016-11-19 03:47 - 02369696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2016-12-29 15:43 - 2016-11-19 02:56 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-29 15:43 - 2016-11-19 02:55 - 01123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-12-29 15:43 - 2016-11-19 02:47 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\verifiergui.exe
2016-12-29 15:43 - 2016-11-19 02:43 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-29 15:43 - 2016-11-19 02:34 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-29 15:43 - 2016-11-19 02:19 - 01040384 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-29 15:43 - 2016-11-19 02:16 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-29 15:43 - 2016-11-19 02:04 - 01416704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-29 15:43 - 2016-11-19 01:48 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-12-29 15:43 - 2016-11-19 01:41 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\verifiergui.exe
2016-12-29 15:43 - 2016-11-19 01:40 - 03581952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-29 15:43 - 2016-11-19 01:36 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-29 15:43 - 2016-11-19 01:35 - 14247424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-12-29 15:43 - 2016-11-19 01:33 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-29 15:43 - 2016-11-19 01:22 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-29 15:43 - 2016-11-19 01:21 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-29 15:43 - 2016-11-19 01:20 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2016-12-29 15:43 - 2016-11-19 01:18 - 07528448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-29 15:43 - 2016-11-19 01:14 - 00939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-12-29 15:43 - 2016-11-19 00:49 - 12594688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-12-29 15:43 - 2016-11-19 00:39 - 01189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2016-12-29 15:43 - 2016-11-19 00:38 - 05456384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-29 15:43 - 2016-11-19 00:34 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-12-29 15:42 - 2016-11-19 05:45 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-29 15:42 - 2016-11-19 05:30 - 00432352 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-12-29 15:42 - 2016-11-19 05:29 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-29 15:42 - 2016-11-19 05:29 - 00605472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-29 15:42 - 2016-11-19 05:26 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-12-29 15:42 - 2016-11-19 05:25 - 02816016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-12-29 15:42 - 2016-11-19 05:25 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-29 15:42 - 2016-11-19 05:24 - 02495776 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-29 15:42 - 2016-11-19 05:21 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-29 15:42 - 2016-11-19 05:21 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-29 15:42 - 2016-11-19 05:20 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-12-29 15:42 - 2016-11-19 05:19 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-12-29 15:42 - 2016-11-19 05:17 - 00158072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-29 15:42 - 2016-11-19 05:16 - 02543784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-29 15:42 - 2016-11-19 05:16 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-12-29 15:42 - 2016-11-19 05:15 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-29 15:42 - 2016-11-19 04:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-12-29 15:42 - 2016-11-19 04:46 - 22326760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-29 15:42 - 2016-11-19 04:46 - 00724168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-12-29 15:42 - 2016-11-19 04:46 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-29 15:42 - 2016-11-19 04:44 - 00176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2016-12-29 15:42 - 2016-11-19 04:40 - 00365920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-12-29 15:42 - 2016-11-19 04:20 - 00224712 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-29 15:42 - 2016-11-19 04:18 - 01781416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-29 15:42 - 2016-11-19 04:17 - 01366672 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-29 15:42 - 2016-11-19 04:14 - 00231264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-29 15:42 - 2016-11-19 04:07 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-12-29 15:42 - 2016-11-19 04:04 - 00151904 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-29 15:42 - 2016-11-19 03:58 - 04046768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-29 15:42 - 2016-11-19 03:58 - 00365128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-12-29 15:42 - 2016-11-19 03:57 - 02153288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-29 15:42 - 2016-11-19 03:54 - 00439648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-12-29 15:42 - 2016-11-19 03:53 - 00877568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-29 15:42 - 2016-11-19 03:52 - 01766496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-29 15:42 - 2016-11-19 03:49 - 01895576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-29 15:42 - 2016-11-19 03:44 - 02188472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-29 15:42 - 2016-11-19 03:42 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-29 15:42 - 2016-11-19 03:42 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-29 15:42 - 2016-11-19 03:42 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-29 15:42 - 2016-11-19 03:26 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-12-29 15:42 - 2016-11-19 03:24 - 00524800 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-29 15:42 - 2016-11-19 03:24 - 00374784 _____ C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-29 15:42 - 2016-11-19 03:23 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-29 15:42 - 2016-11-19 03:23 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2016-12-29 15:42 - 2016-11-19 03:16 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-12-29 15:42 - 2016-11-19 03:14 - 20862488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-29 15:42 - 2016-11-19 03:13 - 00565648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-12-29 15:42 - 2016-11-19 03:11 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-29 15:42 - 2016-11-19 03:08 - 00303448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-12-29 15:42 - 2016-11-19 03:03 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2016-12-29 15:42 - 2016-11-19 03:02 - 02902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-12-29 15:42 - 2016-11-19 03:02 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-29 15:42 - 2016-11-19 03:00 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-29 15:42 - 2016-11-19 02:55 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-29 15:42 - 2016-11-19 02:55 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-29 15:42 - 2016-11-19 02:55 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2016-12-29 15:42 - 2016-11-19 02:54 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-12-29 15:42 - 2016-11-19 02:53 - 03792896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-29 15:42 - 2016-11-19 02:53 - 00185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-29 15:42 - 2016-11-19 02:50 - 01516968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-29 15:42 - 2016-11-19 02:50 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-12-29 15:42 - 2016-11-19 02:49 - 04847616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-12-29 15:42 - 2016-11-19 02:44 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-12-29 15:42 - 2016-11-19 02:44 - 00814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\provcore.dll
2016-12-29 15:42 - 2016-11-19 02:41 - 00345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-12-29 15:42 - 2016-11-19 02:41 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-12-29 15:42 - 2016-11-19 02:41 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-12-29 15:42 - 2016-11-19 02:41 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-12-29 15:42 - 2016-11-19 02:40 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassvcs.dll
2016-12-29 15:42 - 2016-11-19 02:37 - 00120672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-29 15:42 - 2016-11-19 02:34 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-12-29 15:42 - 2016-11-19 02:25 - 12514816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-29 15:42 - 2016-11-19 02:24 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-29 15:42 - 2016-11-19 02:22 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-12-29 15:42 - 2016-11-19 02:21 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgrade.exe
2016-12-29 15:42 - 2016-11-19 02:20 - 03170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-29 15:42 - 2016-11-19 02:20 - 01686528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-29 15:42 - 2016-11-19 02:20 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-29 15:42 - 2016-11-19 02:20 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-29 15:42 - 2016-11-19 02:19 - 02839040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-12-29 15:42 - 2016-11-19 02:19 - 00775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-29 15:42 - 2016-11-19 02:19 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-29 15:42 - 2016-11-19 02:18 - 02350080 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-29 15:42 - 2016-11-19 02:18 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2016-12-29 15:42 - 2016-11-19 02:17 - 02253824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-12-29 15:42 - 2016-11-19 02:15 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-29 15:42 - 2016-11-19 02:14 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-29 15:42 - 2016-11-19 02:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-29 15:42 - 2016-11-19 02:11 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-12-29 15:42 - 2016-11-19 02:08 - 05448704 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-12-29 15:42 - 2016-11-19 02:08 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2016-12-29 15:42 - 2016-11-19 02:08 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-29 15:42 - 2016-11-19 02:02 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-29 15:42 - 2016-11-19 01:59 - 00819712 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2016-12-29 15:42 - 2016-11-19 01:59 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-29 15:42 - 2016-11-19 01:58 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-29 15:42 - 2016-11-19 01:57 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-29 15:42 - 2016-11-19 01:56 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-29 15:42 - 2016-11-19 01:54 - 02599424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-12-29 15:42 - 2016-11-19 01:54 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-12-29 15:42 - 2016-11-19 01:52 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-29 15:42 - 2016-11-19 01:50 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2016-12-29 15:42 - 2016-11-19 01:48 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-29 15:42 - 2016-11-19 01:48 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-29 15:42 - 2016-11-19 01:48 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-12-29 15:42 - 2016-11-19 01:48 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-29 15:42 - 2016-11-19 01:48 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2016-12-29 15:42 - 2016-11-19 01:47 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2016-12-29 15:42 - 2016-11-19 01:45 - 04453888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-12-29 15:42 - 2016-11-19 01:43 - 03873280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-12-29 15:42 - 2016-11-19 01:43 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-29 15:42 - 2016-11-19 01:42 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-29 15:42 - 2016-11-19 01:41 - 04168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2016-12-29 15:42 - 2016-11-19 01:41 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-12-29 15:42 - 2016-11-19 01:40 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-29 15:42 - 2016-11-19 01:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provcore.dll
2016-12-29 15:42 - 2016-11-19 01:39 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-29 15:42 - 2016-11-19 01:39 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-12-29 15:42 - 2016-11-19 01:37 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-12-29 15:42 - 2016-11-19 01:37 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-12-29 15:42 - 2016-11-19 01:37 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-12-29 15:42 - 2016-11-19 01:37 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassvcs.dll
2016-12-29 15:42 - 2016-11-19 01:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-12-29 15:42 - 2016-11-19 01:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-29 15:42 - 2016-11-19 01:32 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-12-29 15:42 - 2016-11-19 01:32 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-12-29 15:42 - 2016-11-19 01:32 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-29 15:42 - 2016-11-19 01:31 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2016-12-29 15:42 - 2016-11-19 01:28 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-12-29 15:42 - 2016-11-19 01:28 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2016-12-29 15:42 - 2016-11-19 01:27 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-12-29 15:42 - 2016-11-19 01:26 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-29 15:42 - 2016-11-19 01:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-29 15:42 - 2016-11-19 01:24 - 03420160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2016-12-29 15:42 - 2016-11-19 01:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-29 15:42 - 2016-11-19 01:23 - 04398592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-29 15:42 - 2016-11-19 01:22 - 02639360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-29 15:42 - 2016-11-19 01:22 - 01492992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-29 15:42 - 2016-11-19 01:22 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-29 15:42 - 2016-11-19 01:22 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-29 15:42 - 2016-11-19 01:22 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-12-29 15:42 - 2016-11-19 01:21 - 02198016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2016-12-29 15:42 - 2016-11-19 01:21 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-29 15:42 - 2016-11-19 01:20 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-29 15:42 - 2016-11-19 01:18 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-29 15:42 - 2016-11-19 01:16 - 07502848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-12-29 15:42 - 2016-11-19 01:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-12-29 15:42 - 2016-11-19 01:08 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-29 15:42 - 2016-11-19 01:08 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2016-12-29 15:42 - 2016-11-19 01:08 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-29 15:42 - 2016-11-19 01:07 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-29 15:42 - 2016-11-19 01:07 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgcore.dll
2016-12-29 15:42 - 2016-11-19 01:00 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-29 15:42 - 2016-11-19 00:59 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-29 15:42 - 2016-11-19 00:57 - 03692032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-12-29 15:42 - 2016-11-19 00:56 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-29 15:42 - 2016-11-19 00:54 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2016-12-29 15:42 - 2016-11-19 00:53 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-12-29 15:42 - 2016-11-19 00:50 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-29 15:42 - 2016-11-19 00:48 - 00565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-12-29 15:42 - 2016-11-19 00:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-12-29 15:42 - 2016-11-19 00:42 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-29 15:42 - 2016-11-19 00:38 - 11271168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-29 15:42 - 2016-11-19 00:35 - 06713856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-12-29 15:42 - 2016-11-19 00:27 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgcore.dll
2016-12-29 15:42 - 2016-11-10 22:01 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-29 15:42 - 2016-11-10 21:37 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-29 15:41 - 2016-11-19 03:07 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 11:25 - 2013-08-09 23:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-28 11:21 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 11:20 - 2013-08-09 15:04 - 00000000 ____D C:\Users\Sagan Medved\AppData\Roaming\Skype
2017-01-28 11:19 - 2014-10-15 18:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-28 11:08 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-28 11:08 - 2013-08-09 11:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-28 11:07 - 2015-07-10 04:05 - 53477376 ___SH C:\WINDOWS\system32\config\BBI
2017-01-28 10:52 - 2013-08-09 23:12 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Adobe
2017-01-28 10:46 - 2014-02-05 21:20 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A73E510-92AB-418A-913D-F33CDB63AC1F}
2017-01-28 10:41 - 2016-06-18 20:37 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\CrashDumps
2017-01-27 20:27 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 20:22 - 2013-11-24 15:46 - 00000000 ____D C:\Users\Sagan Medved\AppData\LocalLow\Temp
2017-01-26 16:23 - 2015-08-06 23:54 - 00000000 ____D C:\Users\Sagan Medved
2017-01-26 14:48 - 2014-12-28 14:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Ubisoft Game Launcher
2017-01-26 14:48 - 2014-12-28 14:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-01-26 14:47 - 2014-02-19 17:12 - 00000000 ____D C:\Fraps
2017-01-26 14:47 - 2013-10-14 11:23 - 01615654 _____ C:\WINDOWS\ntbtlog.txt
2017-01-25 22:21 - 2015-11-27 08:00 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-01-25 22:18 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2017-01-25 21:42 - 2015-08-24 23:32 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-25 21:32 - 2016-07-05 18:17 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-01-25 21:24 - 2016-07-05 18:12 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Battle.net
2017-01-25 21:24 - 2014-05-21 15:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-25 21:14 - 2016-07-05 18:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 21:09 - 2016-11-25 10:28 - 00000000 ____D C:\ProgramData\Origin
2017-01-25 20:25 - 2013-10-14 11:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-25 20:15 - 2014-01-21 14:28 - 00000000 ____D C:\Program Files\OBS
2017-01-25 18:57 - 2015-08-07 03:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-25 18:41 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-25 18:41 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-24 22:40 - 2016-04-18 12:34 - 00000000 ____D C:\Users\Sagan Medved\AppData\Roaming\obs-studio
2017-01-24 20:49 - 2016-12-05 22:53 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-01-24 17:43 - 2013-09-08 10:42 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-24 15:30 - 2015-08-07 03:42 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-24 15:30 - 2015-08-06 23:16 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2017-01-24 15:30 - 2015-08-06 23:16 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 15:23 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2017-01-24 00:54 - 2014-02-20 19:31 - 00000000 ____D C:\Users\Sagan Medved\Documents\Movie Studio Platinum 13.0 Projects
2017-01-23 15:36 - 2016-10-22 14:15 - 00024781 _____ C:\Users\Sagan Medved\Desktop\Movies.xlsx
2017-01-21 15:15 - 2015-08-06 23:52 - 01005666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-20 15:01 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-19 13:58 - 2013-08-09 15:04 - 00000000 ____D C:\ProgramData\Skype
2017-01-18 16:47 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 16:46 - 2013-09-12 15:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-17 21:03 - 2014-01-06 16:19 - 00000000 ____D C:\Users\Sagan Medved\AppData\Roaming\Audacity
2017-01-13 18:04 - 2015-12-24 15:30 - 00014326 _____ C:\Users\Sagan Medved\Desktop\Paswerdspls.xlsx
2017-01-13 15:14 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 15:08 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 15:02 - 2013-08-09 11:34 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 19:34 - 2015-03-09 22:07 - 00203288 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzudd.sys
2017-01-09 16:07 - 2015-08-07 00:23 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Packages
2017-01-09 16:05 - 2013-09-12 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-07 04:09 - 2015-08-07 00:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-07 04:05 - 2015-07-10 07:20 - 00240960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-07 04:01 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-07 04:01 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-07 04:01 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-07 04:01 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-03 15:55 - 2014-12-16 00:02 - 00000000 ____D C:\Users\Sagan Medved\Documents\School
2017-01-01 17:51 - 2013-08-09 23:13 - 00000000 ____D C:\Users\Sagan Medved\AppData\Roaming\Adobe
2017-01-01 03:28 - 2014-02-23 17:35 - 00000000 ____D C:\ProgramData\Adobe
2017-01-01 03:20 - 2014-02-23 17:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-29 04:18 - 2015-07-10 06:04 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-29 04:12 - 2016-01-28 19:28 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-29 04:11 - 2013-09-27 14:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-29 04:11 - 2013-09-12 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 04:10 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-12-29 04:10 - 2015-07-10 06:04 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-29 04:09 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2014-04-15 13:44 - 2014-04-15 13:44 - 0000069 _____ () C:\Users\Sagan Medved\AppData\Roaming\mbam.context.scan
2015-04-12 19:39 - 2015-04-12 19:39 - 0002896 _____ () C:\Users\Sagan Medved\AppData\Roaming\TargetInvocationLog.txt
2014-02-23 17:36 - 2014-02-23 17:36 - 0000043 _____ () C:\Users\Sagan Medved\AppData\Roaming\WB.CFG
2017-01-25 02:43 - 2017-01-25 02:43 - 0008704 _____ (Matsu) C:\Users\Sagan Medved\AppData\Local\matsu.exe
2013-12-26 23:54 - 2013-12-26 23:54 - 0000873 _____ () C:\Users\Sagan Medved\AppData\Local\recently-used.xbel
2014-05-05 19:01 - 2014-05-05 19:01 - 0000003 _____ () C:\Users\Sagan Medved\AppData\Local\updater.log
2014-05-05 19:01 - 2015-10-02 19:02 - 0000424 _____ () C:\Users\Sagan Medved\AppData\Local\UserProducts.xml
2015-08-06 23:46 - 2015-08-06 23:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-15 17:45 - 2016-08-29 20:32 - 0002254 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-24 13:56
 
==================== End of FRST.txt ============================
 
And finally the Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Sagan (28-01-2017 11:38:00)
Running from C:\Users\Sagan Medved\Desktop\FRST
Windows 10 Pro (X64) (2015-08-07 05:23:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1491799989-36793466-3983917921-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1491799989-36793466-3983917921-503 - Limited - Disabled)
Guest (S-1-5-21-1491799989-36793466-3983917921-501 - Limited - Disabled)
Sagan (S-1-5-21-1491799989-36793466-3983917921-1000 - Administrator - Enabled) => C:\Users\Sagan Medved
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 (HKLM\...\UDK-9fe5b73b-77b8-44ca-bd1d-d063b81ab952) (Version:  - RuneStorm
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Action Replay DSi Code Manager (HKLM-x32\...\Action Replay DSi Code Manager_is1) (Version:  - )
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 40.50331906.50331906.36513752 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version:  - Treyarch)
Call of Duty: Black Ops III Beta (HKLM-x32\...\Steam App 388520) (Version:  - Treyarch)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Dead Realm (HKLM-x32\...\Steam App 352460) (Version:  - Section Studios)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version:  - Trendy Entertainment)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version:  - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Wars 3: Dimensions (HKLM-x32\...\Steam App 310790) (Version:  - Lucid Games)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Horizon v2.7.1.4 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.1.4 - Daring Development Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Hunger Dungeon (HKLM\...\Steam App 513560) (Version:  - Buka Game Studio)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Kerbal Space Program Demo (HKLM-x32\...\Steam App 231410) (Version:  - Squad)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lego Star Wars Saga (HKLM-x32\...\Steam App 32440) (Version:  - Traveller's Tales)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
LOOT version 0.8.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.0 - LOOT Team)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{2A6118E1-2BF0-11E5-8A11-F04DA23A5C58}) (Version: 13.0.955 - Sony)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.4 - OBS Project)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pokémon Trading Card Game Online (HKLM-x32\...\{E46A5439-C642-43B5-A639-107662FF9A49}) (Version: 2.25.0 - The Pokémon Company International)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.3.0 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls IV: Oblivion  (HKLM\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Walking Dead (HKLM-x32\...\067a7675-cf5e-456d-ab72-615e3bbb34ce) (Version:  - TEQWP)
The Walking Dead: Season Two (HKLM-x32\...\632a1869-fcfe-4a96-b7f2-47057a7d6daf) (Version:  - TEQWP)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Unity Web Player (HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
UpdateAssistant (x32 Version: 1.3.0.0 - Microsoft Corporation) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Viscera Cleanup Detail: Santas Rampage
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Who's Your Daddy Alpha version 0.1.1 (HKLM-x32\...\{1BE05F6C-F9EB-491B-AE8A-A4B77F60DF4D}_is1) (Version: 0.1.1 - Joe Williams)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd)
XSplit Broadcaster (HKLM-x32\...\{A78B7DC1-1118-4FA7-8FE1-3A75FCF0896B}) (Version: 2.7.1602.2231 - SplitmediaLabs)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1491799989-36793466-3983917921-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1491799989-36793466-3983917921-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11D843BE-388A-4E9B-915C-269FF4A3B6A0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16BF011F-1AF0-4FBE-90AE-21F15330AF17} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {188A1C4D-E62A-47B1-85F9-F7696EEA4A87} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {27BBB388-6D52-4B11-BE1E-1E08B990EE6C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A6444FD-D9E9-49B1-82F6-56E7BBA945EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35527F02-DABB-41DB-9226-0E640335D21B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sagan.medved@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {3644A62B-1DF6-4A80-9542-8CF63728C245} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {443004C8-95D2-4EF0-B8D6-15671788E429} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {44944AAE-C8D2-4047-A8FB-C3861B9970A7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {449A6EA1-074A-4D19-8FE7-BDDFBADFC57A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5B16A1C1-A419-4D05-9142-82E624BA7414} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6585F39A-7E16-4FF7-BE15-ADDB2940CCEB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6EC0D097-5CC6-468B-B441-FEEDE8B9CAF5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6FB6943D-AB7B-4CDF-9F4A-D3E97986DDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {72A6D095-B1AB-4881-B96A-C312C8699D86} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {72B4AAF4-4AD3-4952-BC64-089E0ACD8A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F2F6B28-3AF0-480D-9E31-C3B37867F8E6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {85BEE0F9-5DB3-446F-8F25-B723708D9B75} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation)
Task: {864C147C-C399-4F71-813C-2D614B44A709} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {89CE9AE8-DA25-49D9-966F-D9930498320D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {962D4262-A1D0-421F-A53E-1E78F1265B85} - System32\Tasks\{EC7658EE-4BE4-4C8F-A14A-E2C9F509C98F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {9CE661A3-184B-473A-9F66-B3DE98CB08DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)
Task: {A31D47DD-7550-4E64-B02A-EE9A12BC551D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A922C3C0-0282-4722-B0B1-2EB88E111537} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CFF1CB00-18EC-4E7B-9F9A-BA2F0A0912A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D6351EE8-D824-4362-8E7B-6152853487CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6CC2955-5F34-4258-BFDA-9156976E487D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA681F02-5313-4967-8961-44079C57C66B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F0525B8B-7AF0-4EE9-B20C-297C8F618DC4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F2BA6C1B-E906-41A9-B05C-71FFB304CC5B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3FEA9CC-97BD-40AB-A58D-E5B0FC384D75} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA0DF77E-E095-40F9-A6A9-01B96DEC37AF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-07 03:38 - 2015-08-07 03:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2013-08-09 11:35 - 2016-06-02 22:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-16 15:51 - 2016-10-25 02:15 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-06-04 14:06 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-25 20:25 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-25 20:25 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-29 15:42 - 2016-11-19 05:24 - 02495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-15 10:58 - 2016-06-03 02:22 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-29 15:42 - 2016-11-19 05:24 - 02495776 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-21 16:12 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-01 15:40 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-12-29 15:42 - 2016-11-19 01:09 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-29 15:42 - 2016-11-19 01:06 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-29 15:42 - 2016-11-19 01:06 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:41 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-25 02:43 - 2017-01-25 02:43 - 00068880 _____ () C:\Program Files (x86)\lynne\conceptualization.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-12-21 02:55 - 2015-12-21 02:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-06 15:30 - 2016-06-03 02:22 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-15 18:03 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 11:37 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-10-15 18:03 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 11:37 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 11:37 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-15 18:03 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-15 18:03 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-15 18:03 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-15 18:03 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-15 18:03 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-15 18:03 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:20 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-01-05 20:11 - 2016-01-05 20:11 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-26 16:45 - 2015-08-27 16:30 - 40622592 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2016-12-09 15:09 - 2016-12-09 15:09 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-12-12 14:46 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2014-10-15 18:03 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-12-09 15:09 - 2016-12-09 15:09 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-02-05 11:17 - 2015-10-06 14:26 - 50656768 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-08-26 16:45 - 2015-08-27 16:30 - 00911360 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-08-26 16:45 - 2015-08-27 16:30 - 00134144 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2016-02-05 11:17 - 2015-10-06 14:26 - 01874944 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-02-05 11:17 - 2015-10-06 14:26 - 00075264 _____ () C:\Users\Sagan Medved\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\line6.net -> line6.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-01-25 22:01 - 00001886 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sagan Medved\Pictures\Wallpapers\Other Wallpaper\Finish\triple space.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1491799989-36793466-3983917921-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{02DAB77C-354B-4793-9052-BF7068349665}] => E:\SteamLibrary\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{EDCEEE07-5BC5-4D13-92C0-5A74FC7C4392}] => E:\SteamLibrary\steamapps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{00B51B55-18BC-404A-95AD-54C9266DFFB1}] => E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{470BB62A-CA27-4C42-8629-61489939B21C}] => E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{FA714D4C-FF91-4A66-9EF8-6B3AE06120A2}] => LPort=27015
FirewallRules: [{2259B8F5-BB0D-4354-9AB2-49134D2CED19}] => LPort=27015
FirewallRules: [UDP Query User{8F360861-A518-4776-9182-E8D0409F6E30}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{75347F12-79B0-4467-96DC-DCFD00425211}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{12A451EC-8837-40BF-9269-05B868EE979C}] => E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{74025FFB-678A-437A-8037-056D7D856912}] => E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [UDP Query User{FB7F706D-5B34-4A56-8568-70F29967674F}C:\program files\java\jre1.8.0_31\bin\java.exe] => C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{57B22195-9AAA-45FE-9795-5205A94F8480}C:\program files\java\jre1.8.0_31\bin\java.exe] => C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{37336173-9AD0-4AFF-9C2A-579098BD924D}] => E:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{70BA5CFD-BC55-49E7-860A-60091237C651}] => E:\SteamLibrary\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{7963D5A7-65E2-4B6A-8C95-E705F888AAB7}] => E:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{7C4E2DCF-DE81-43C9-BFE0-8193E2F157C1}] => E:\SteamLibrary\steamapps\common\DB Xenoverse\DBXV.exe
FirewallRules: [UDP Query User{83B6FCB6-80ED-4B60-BAB6-6721A47EAEE7}C:\users\sagan medved\desktop\skyrim all\tamrielonline_live_server.exe] => C:\users\sagan medved\desktop\skyrim all\tamrielonline_live_server.exe
FirewallRules: [TCP Query User{CA466E62-3A81-42B9-B70C-0B5204C78A42}C:\users\sagan medved\desktop\skyrim all\tamrielonline_live_server.exe] => C:\users\sagan medved\desktop\skyrim all\tamrielonline_live_server.exe
FirewallRules: [UDP Query User{01605073-0F9D-46B3-8818-9B34F2F20911}C:\users\sagan medved\desktop\skyrim all\tamrielonline_test_server.exe] => C:\users\sagan medved\desktop\skyrim all\tamrielonline_test_server.exe
FirewallRules: [TCP Query User{ECC7FEF4-3989-4FD4-9695-D6D8B762BD22}C:\users\sagan medved\desktop\skyrim all\tamrielonline_test_server.exe] => C:\users\sagan medved\desktop\skyrim all\tamrielonline_test_server.exe
FirewallRules: [{83B654B9-E49B-4CB0-A373-000BD1312B72}] => E:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0E14A0E4-EDF4-40EC-A3B3-2D24D1299F9E}] => E:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{81408FD7-3024-4EA7-B3E3-DDA7524481ED}] => E:\SteamLibrary\steamapps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{EE0C87E1-D571-4214-8C28-DB8D7A155A53}] => E:\SteamLibrary\steamapps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{56479631-53AD-4D6E-B5A3-3F3E7FE69A57}] => E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{6EAB5EB6-A7C1-4970-A897-0E98DCA78A99}] => E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{C20264B1-2035-42E4-889A-C9CB31925C7B}] => E:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{428829FB-66EC-4E08-8260-8DCF3D1A08C9}] => E:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{65E5EB5E-0117-4B7A-9FCD-07FB7EFDFFD3}] => C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{C301C750-9361-4FFC-A615-F1ADB4E3928C}] => C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{BECD850B-B161-4F45-B07D-8D12C7CA7039}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4D36270D-858C-4003-BE2A-64B33A181D98}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6B93108A-EBF4-4F5F-A36F-952453177B05}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{161BF0EF-1B9E-4F20-AADF-B33B2AA75AE5}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F85D9C12-B01B-4FA2-8342-9C2D66452F95}] => E:\SteamLibrary\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{393A6292-8D01-4982-93E7-5CAAA7A8DA1C}] => E:\SteamLibrary\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{56241168-5A7F-45E5-B90B-442AD7239A99}] => E:\SteamLibrary\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{E36828D8-D88F-4618-9E52-C1911EDB6A2E}] => E:\SteamLibrary\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [UDP Query User{6795F8D9-DEA1-46E3-BD42-D53D3CCD38A1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A796EE63-4E21-4BB0-B0FB-0A56456F9DF0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{954440DF-D8E7-41D8-8C50-5AB501455C44}] => C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{2422D80C-486F-4B55-9FA4-BD5449AF1813}] => C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [UDP Query User{CECE4A84-0974-46CC-921A-79D3765874B1}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{F9CAA1E4-527A-4263-9657-20295174534E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{773DD9B4-01FF-4F3F-89DE-4A78A39520F7}] => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3F190E11-E096-42E0-81CC-25D0F1C7ED1C}] => C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{5496076F-4F98-4E4D-B23F-703307F9865C}] => C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{2D2A15FF-0BEF-4399-AAB0-DF5B40195AB5}] => C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{DDD2221E-2461-4033-B897-06A4D7502459}] => C:\Program Files (x86)\Steam\SteamApps\common\Geometry Wars 3 - Dimensions\GW3.exe
FirewallRules: [{824557D9-65C4-4045-BF16-653E63B6E998}] => C:\Program Files (x86)\Steam\SteamApps\common\Geometry Wars 3 - Dimensions\GW3.exe
FirewallRules: [{9CF1A303-F24D-4094-B4B9-51AEED2EE745}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{ADFF4E13-8475-4C04-82B6-1054FA9CAC5E}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{2D8CCA3A-6804-4688-9EE0-7CDE0523612B}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{A04C238B-7E26-4AA9-A590-2521F8BE11EB}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{42D4C56B-5161-4968-A8CF-FC27572B2529}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{9D47ABDF-57A2-437F-86D4-2A1C69CC1DFD}] => E:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{FD353DD9-F607-49F3-9673-13DC4F5DA807}] => E:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{FC475270-F2D2-422E-B9D2-EE10F890AF04}] => E:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{1814CB3A-BBA4-4B99-9ACC-D46515244CBA}] => E:\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{1D6E9B23-2CA6-4EE9-BD9D-F8466BE5B152}] => E:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A3060964-3A85-441C-9A51-01D354C00D1C}] => E:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{4ACFF3DF-8662-45B3-9050-4D706B44513E}] => E:\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{070190F8-1584-4CFC-87D6-1281DF7D30E4}] => E:\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [UDP Query User{93DC5ED1-ACF2-4CBC-9540-01005FB1A3AE}C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe
FirewallRules: [TCP Query User{7337AB05-15A5-48B1-B3F0-F99B5AFBEE4A}C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe
FirewallRules: [{6C3C34D2-A7B6-43A2-BD71-B1AFE18442BA}] => E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{84C7EB24-B5DC-4E58-A50B-21AD8A51BBE6}] => E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [UDP Query User{031255C9-AA9F-4AFB-A3B7-AEC9EC4F46EF}E:\steam\steamapps\common\garrysmod\hl2.exe] => E:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [TCP Query User{CE642118-45B9-4085-86EB-F83D629266AF}E:\steam\steamapps\common\garrysmod\hl2.exe] => E:\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{D1C0EEF4-D049-478E-9630-E7340E68FA74}] => E:\Steam\Steam.exe
FirewallRules: [{16929EC9-815E-4B06-BDCA-28CA3559160C}] => E:\Steam\Steam.exe
FirewallRules: [UDP Query User{BAF622A2-83C8-4CA5-9E99-7100E5CCDEA7}C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe
FirewallRules: [TCP Query User{24F5B613-3DF5-4357-B1E8-2515E6090140}C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe
FirewallRules: [UDP Query User{F01F4F68-FEA5-4848-B989-CD3EB1DDA41A}C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe
FirewallRules: [TCP Query User{DAAD6C93-5ED4-48E5-8B27-96D08FB429BE}C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe
FirewallRules: [UDP Query User{4000631E-1E2B-47C9-85D6-13C6D266E34B}C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe
FirewallRules: [TCP Query User{A2982811-873B-48E5-978B-52DE100CB54A}C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe
FirewallRules: [{50D3C09E-17CE-4435-86E3-6AFDF6B765FC}] => C:\Program Files (x86)\Steam\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{09BC32F2-B1C2-4FFB-8BA8-4A9B9885BD0A}] => C:\Program Files (x86)\Steam\SteamApps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [UDP Query User{22DB975B-6144-4957-BADB-88BB96D72CE0}C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe
FirewallRules: [TCP Query User{8EC549F4-4EDB-4BCD-9D6A-C0A44F837030}C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe
FirewallRules: [UDP Query User{475D886D-26F6-4500-8506-011E9AB9B257}C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe
FirewallRules: [TCP Query User{41BDA7BB-B6D3-4454-B5AD-37FBACADB3FB}C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe
FirewallRules: [{A3DE008E-3CDB-4A71-B7A2-C0EE19D23977}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F2FDB1E1-C3BC-493E-AEC0-FEC28983279A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7EE89D1-D7E7-4CBA-91B5-1B2BE77D993C}] => C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe
FirewallRules: [{B0FB5E0A-03D6-4DC8-8F11-9AFA231B1778}] => C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe
FirewallRules: [{9DB37A64-97A1-4706-BADC-480366330099}] => C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe
FirewallRules: [{3FB86D44-2E5E-4E3A-9EEA-C8CE3DB16F78}] => C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe
FirewallRules: [{0E78FD0E-B0D5-45B0-A5E7-6E8729A043FE}] => LPort=1900
FirewallRules: [{2D3B0D72-1F03-4250-9031-4341751EC525}] => LPort=2869
FirewallRules: [{63AD331A-DFEA-4FF8-B0F4-85FE73000B2F}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{4121B5F1-E487-4DFF-9B45-1FCA88714F71}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{8B5C1FB4-89A4-4E56-BDE0-F8AAE6B9672F}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{CB81D92F-EC8A-4583-9292-32D2129CB567}] => C:\Program Files (x86)\Steam\SteamApps\common\Guacamelee\Guac.exe
FirewallRules: [{AB4AF3CE-F94B-4AFC-81DB-CDA4E56368F7}] => C:\Program Files (x86)\Steam\SteamApps\common\Guacamelee\Guac.exe
FirewallRules: [{F9AE0067-3814-4C7C-BE3D-77D9209A30B6}] => C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6028F46F-91AE-4F41-A8FD-9C85FD5E9471}] => C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8F3A352B-17EC-437F-90E6-276DFB20FE99}] => C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{36E8551E-AA98-4DFC-9BF8-8D4A719C49F6}] => C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{3CF19B65-DAEE-45BE-AE5B-7B5CD5583FC3}] => C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{A6B52676-654B-44B7-9B5D-3C4888E12C88}] => C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [UDP Query User{44767168-9E51-44B2-81D5-9E16C20FCB95}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{B5DC03EF-5CF9-452C-B55B-D7A7C3EE999C}C:\program files\java\jre7\bin\java.exe] => C:\program files\java\jre7\bin\java.exe
FirewallRules: [{1A3A58F0-946F-450E-895E-ABDE66598C43}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19DAA036-2C97-4FB7-B525-FFE1F94FA0A5}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2F69689E-5EE6-43E9-8A27-19D9B7665BD1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEE33400-85D4-4EAE-BBD7-908CB0C6E151}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E507359F-B9B5-42D8-98FC-7DB57615A615}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E36D161A-0553-4794-B7E8-2B85A676B544}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD98D771-093D-4E6B-829B-578D0F8E15FB}] => C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\UDKLift.exe
FirewallRules: [{B0A8C2D8-D30A-4F10-8FF1-E253D2A96FEC}] => C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\UDKLift.exe
FirewallRules: [{F19542B2-72FF-4E05-877D-FBDAF8485BD2}] => C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{54FB7FCC-5932-4577-B1A4-30D38DB01231}] => C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [UDP Query User{AB09432E-EC8E-4AF5-8385-43772BA94EB9}C:\users\sagan medved\desktop\servers\garrysmod\gmod\srcds.exe] => C:\users\sagan medved\desktop\servers\garrysmod\gmod\srcds.exe
FirewallRules: [TCP Query User{08156F2B-84AF-481B-918E-AC8D32A050BA}C:\users\sagan medved\desktop\servers\garrysmod\gmod\srcds.exe] => C:\users\sagan medved\desktop\servers\garrysmod\gmod\srcds.exe
FirewallRules: [{10C86433-9C89-4B60-89A2-26A80B6BF185}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{44775A8E-7D2D-4913-8DC5-6AF2B9C53CE2}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [UDP Query User{7F92C623-1400-4517-A130-75CA255B20E0}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [TCP Query User{997F2D01-665E-4E62-ACAD-48E85BD8244D}C:\gmod\srcds.exe] => C:\gmod\srcds.exe
FirewallRules: [UDP Query User{71B6DD4F-94CE-4001-9497-9F35A3048869}C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe
FirewallRules: [TCP Query User{670F0F11-FEA7-4921-95E0-457D17E7BB06}C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe] => C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe
FirewallRules: [{4531E464-044D-4B58-B69F-FB4770789A1D}] => C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{82FC7B6E-C670-471C-877C-3E9DE3346180}] => C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{04CC91C7-EE04-4EE4-B5C1-19C2187A37CC}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{99858C1A-A70F-4328-A5F2-D08A0CE6CF5E}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3290B5AF-97F6-4AA2-A245-C34F3FEE9977}] => C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{311306DA-016B-441C-A42F-29DAF194384D}] => C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{E8258E0B-2A0C-4DCD-B777-F48EED8B61F0}] => LPort=25565
FirewallRules: [{943D89AD-A40B-497B-AD0F-83263C1AF072}] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{FF657031-BA4D-4916-8944-1E50EB49D892}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C8CA10F5-89B2-491F-A5B9-A4CFCB38BC68}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{00923D8A-E38A-438C-A449-E513F5B4E510}] => C:\windows\system32\java.exe
FirewallRules: [{5E92821F-4AFD-44CE-9EB5-25C49500F333}] => LPort=25565
FirewallRules: [{C30A3C8A-CDCA-43CF-8931-5C92017B1FF9}] => LPort=25565
FirewallRules: [{B21FFD12-BF02-49AF-85BE-137FA3F9D732}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C06772DF-DFDD-46EA-BF19-678C44A407AE}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{50B1FEA3-415B-4A73-81B4-D5B92802F369}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CF4189AC-814E-4386-B801-EAB207936164}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{441079D2-3354-47F7-B215-50F0EA0A8EFB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6E22FB59-2415-4FCC-A8F2-85BFC1787AA7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CABF007E-AD0F-42C4-8916-0002EE09BBCD}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{A1A69E8C-8DC8-432B-A53B-4E8016F1AF19}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8C427DB7-3BD6-4CC5-B916-6D97FE88A804}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{6453CAA3-FC57-4656-81FB-B993D7F38EB2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{802BA9AF-903D-4D43-82FD-C98D243EF5B0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{854EAF9D-EAE3-4C9A-8EDC-6101E32497C7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C732496F-EEB7-4FD8-8E98-63109B7EDD49}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5A4F307B-71A9-487A-9C3E-A9639D88C0FF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [UDP Query User{FA240256-877D-4FCD-9AEA-A4B32D9DBA0E}C:\windows\system32\java.exe] => C:\windows\system32\java.exe
FirewallRules: [TCP Query User{E22F8892-86C0-450A-8F9E-40E7C37EFFE6}C:\windows\system32\java.exe] => C:\windows\system32\java.exe
FirewallRules: [{6ECC0675-B4D3-4E8E-BBB3-9F6AA8F39178}] => C:\Users\Sagan Medved\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1FCEFF2A-58CC-454A-940D-F8B9ECB811FC}] => C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [{D513AF2F-D8E7-4175-B31C-7810AAB808AB}] => C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program Demo\KSP.exe
FirewallRules: [UDP Query User{90C94322-DC53-4426-81EB-5E0096EC7BF9}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{9F9502CC-018A-48C5-B3B7-6102648AA16A}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{459636EA-B855-47E5-A565-642B993509DC}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F79352F1-1A57-4BA6-A775-D886EA92AAF9}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B51A91E-D0DB-4A6B-9D1D-AEE6DB625171}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{4387BDAE-EADC-4A20-8915-1E377CCEAC76}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{BC51DDF2-C5E1-418C-B3AA-89D73E8F25E7}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3DEA4D51-89AD-444E-8193-B38610A4869E}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{931A849B-BB6C-434E-980C-960D3147ED43}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops III Beta\BlackOps3.exe
FirewallRules: [{758440AA-C5A7-488F-ACFF-72438FB63756}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops III Beta\BlackOps3.exe
FirewallRules: [{A86C2EE7-C56D-4BAA-82CA-8E3548B70027}] => E:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{33E5A7F5-F548-4DC3-803C-352E305D59C9}] => E:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{BA602A44-6FEE-44AF-8C07-FA659B886319}] => E:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8B3D6224-4BC2-4A55-AB06-D110C7046D28}] => E:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{92480970-DC64-4090-9F8C-1832D736F267}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{69DD4DF1-E681-4091-99C4-7614D9319BD6}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{BCD41236-7625-4C0A-8DEB-72B2FE08EB05}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{15F27DC4-D802-4688-BD08-B75DE27448DA}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{281FA7B9-DBF3-4EFF-B2E7-B4A9C679AD48}] => C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{163D54AF-AB1D-4547-973C-D2AA73C6228D}] => C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{78BA2000-B385-4E69-B63C-A6EFA15DF2CF}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{1EB5E221-4C36-4043-ADBF-E175BC3B4061}] => E:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{4C006F8C-9606-48F1-99E0-10FE37D97116}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46B4BBCC-42A2-401F-AF28-91646CDF9741}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA9E085F-C0FE-4629-8F45-187FAB8665D1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{778764E9-FA7A-40DF-80F2-E85C01C6949C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6C3F6F80-5773-4140-90F7-ACBA12570CC3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5D504606-920E-4B63-85FB-7EABB04660DC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2EE3F8B8-96FE-482C-AB12-A22230F5B505}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{789AFC64-7D8E-443F-8C1B-7AC7C5B995B0}] => E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{40536726-000C-4061-A572-75C61FE0A155}] => E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4931F780-1FBF-438D-ADE4-91890DEE4087}] => E:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{4A6F63C0-71CE-4082-AFDB-7C0D314140E8}] => E:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{A1AC7EE3-8201-4F84-B9B8-D5A3F56B76BC}E:\steamlibrary\steamapps\common\dayz\dayz.exe] => E:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{9120DE4F-9DDE-4F31-A2BD-5737EB3AE49B}E:\steamlibrary\steamapps\common\dayz\dayz.exe] => E:\steamlibrary\steamapps\common\dayz\dayz.exe
FirewallRules: [{ED85ECC1-A522-4F1D-91F2-60A0B90AC1E9}] => E:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{F4B703AC-A455-4852-8346-A396E63C3AAF}] => E:\SteamLibrary\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [TCP Query User{C514E2B5-FB02-4F7E-BFFF-72AA464F4744}E:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => E:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{B0F6FCE6-2515-4924-B94C-25D240997DBC}E:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => E:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{5CFAD0C8-4E78-4CFC-9E4D-A2471CDBEC1E}] => E:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{BFFF71A6-13B2-464C-9A9B-3F18174AD2AD}] => E:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{19A486AC-33E3-4F7E-A5BC-3F3BEA5D8FB7}] => E:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{F54D6CCC-9189-4C47-BD69-C6A1E3E5CD06}] => E:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{E5649541-8916-41D0-9A71-EC594FAC8C32}] => E:\SteamLibrary\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{DE0927B9-20B6-46E9-B0B4-A79AD60CB715}] => E:\SteamLibrary\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [TCP Query User{3677C168-12A2-44C7-AF29-2D8611A1E086}E:\games\gmod\srcds.exe] => E:\games\gmod\srcds.exe
FirewallRules: [UDP Query User{D1A1291F-E337-4564-8E04-6805211FF238}E:\games\gmod\srcds.exe] => E:\games\gmod\srcds.exe
FirewallRules: [{5B95012C-070D-4956-982E-FADF91C7C124}] => E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2D27856B-5FE7-4226-8EC8-832715783F31}] => E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{71E85AFA-EEA3-438D-84F4-9C93C223E142}C:\users\sagan medved\desktop\servers\gmod\srcds.exe] => C:\users\sagan medved\desktop\servers\gmod\srcds.exe
FirewallRules: [UDP Query User{6F36EBCB-96CD-4DC0-8D05-8784CE354C75}C:\users\sagan medved\desktop\servers\gmod\srcds.exe] => C:\users\sagan medved\desktop\servers\gmod\srcds.exe
FirewallRules: [{AFFDBBC6-D1AF-41A5-93E9-21853747F4E1}] => E:\SteamLibrary\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{76090DAE-7DEB-4E1E-96B1-D0D3BD633348}] => E:\SteamLibrary\steamapps\common\NZA\bin\NZA.exe
FirewallRules: [{28B3080D-0D6B-4B37-B1B2-A77565F986E0}] => E:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{3A7ED964-A173-4223-B2C9-FD4C6253610D}] => E:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{4C4E83D4-C346-438E-BB03-DBE2BC845C05}E:\steamlibrary\steamapps\common\cry of fear\cof.exe] => E:\steamlibrary\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{FBDBC3C4-178B-478C-BC48-66DD6773004A}E:\steamlibrary\steamapps\common\cry of fear\cof.exe] => E:\steamlibrary\steamapps\common\cry of fear\cof.exe
FirewallRules: [{AF2A346B-C343-47D3-8723-D7D25291B376}] => E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{6639FD79-877D-498F-AC23-3F70BEB9FA84}] => E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{1E4B26AB-870F-4F03-A431-3AC0B9BC97BD}C:\users\sagan medved\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\sagan medved\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0BA3B960-6548-44C4-9917-199FB762240D}C:\users\sagan medved\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\users\sagan medved\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6348A701-3CCE-4679-8F28-CE145E840A2D}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{C0817390-BF19-4320-9C44-F383667A8D3C}] => C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4AF3799C-7D3C-4EC9-956A-4ECE9A3D0D31}] => E:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{F48695CA-9A10-4EAF-A9FB-2DF0C79DBB42}] => E:\SteamLibrary\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{C59CD7E5-7DA5-4938-AFA5-A56F223FAF41}] => E:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{CA235D6B-12A4-4FEF-AD42-2D00A82F1A47}] => E:\SteamLibrary\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E3D00B0D-690C-45BA-964B-16DCD600258D}] => E:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{C1B9A982-F56C-4D73-B403-CD833B458D3F}] => E:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{83BEB209-037A-426B-AF1C-B33CFDDDA3ED}] => E:\SteamLibrary\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{B97C1BE2-8C21-490B-AE19-C0B811ABA499}] => E:\SteamLibrary\steamapps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{27F8F164-7EC3-4473-A4EC-B4E793526457}] => E:\SteamLibrary\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{7BD5890B-F5BE-4D6B-96ED-205EF96C3713}] => E:\SteamLibrary\steamapps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{6BC82BFB-3DF9-4C2B-A325-9FC2D4678417}] => E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{E4CA1D14-67F1-4DB9-96FC-3F71CF1F9291}] => E:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{873672B2-9A8C-4F47-9C57-91CF8515AAF2}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{D04C8172-4812-4592-8D12-B753110BE250}E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => E:\steamlibrary\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{8F50CC83-A0A7-4084-ABF7-2753B338BCAE}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{B930F466-BAC8-4476-A082-D13A6ADB4441}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{AB6044BA-F4B8-4423-9EAE-E20680E8E60B}] => E:\SteamLibrary\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{30E409C8-C5E7-4519-B45C-6BEEC1D34416}] => E:\SteamLibrary\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{D9A3221F-DD11-4AA5-8256-DC41C619AC98}] => E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{C5686475-D5A4-4CA9-BF34-9B0A5397FE16}] => E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{8EEC22BB-3CE3-4D9A-A9F9-03642779DF7D}] => E:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{14F0866B-077F-4054-AE17-D3DF0008454B}] => E:\SteamLibrary\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{E145BB6B-4ADC-4409-864A-292EA45749E2}] => E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{7BCF805C-B768-4607-949C-C01F5AC35AF5}] => E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{E8C5B3B7-06C3-419E-A020-E8626A83C7CD}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{06CD7C8F-E1CA-41F5-A17F-BC824334F862}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{55E264DD-FC5E-49AC-BCB2-C0BC3AA35A6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{35B0274C-51B8-4FFF-8E79-F20F0E73CBE0}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{24BA416D-6B48-4C52-95C1-B735AD1B422F}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6A122A08-DF1C-440F-ACF6-06525919CF5D}E:\games\servers\gmod\srcds.exe] => E:\games\servers\gmod\srcds.exe
FirewallRules: [UDP Query User{DE1F25F0-CC6C-4A80-B77F-B95A0202E0C2}E:\games\servers\gmod\srcds.exe] => E:\games\servers\gmod\srcds.exe
FirewallRules: [{6F48B429-2768-4998-B6EA-36E07813844B}] => E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0528AAE9-393B-49D4-BD8E-D94B442B3DD2}] => E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D3C71E03-E8CB-4A65-8035-6FD805380DFF}] => E:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6A8412B5-3CBC-4AF8-839A-4A8533355532}] => E:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{156129E3-D797-43EB-BF97-276EF1193FB5}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{B4990FE0-3635-42BD-8400-207F7B68943B}] => E:\Other Programs\Installers\Windows 10 Permanent Activator Ultimate v1.9\Windows 10 Permanent Activator Ultimate v1.9.exe
FirewallRules: [{18FA64F2-7C94-43F3-9530-67890EF47D9B}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{9BA333FE-1C64-44A4-A6F2-0950D8DF4D26}] => C:\Program Files (x86)\Powerful\matsu.exe
FirewallRules: [{DD1E5122-FACC-4968-B34C-49321100ECC1}] => C:\Program Files (x86)\Bellville\matsu.exe
FirewallRules: [{B56E4653-C4ED-4CA9-831F-ED30BBDCCD10}] => C:\Users\Sagan Medved\AppData\Local\BrowserAir\Application\BrowserairExec.exe
 
==================== Restore Points =========================
 
24-01-2017 17:42:43 Installed Chrome Remote Desktop Host
25-01-2017 20:55:47 Removed NowUSeeIt Player
25-01-2017 21:00:17 Removed NowUSeeIt Player
28-01-2017 10:47:15 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2017 11:20:42 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/28/2017 11:20:42 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/28/2017 11:20:31 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/28/2017 11:20:31 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/28/2017 11:20:21 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/28/2017 11:20:21 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/28/2017 11:20:11 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/28/2017 11:20:11 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/28/2017 11:20:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/28/2017 11:20:00 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (01/28/2017 11:20:05 AM) (Source: DCOM) (EventID: 10010) (User: SAGANMEDVED-PC)
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (01/28/2017 11:14:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (01/28/2017 11:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/28/2017 11:09:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (01/28/2017 11:08:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (01/28/2017 11:07:20 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
Error: (01/28/2017 11:06:47 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (01/28/2017 11:06:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (01/28/2017 11:06:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Overlay Subsystem Emergency Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/28/2017 11:06:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-01-25 20:45:57.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 20:41:06.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-25 20:39:57.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 20:39:35.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-25 20:39:33.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-25 20:26:01.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 20:20:52.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-25 20:19:34.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-25 20:19:09.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\services.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-25 20:19:07.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\SysWOW64\iseguard32.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 48%
Total physical RAM: 7319.57 MB
Available physical RAM: 3769.19 MB
Total Virtual: 9751.57 MB
Available Virtual: 5604.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.22 GB) (Free:162.35 GB) NTFS
Drive e: (My Book) (Fixed) (Total:2794.49 GB) (Free:1923.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 77608AC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================
 


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 28 January 2017 - 03:17 PM

ESETOnline.png Scan with ESET Online Scanner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 25thBaam

25thBaam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 29 January 2017 - 10:13 AM

Hello. It ran all night and was finished when I woke up. I restarted my computer and nothing has changed with the problem.

 

I was curious why the instructions say "Do not clean" for this tool, but I followed them anyway.

 

Here is the ESET log that was created:

 

C:\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip VBS/Runner.NEC trojan
C:\Program Files (x86)\Bellville\matsu.exe a variant of MSIL/Adware.Dotdo.AP application
C:\Program Files (x86)\lynne\conceptualization.exe Win32/Adware.Dotdo.N application
C:\Program Files (x86)\Microsoft Toolkit Final\MicrosoftToolkitInstall.bat Win32/TrojanDropper.Addrop.AS trojan
C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe a variant of Win32/Kryptik.FMPA trojan
C:\Program Files (x86)\Powerful\matsu.exe a variant of MSIL/Adware.Dotdo.AP application
C:\Users\Sagan Medved\AppData\Local\matsu.exe a variant of MSIL/Adware.Dotdo.AP application
C:\Users\Sagan Medved\AppData\Local\Temp\awhA62E.tmp Win32/Adware.ConvertAd.AJL application
C:\Users\Sagan Medved\AppData\Local\Temp\Bro1090.tmp a variant of Win32/SpeedBit.AX potentially unwanted application
C:\Users\Sagan Medved\AppData\Local\Temp\nsoA69A.tmp a variant of Win32/Adware.ConvertAd.AJQ.gen application
C:\Users\Sagan Medved\AppData\Local\Temp\ERNI5ZOPG\GeekBuddy8098.exe NSIS/TrojanDownloader.Adload.CG trojan
C:\Users\Sagan Medved\Documents\DayZ\DayZ Private Server Files.zip a variant of Win32/GameHack.AJT potentially unsafe application
C:\WINDOWS\filters.exe a variant of MSIL/Adware.Dotdo.AP application
C:\WINDOWS\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application
C:\WINDOWS\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application
C:\WINDOWS\Installer\MSI4A17.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\WINDOWS\Installer\MSI53B1.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
E:\Other Programs\Cheat Engine 6.5\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
E:\SAGANMEDVED-PC\Backup Set 2015-11-14 173151\Backup Files 2015-11-14 173151\Backup files 118.zip a variant of Win32/GameHack.AJT potentially unsafe application
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip.zip VBS/Runner.NEC trojan
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\Program Files (x86)\Bellville\matsu.exe.zip a variant of MSIL/Adware.Dotdo.AP application
Operating memory Win32/Adware.Dotdo.N application
Autostart locations virus


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 29 January 2017 - 12:47 PM

Lets remove those lines.

 

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Lets check for rootkits.

  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe (Run as an Administrator).
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report

Please post the contents of the RKreport.txt in your next Reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 25thBaam

25thBaam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 29 January 2017 - 07:21 PM

Hi again. The audio ads and mouse clicking sounds stopped after running FRST and my computer seems to be fast as normal. I don't see/hear any more problems.

 

While FRST was running, it was not responding a lot toward the end so I opened task manager and under background processes, I removed several iterations of Matsu, one of which was using almost half of my memory. I left one running, but after the scans, it seems to have been removed which is good. I don't know whether manually ending some of the malware processes impacted how either FRST or RogueKiller detected the problems.

 

Also, I'm not very clear on whether I should remove the threats that RogueKiller found. I'll just keep the program open until your next reply.

 

Here are the text files created by both programs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Sagan (29-01-2017 13:20:01) Run:2
Running from C:\Users\Sagan Medved\Desktop\FRST
Loaded Profiles: Sagan & DefaultAppPool (Available Profiles: Sagan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip
C:\Program Files (x86)\Bellville\matsu.exe
C:\Program Files (x86)\lynne\conceptualization.exe
C:\Program Files (x86)\Microsoft Toolkit Final\MicrosoftToolkitInstall.bat
C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe
C:\Program Files (x86)\Powerful\matsu.exe
C:\Users\Sagan Medved\AppData\Local\matsu.exe
C:\Users\Sagan Medved\AppData\Local\Temp\awhA62E.tmp
C:\Users\Sagan Medved\AppData\Local\Temp\Bro1090.tmp
C:\Users\Sagan Medved\AppData\Local\Temp\nsoA69A.tmp
C:\Users\Sagan Medved\AppData\Local\Temp\ERNI5ZOPG\GeekBuddy8098.exe
C:\Users\Sagan Medved\Documents\DayZ\DayZ Private Server Files.zip
C:\WINDOWS\filters.exe
C:\WINDOWS\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application
C:\WINDOWS\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application
C:\WINDOWS\Installer\MSI4A17.tmp
C:\WINDOWS\Installer\MSI53B1.tmp
E:\Other Programs\Cheat Engine 6.5\standalonephase1.dat
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip.zip
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\Program Files (x86)\Bellville\matsu.exe.zip
2017-01-25 01:02 - 2017-01-25 01:02 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign50322f1e5bf45233
2017-01-25 00:49 - 2017-01-25 00:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna2d612c18e8e01d8
2017-01-25 00:48 - 2017-01-25 00:48 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c3163bc182a03b
2017-01-25 00:33 - 2017-01-25 00:33 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2b33de9dd8224847
2017-01-25 00:24 - 2017-01-25 00:24 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign61396d1ab141a0c8
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignd96f1baa3bb4a723
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b8c982f00a55008
2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign173b72d97f1bd37e
2017-01-24 20:36 - 2017-01-24 20:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign469e522edab8868f
2017-01-24 20:34 - 2017-01-24 20:34 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0b332405db9c42b4
2017-01-24 20:30 - 2017-01-24 20:30 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5f81cdd46171264a
2017-01-24 20:30 - 2017-01-24 20:30 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign051a922a61c47d40
2017-01-24 17:58 - 2017-01-24 17:58 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign362b5adfb2693638
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna94ac0557d88bad9
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7430b0ff825aa6d4
2017-01-24 17:57 - 2017-01-24 17:57 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6aebdaa212a1a973
2017-01-24 17:51 - 2017-01-24 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7c425440d10aa745
2017-01-24 17:49 - 2017-01-24 17:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigne014fa64187deb7e
2017-01-24 17:49 - 2017-01-24 17:49 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign68ddbfe32d8c54aa
2017-01-23 14:46 - 2017-01-23 14:46 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7967e46a7069286b
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4bf11175df3af00
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigndad5bf72980014f8
2017-01-23 14:45 - 2017-01-23 14:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc459905a116bc828
2017-01-15 23:42 - 2017-01-15 23:42 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3dc65e1000ab5c44
2017-01-15 23:40 - 2017-01-15 23:40 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6b66b1facc85b7bc
2017-01-15 23:39 - 2017-01-15 23:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c6a5f6e6e31283
2017-01-15 23:39 - 2017-01-15 23:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc1c4c859217f4a41
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignfe1e2afb4d13c32e
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneefdbb8c86630055
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign89272f2712f8626f
2017-01-04 05:15 - 2017-01-04 05:15 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign16009bcc4c346c52
2017-01-03 06:45 - 2017-01-03 06:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign4cb5406b7b345a8c
2017-01-03 06:41 - 2017-01-03 06:41 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign117a2d30a77196cb
2017-01-03 06:39 - 2017-01-03 06:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7a1e560cb83b62fa
2017-01-03 06:38 - 2017-01-03 06:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b3967b54642efd6
2017-01-03 06:38 - 2017-01-03 06:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11e73c36d43e92dc
2017-01-01 17:52 - 2017-01-01 17:52 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2cf240e3f83b1104
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf79d9ad20589acd1
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3e9afb9e43d26700
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2a454fc798711973
2017-01-01 17:51 - 2017-01-01 17:51 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign071969faf26c60c7
2017-01-01 17:45 - 2017-01-01 17:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign978d2c4a21ca0ae7
2017-01-01 17:38 - 2017-01-01 17:38 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5bc7007233ef0f5e
2017-01-01 17:37 - 2017-01-01 17:37 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11fe57d88b22b21f
2017-01-01 17:36 - 2017-01-01 17:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign1da317bb4c0d7ada
2017-01-01 17:35 - 2017-01-01 17:35 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignebb4714eb9bea694
2017-01-01 17:35 - 2017-01-01 17:35 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign932f1334b21ce07a
2017-01-01 04:44 - 2017-01-01 04:44 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncc84f0e1e6e94e97
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneec25a96089be3fa
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign56bee7fe0fc9ef61
2017-01-01 04:43 - 2017-01-01 04:43 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0f368d0194825825
2017-01-01 04:39 - 2017-01-01 04:39 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0adfcf23116e13cc
2017-01-01 04:32 - 2017-01-01 04:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna33e42b8bb42244a
2017-01-01 04:27 - 2017-01-01 04:27 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncbe7a5407a8c115a
2017-01-01 04:26 - 2017-01-01 04:26 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignaea9493a377fa1f0
2017-01-01 04:26 - 2017-01-01 04:26 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign832e639f17e88423
2017-01-01 03:45 - 2017-01-01 03:45 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf226bf6e51954d6b
2017-01-01 03:44 - 2017-01-01 03:44 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign353bf922cbfd6e93
2017-01-01 03:36 - 2017-01-01 03:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign52076e5747b358fe
2017-01-01 03:36 - 2017-01-01 03:36 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2f4bb7312d323d02
2017-01-01 03:33 - 2017-01-01 03:33 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6baf482f336217cd
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4216278cfe2135a
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna821c6227925c5d1
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2c04aa86ac23d6d9
2017-01-01 03:32 - 2017-01-01 03:32 - 00000000 ____D C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0841ca2c17a975a2
EmptyTemp:
Reboot:
*****************
 
C:\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip => moved successfully
C:\Program Files (x86)\Bellville\matsu.exe => moved successfully
Could not move "C:\Program Files (x86)\lynne\conceptualization.exe" => Scheduled to move on reboot.
C:\Program Files (x86)\Microsoft Toolkit Final\MicrosoftToolkitInstall.bat => moved successfully
C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe => moved successfully
C:\Program Files (x86)\Powerful\matsu.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\matsu.exe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\awhA62E.tmp => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\Bro1090.tmp => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\nsoA69A.tmp => moved successfully
C:\Users\Sagan Medved\AppData\Local\Temp\ERNI5ZOPG\GeekBuddy8098.exe => moved successfully
C:\Users\Sagan Medved\Documents\DayZ\DayZ Private Server Files.zip => moved successfully
C:\WINDOWS\filters.exe => moved successfully
"C:\WINDOWS\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application" => not found.
"C:\WINDOWS\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application" => not found.
C:\WINDOWS\Installer\MSI4A17.tmp => moved successfully
C:\WINDOWS\Installer\MSI53B1.tmp => moved successfully
E:\Other Programs\Cheat Engine 6.5\standalonephase1.dat => moved successfully
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\$Recycle.Bin\S-1-5-21-1491799989-36793466-3983917921-1000\$REJEDQ4\Temp\_1.zip.zip => moved successfully
E:\Trash but keep\C 2017-01-26 17;22;01 (Full)\Program Files (x86)\Bellville\matsu.exe.zip => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign50322f1e5bf45233 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna2d612c18e8e01d8 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c3163bc182a03b => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2b33de9dd8224847 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign61396d1ab141a0c8 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignd96f1baa3bb4a723 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b8c982f00a55008 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign173b72d97f1bd37e => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign469e522edab8868f => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0b332405db9c42b4 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5f81cdd46171264a => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign051a922a61c47d40 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign362b5adfb2693638 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna94ac0557d88bad9 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7430b0ff825aa6d4 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6aebdaa212a1a973 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7c425440d10aa745 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigne014fa64187deb7e => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign68ddbfe32d8c54aa => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7967e46a7069286b => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4bf11175df3af00 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigndad5bf72980014f8 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc459905a116bc828 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3dc65e1000ab5c44 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6b66b1facc85b7bc => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf1c6a5f6e6e31283 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignc1c4c859217f4a41 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignfe1e2afb4d13c32e => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneefdbb8c86630055 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign89272f2712f8626f => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign16009bcc4c346c52 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign4cb5406b7b345a8c => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign117a2d30a77196cb => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign7a1e560cb83b62fa => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign8b3967b54642efd6 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11e73c36d43e92dc => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2cf240e3f83b1104 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf79d9ad20589acd1 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign3e9afb9e43d26700 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2a454fc798711973 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign071969faf26c60c7 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign978d2c4a21ca0ae7 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign5bc7007233ef0f5e => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign11fe57d88b22b21f => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign1da317bb4c0d7ada => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignebb4714eb9bea694 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign932f1334b21ce07a => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncc84f0e1e6e94e97 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigneec25a96089be3fa => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign56bee7fe0fc9ef61 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0f368d0194825825 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0adfcf23116e13cc => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna33e42b8bb42244a => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigncbe7a5407a8c115a => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignaea9493a377fa1f0 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign832e639f17e88423 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf226bf6e51954d6b => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign353bf922cbfd6e93 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign52076e5747b358fe => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2f4bb7312d323d02 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign6baf482f336217cd => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsignf4216278cfe2135a => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsigna821c6227925c5d1 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign2c04aa86ac23d6d9 => moved successfully
C:\Users\Sagan Medved\AppData\Local\Tempzxpsign0841ca2c17a975a2 => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7390942 B
Java, Flash, Steam htmlcache => 134427 B
Windows/system/drivers => 357501 B
Edge => 0 B
Chrome => 45310267 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4082 B
NetworkService => 0 B
Sagan Medved => 6971718031 B
UpdatusUser => 0 B
DefaultAppPool => 6144 B
 
RecycleBin => 0 B
EmptyTemp: => 6.5 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-01-2017 17:08:39)
 
C:\Program Files (x86)\lynne\conceptualization.exe => Is moved successfully
 
==== End of Fixlog 17:08:40 ====
 
And the Roguekiller log:
 
RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Sagan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/29/2017 17:33:37 (Duration : 01:27:35)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{93DC5ED1-ACF2-4CBC-9540-01005FB1A3AE}C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe|Name=lbt v.06.test.exe|Desc=lbt v.06.test.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7337AB05-15A5-48B1-B3F0-F99B5AFBEE4A}C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.417\lbt v.06.test.exe|Name=lbt v.06.test.exe|Desc=lbt v.06.test.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{BAF622A2-83C8-4CA5-9E99-7100E5CCDEA7}C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe|Name=lbt v.05.exe|Desc=lbt v.05.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{24F5B613-3DF5-4357-B1E8-2515E6090140}C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.457\lbt v.05.exe|Name=lbt v.05.exe|Desc=lbt v.05.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F01F4F68-FEA5-4848-B989-CD3EB1DDA41A}C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe|Name=lbt v.04.exe|Desc=lbt v.04.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{DAAD6C93-5ED4-48E5-8B27-96D08FB429BE}C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.369\lbt v.04.exe|Name=lbt v.04.exe|Desc=lbt v.04.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4000631E-1E2B-47C9-85D6-13C6D266E34B}C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe|Name=lbt v.04.exe|Desc=lbt v.04.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{A2982811-873B-48E5-978B-52DE100CB54A}C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.074\lbt v.04.exe|Name=lbt v.04.exe|Desc=lbt v.04.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{22DB975B-6144-4957-BADB-88BB96D72CE0}C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe|Name=lbt v.02.exe|Desc=lbt v.02.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8EC549F4-4EDB-4BCD-9D6A-C0A44F837030}C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.812\lbt v.02.exe|Name=lbt v.02.exe|Desc=lbt v.02.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{475D886D-26F6-4500-8506-011E9AB9B257}C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe|Name=lbt.exe|Desc=lbt.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{41BDA7BB-B6D3-4454-B5AD-37FBACADB3FB}C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.616\land's bloody teeth\lbt.exe|Name=lbt.exe|Desc=lbt.exe|Defer=User| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B7EE89D1-D7E7-4CBA-91B5-1B2BE77D993C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe|Name=FindRight.BRT.Helper.exe| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B0FB5E0A-03D6-4DC8-8F11-9AFA231B1778} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe|Name=FindRight.BRT.Helper.exe| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9DB37A64-97A1-4706-BADC-480366330099} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe|Name=FindRight.BRT.Helper.exe| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3FB86D44-2E5E-4E3A-9EEA-C8CE3DB16F78} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\FindRight\bin\FindRight.BRT.Helper.exe|Name=FindRight.BRT.Helper.exe| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{71B6DD4F-94CE-4001-9497-9F35A3048869}C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe|Name=steamcmd.exe|Desc=steamcmd.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{670F0F11-FEA7-4921-95E0-457D17E7BB06}C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sagan medved\appdata\local\temp\rar$exa0.887\steamcmd.exe|Name=steamcmd.exe|Desc=steamcmd.exe|Defer=User| [x] -> Found
[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B56E4653-C4ED-4CA9-831F-ED30BBDCCD10} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Sagan Medved\AppData\Local\BrowserAir\Application\BrowserairExec.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[Suspicious.Startup][File] C:\Users\Sagan Medved\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Found
[PUP.Gen0][File] C:\WINDOWS\SECOH-QAD.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://tweetdeck.twitter.com/] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050DLE630 +++++
--- User ---
[MBR] 209c7c8d565f299d00e96e0489368c58
[BSP] adaccf73026801e604c32d90bcc0970b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 29 January 2017 - 07:45 PM

Delete all found by RogueKiller.

 

The following Fixlist.txt, will remove two files that FRST did not recognize.

 

Download the attached file    and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Reset your browsers once again to default. For information click here.

 

Give it a try and let me know the outcome.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 25thBaam

25thBaam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 29 January 2017 - 08:09 PM

Everything appears to be back to normal for my computer. Thank you so much!

 

Let me know if there is anything else I need to do.

 

Here is the log that was created:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Sagan (29-01-2017 19:55:52) Run:4
Running from C:\Users\Sagan Medved\Desktop\FRST
Loaded Profiles: Sagan (Available Profiles: Sagan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\SECOH-QAD.dll Win64/HackKMS.D
C:\WINDOWS\SECOH-QAD.exe Win64/HackKMS.C
*****************
 
"C:\WINDOWS\SECOH-QAD.dll Win64/HackKMS.D" => not found.
"C:\WINDOWS\SECOH-QAD.exe Win64/HackKMS.C" => not found.
 
==== End of Fixlog 19:55:52 ====


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 29 January 2017 - 09:04 PM

Congratulations. :)

 

Keep your computer safe. Follow the advice of one of our colleagues here.

 

 

Best wishes. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:44 AM

Posted 29 January 2017 - 09:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users