Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus (CSE Google) and Slow Computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 Marnel

Marnel

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:50 PM

Posted 03 February 2017 - 02:20 PM

I'm here again with a new problem lol. Please help me thanks

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Marnel (04-02-2017 03:17:49)
Running from C:\Users\Marnel\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-19 21:04:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1618205624-3503738366-1965457278-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1618205624-3503738366-1965457278-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1618205624-3503738366-1965457278-1332 - Limited - Disabled)
Marnel (S-1-5-21-1618205624-3503738366-1965457278-1389 - Administrator - Enabled) => C:\Users\Marnel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Art of War: Red Tides (HKLM\...\Steam App 558100) (Version:  - Game Science)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
MEmu (HKLM-x32\...\MEmu) (Version: 2.9.1.1 - Microvirt)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 (HKLM-x32\...\{1ef6a030-1244-4d01-95f3-299c0e3a3362}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.3 (HKLM\...\{EA85C27D-2873-4DFF-A141-C2FF74CB0E2E}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{D7F5F3DE-D237-4E9C-BB87-A124DB3BE62B}) (Version: 5.1.30 - Oracle Corporation)
MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{52494701-472B-4978-89A4-A6A721FD0309}) (Version: 6.1.4 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{EE1ED109-768E-47DE-A907-21D286BFE0BF}) (Version: 5.3.3 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{509DF2EA-6947-4120-8FE8-F3BC190DE98D}) (Version: 5.6.18 - Oracle Corporation)
MySQL Enterprise Backup 3.10.1 (HKLM\...\{F3CDC6A7-72AD-4048-8B9D-7CCAE5316CB3}) (Version: 3.10.1 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{B9FA52F1-98D0-45CF-863E-DECF1F2EC12F}) (Version: 5.6.18 - Oracle Corporation)
MySQL For Excel 1.2.1 (HKLM-x32\...\{7CB371BE-D47A-4523-B378-1254C0EE21D9}) (Version: 1.2.1 - Oracle)
MySQL Installer (HKLM-x32\...\{41628E0F-6FA4-40C5-B4C9-82ABA01CCD9C}) (Version: 1.3.6.0 - Oracle Corporation)
MySQL Notifier 1.1.5 (HKLM-x32\...\{DC3ACDEA-F4E2-43B9-B2D0-9B917B5C310E}) (Version: 1.1.5 - Oracle)
MySQL Server 5.6 (HKLM\...\{1623E607-3F53-47D1-BAF6-264281C739C9}) (Version: 5.6.18 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{9882852D-F943-4D3D-AD4F-093A664227C5}) (Version: 1.3.6 - Oracle)
MySQL Workbench 6.1 (HKLM-x32\...\{7FC426D3-A263-4AD7-AD65-FCF6926EB5D1}) (Version: 6.1.5 - Oracle Corporation)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Seagate DiscWizard (HKLM-x32\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Touch version 2.0 (HKLM-x32\...\{06A4EEFC-8692-48AB-9709-BFC268D7196C}_is1) (Version: 2.0 - Touch 3Claws)
TypeScript Power Tool (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation)
Unity (HKLM-x32\...\Unity) (Version: 5.3.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1351A391-AE04-4A58-8C7F-CA04E42FDF1A} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe
Task: {164819A0-540E-4A22-BFCA-7E4F82D7333A} - System32\Tasks\{1CEAA928-1FC9-4234-8022-EA8673C9AEFD} => F:\Autorun.exe
Task: {2653B9F9-EE9F-48C6-A060-A6BFE5737DC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {3B100881-96C3-4F11-BFC0-5D58A254B365} - System32\Tasks\{C584D5CA-2AE4-481A-8425-A3D90BA6230F} => F:\Autorun.exe
Task: {3C3744E7-6783-4B95-A64C-DDEACD68B080} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {55BFE060-5499-457B-998E-D7E4B9701839} - System32\Tasks\{8942A89E-D48C-4C85-AFC2-23A05F6C5D86} => D:\Games\Max Payne\MaxPayne.exe
Task: {5D203033-5D45-4BCA-B842-1EF0F9597295} - System32\Tasks\{4880E667-A1A9-474F-8BB6-C49B1D7AC77B} => D:\Games\GrudgeMU\GrudgeMU.EXE
Task: {5D655676-668B-4B11-8398-67342F94C592} - System32\Tasks\60a56906b63 => Rundll32.exe "C:\ProgramData\60a56906b63\60a56906b63.dll",GetProxyDllInfo <==== ATTENTION
Task: {6BA8F920-D9A8-474F-8490-BCF1A7BDB9A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {790E6EE8-4359-40B5-9417-0CDFC324FCED} - System32\Tasks\AdobeAAMUpdater-1.0-RCX00-PC-RCX00 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {88294D49-F8BB-4C31-9F5C-0386EB8177A2} - System32\Tasks\{2CF4CDC1-61B1-414B-A5DC-CDF71E0A3FA1} => D:\Games\Max Payne\MaxPayne.exe
Task: {88F8D333-9618-448A-BA73-195C759FAA15} - System32\Tasks\{377E0071-3FCD-478E-B0D9-3121317C8ADE} => F:\Autorun.exe
Task: {A1A03872-32F8-4AF2-9720-784609EFFD5F} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation)
Task: {A5A0605B-1ACE-43D3-8588-316DC808A964} - System32\Tasks\{AF176334-5022-449C-B371-72FC75F20D57} => C:\AeriaGames\Downloader\aeria_ignite_install.exe
Task: {B66FD8FA-3BD7-4D6D-8974-6B35A8CBDB6E} - System32\Tasks\{5FC445F5-875F-43B0-A292-4EB91B8C52A9} => D:\Program Files (x86)\EA GAMES\The Sims 2\TSBin\Sims2.exe
Task: {CA9968E3-D69E-466E-90EC-4B858E96E2E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {CB3B11BF-A1F4-4FC4-8A86-0E3FC28ABCF6} - System32\Tasks\{A4F2E704-56BA-4606-B479-114A817538E3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/en/abandoninstall?page=tsProgressBar
Task: {CF030DA1-4AB3-4125-BA3F-C215507758FC} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-02-22] ()
Task: {DE949B28-1982-4188-904B-99BC044EFFA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {E0213B10-7494-4364-BA7A-AD6882185F79} - System32\Tasks\XSOUL-XM8-GmTaskPlan => C:\Program Files\XSOUL-XM8\XSOULGM.exe
Task: {ECC3568E-45A1-4EC1-A8D3-4ADEAF30916D} - System32\Tasks\{88E04A7C-F1EC-4F77-927F-0DEB1C4192A7} => C:\AeriaGames\Downloader\aeria_ignite_install.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2017-02-03 07:12 - 2014-03-22 15:44 - 02918912 _____ () C:\ProgramData\60a56906b63\60a56906b63.dll
2014-04-10 00:22 - 2014-04-10 00:22 - 14228992 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-05 16:42 - 2016-02-22 19:24 - 00174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2015-06-05 16:42 - 2016-12-22 01:47 - 09136168 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2016-06-18 12:37 - 2016-08-11 19:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-27 12:10 - 2017-01-16 17:54 - 07340536 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
2015-05-29 08:30 - 2015-05-29 08:30 - 00074752 _____ () C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LOLClient.exe
2015-06-05 16:42 - 2017-02-03 18:17 - 03402744 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-12-30 18:22 - 2016-06-15 09:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00111552 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00040384 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2015-06-05 16:42 - 2017-02-03 18:17 - 00047568 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00058304 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00094144 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00494016 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00032192 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00177600 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2015-06-05 16:42 - 2016-06-24 20:05 - 00379744 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00191424 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2015-06-05 16:42 - 2015-06-05 16:42 - 00226752 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2015-06-05 16:42 - 2015-11-24 21:26 - 00159168 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00965056 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00061888 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2015-06-05 16:42 - 2016-02-22 19:25 - 00237608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2015-06-05 16:42 - 2016-11-25 18:53 - 02217424 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00199616 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00162240 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2015-06-05 16:42 - 2016-08-29 15:48 - 04892664 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00072640 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00023488 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 01552320 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00963008 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00251840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00033216 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00523712 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00075200 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2015-06-05 16:42 - 2016-03-17 21:18 - 00113192 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2015-06-05 16:42 - 2016-11-30 21:35 - 00242680 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2015-06-05 16:42 - 2016-03-17 21:18 - 00410152 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2015-06-05 16:42 - 2016-11-10 14:00 - 00237560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2015-05-27 12:10 - 2016-10-25 21:05 - 00079824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2015-05-27 12:10 - 2016-12-22 00:10 - 02499024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00111040 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00070080 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2015-05-27 12:10 - 2016-09-23 19:05 - 00046032 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2015-05-27 12:10 - 2017-01-13 21:16 - 00394744 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2015-05-27 12:10 - 2016-09-23 19:05 - 00829944 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2015-05-27 12:10 - 2016-09-23 19:05 - 00053752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
2015-05-27 12:10 - 2017-01-16 17:55 - 00035792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00454960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00115648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00036800 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00431552 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2015-05-27 12:10 - 2016-09-23 19:06 - 00089592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2015-05-27 12:10 - 2016-10-25 21:05 - 00065064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2015-05-27 12:10 - 2016-10-13 16:41 - 00387024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2015-05-27 12:10 - 2016-10-13 16:41 - 00059856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2015-05-27 12:10 - 2016-09-23 19:06 - 00054736 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2015-05-27 12:10 - 2016-09-23 19:06 - 00067624 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2015-05-27 12:10 - 2016-09-23 19:05 - 00102864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00141760 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00037312 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00245184 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2015-05-27 12:10 - 2016-09-23 19:06 - 01060344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2015-05-27 12:10 - 2016-09-23 19:06 - 00068648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00105920 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2015-05-27 12:10 - 2016-01-05 19:31 - 00134592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00144320 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2015-05-27 12:10 - 2015-05-27 12:10 - 00117696 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2015-05-27 12:10 - 2016-10-25 21:06 - 00879056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2015-05-27 12:10 - 2016-09-23 19:06 - 00068560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:ADF211B1 [100]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\Control Panel\Desktop\\Wallpaper -> C:\Users\Marnel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^RCX00^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RCX00^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: 5KPlayer.exe => "C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe" -auto
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\RCX00\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Andy => "C:\Program Files\Andy\HandyAndy.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\RCX00\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\Tattoo\Tattoo
MSCONFIG\startupreg: MySQL Notifier => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe
MSCONFIG\startupreg: Overwolf => "C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe" -overwolfsilent
MSCONFIG\startupreg: Polaris Office Sync => C:\Users\RCX00\AppData\Roaming\PolarisOfficeLink\POLinkLauncher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TeamSpeak 3 Client => "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\RCX00\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: wd => C:\Windows\TEMP\g35F0.tmp.exe
MSCONFIG\startupreg: WinTimer => "C:\Program Files (x86)\Breakpoint Computers\WinTimer\wintimerc.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E61013B3-541D-4F6C-A93B-9EC7FB2165AF}] => D:\Program Files\Garena Messenger\ggdllhost.exe
FirewallRules: [TCP Query User{C268CC0D-C7F8-4762-8D4F-B7E5F29BD2EE}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{38321AFD-4A8D-4225-90F3-D862E61BD2C3}C:\program files\java\jre7\bin\javaw.exe] => C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{FF0B3EE0-B214-40EF-9CE5-8ABEDCEFE86D}] => LPort=8370
FirewallRules: [{713790AD-D4A2-41A2-91A7-49A8AC8D1816}] => LPort=8370
FirewallRules: [{2C5A3A38-5025-4919-9766-AF45EBEF9515}] => D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{5771CD0D-C794-4A73-B5B5-D5F0CBE2DD24}] => D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7C25AFA9-68A9-4554-B8B0-16F81E663350}] => D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{7056BCCE-26F1-41AF-A366-17E710807746}] => D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [TCP Query User{FB9E12BB-AD75-491E-ABE4-C5D9515A5810}D:\program files\garena messenger\garenamessenger.exe] => D:\program files\garena messenger\garenamessenger.exe
FirewallRules: [UDP Query User{3B967A5F-6328-4426-975A-82812F615A25}D:\program files\garena messenger\garenamessenger.exe] => D:\program files\garena messenger\garenamessenger.exe
FirewallRules: [TCP Query User{E64D5AF8-E87F-4674-8A55-A9AC39093AC4}D:\program files\garena messenger\updatemanager.exe] => D:\program files\garena messenger\updatemanager.exe
FirewallRules: [UDP Query User{E63CB62F-F145-4668-A977-20AA2F002C28}D:\program files\garena messenger\updatemanager.exe] => D:\program files\garena messenger\updatemanager.exe
FirewallRules: [{BFC01E1B-FF48-41A5-A11A-034F23A324F3}] => D:\Program Files\Garena Messenger\Room\garena_room.exe
FirewallRules: [TCP Query User{9B91152C-4502-4B05-9756-E4942D16581C}D:\program files\garena messenger\bbtalk\bbtalk.exe] => D:\program files\garena messenger\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{8C522A1C-740A-4FCB-8E6B-044A45D2068B}D:\program files\garena messenger\bbtalk\bbtalk.exe] => D:\program files\garena messenger\bbtalk\bbtalk.exe
FirewallRules: [{4D6F6A06-147F-4D84-802D-70B2D71F51A0}] => LPort=6951
FirewallRules: [{26593949-FF1B-4878-964E-C08E6E30B101}] => LPort=6951
FirewallRules: [{E8B7B247-EE5E-4C72-B957-15DA6AA3BA15}] => LPort=6905
FirewallRules: [{8D69B1AF-C3A8-47A8-8CD8-F85D42B2276D}] => LPort=6905
FirewallRules: [{349EF085-7C37-4CB3-83C0-7962C2CED967}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2BACA241-C374-4B84-9317-CA6E9408F310}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{33C00C2D-5665-462F-A978-CA5599789B60}] => LPort=6945
FirewallRules: [{EEDEBD42-5C12-41A2-B1E9-68C7A5DCF638}] => LPort=6945
FirewallRules: [{CA1278B2-0161-45D1-8874-E2181252FEA0}] => LPort=6943
FirewallRules: [{9DA7290F-5DF2-4A6A-A2AB-0B92007055E8}] => LPort=6943
FirewallRules: [{96295E9A-1241-466D-A133-AE3B00948A1F}] => LPort=6984
FirewallRules: [{DA9B65AB-DCE4-4115-B954-EEDF18541B89}] => LPort=6984
FirewallRules: [{2320C7F4-C9DA-4CCE-8AEA-D84596871351}] => D:\Program Files\LOL\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{8F0EC157-4A7E-443B-BA15-E58F4C7A3CAB}] => D:\Program Files\LOL\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{42E9B312-4D00-4A1F-A714-4C02CE3974E5}] => D:\Program Files\LOL\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{917C41BA-37C7-4DB3-A85B-06A723F51924}] => D:\Program Files\LOL\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{0A0B6037-B55F-464C-A820-681EAC1C32EF}] => C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{82F9275D-A6C5-44C9-A971-5432D8DCB1A4}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{FEBE7578-AA87-42A4-AD6C-DF29F8DD2C10}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{BB205AA4-8CF7-41E9-BB9C-103871CB6D56}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{73AB781E-CA34-433C-B57B-F33C2BCCE83E}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{C79C9A9A-BE1F-440D-9150-ED47AFE4F4E3}] => LPort=6949
FirewallRules: [{C769F9E7-6744-40D8-8DC2-491E6B0237B9}] => LPort=6949
FirewallRules: [{FF3EFB5F-A355-49EB-A544-E1C73C4101DF}] => LPort=49221
FirewallRules: [{8CDA8003-5ADE-49E9-956D-95880A4C00DD}] => LPort=5000
FirewallRules: [{84E171C8-D89C-436E-8931-D500157F9BB6}] => LPort=6901
FirewallRules: [{D51F7E10-5E3C-4956-B8CB-5447A0493C16}] => LPort=6901
FirewallRules: [{EC0C9BEC-3A85-46A0-AAF5-DDC468526822}] => LPort=6925
FirewallRules: [{E8218C97-6BB6-4EF0-B544-38E5D043284E}] => LPort=6925
FirewallRules: [{DD3F25B4-C52F-492E-8851-7A3D27A5FD43}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{1A2004C3-0861-4F7F-8345-CA05D28A830B}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{71F3DE3E-6D41-4D79-AAED-9483C00BFC05}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{6F334699-5F02-4D6A-B1A5-5C1E1198CEF5}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E1038104-73F2-4F64-B95E-433B16C79915}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0D33DE5B-F561-40AD-9B9F-FE58694D8EE4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{519311A0-4B1C-4D11-8E97-86F56CAE69DA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D61A6AFB-2B2E-45C8-901E-1490CCA45A2E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2A2834B5-1FD9-4CA4-903C-E3E5FEFD69A6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94F806DB-7299-43B6-B4F3-9D6D7B47EF02}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0E8017BD-A15B-4553-B1C2-F0EB31E784A0}] => LPort=6926
FirewallRules: [{7E4DBFC2-3829-4337-9B0E-1EAB1D5D5CBE}] => LPort=6926
FirewallRules: [{4BE45555-67DD-405F-AF60-C6DCB9AE0B88}] => LPort=6912
FirewallRules: [{0F917BED-92B2-4D4D-8BB0-AFC0AEEBEAB6}] => LPort=6912
FirewallRules: [{E28DB8FF-160B-40D0-8F0B-F105082429BB}] => LPort=6938
FirewallRules: [{D6A16623-98DC-4BBC-A98D-5D99E965CEE7}] => LPort=6938
FirewallRules: [{97809EE8-FBEB-478A-8A61-56112D804E1F}] => D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{9EECEE00-6132-47FF-A803-29E6A319CFFD}] => D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{AC1F5311-3A06-4AB9-B8FA-FDB7612FF763}] => LPort=6972
FirewallRules: [{D6A39615-8A87-49E0-A462-A716A2BC9882}] => LPort=6972
FirewallRules: [{9C9C1B2E-0586-4AC3-B136-8EAAD1DC0E2F}] => LPort=6994
FirewallRules: [{8A52E91F-65BD-48F0-960C-97E4D29A210B}] => LPort=6994
FirewallRules: [{26431CB5-983B-4A58-AD02-1FE268A25061}] => LPort=3306
FirewallRules: [{613EBAA0-218A-4945-BDA5-1FC78ABA59EB}] => LPort=3306
FirewallRules: [{C3F894FA-6F54-430F-8099-B8B4818EB59E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{86502BB3-0E82-43E2-B8D5-3AF4337775E3}] => LPort=6968
FirewallRules: [{E9ADF8B2-D99A-423F-837C-ACD7FA22D77F}] => LPort=6968
FirewallRules: [{5A920BDD-20B5-4E60-B948-DDBCFEF2C2A2}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A4E99E0F-0718-4C91-A87A-4DA626BA7F3A}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{596F75C4-06C4-4B20-8E9A-4E632425DF84}] => D:\Games\SteamLibrary\steamapps\common\ArtOfWar\gslaunchershell.exe
FirewallRules: [{A07BA4D7-1932-4009-8805-920A4AB87C11}] => D:\Games\SteamLibrary\steamapps\common\ArtOfWar\gslaunchershell.exe
FirewallRules: [{193931D8-2A46-4614-AB99-0F6CDC2D5A15}] => LPort=8370
FirewallRules: [{C1A7A69D-B81D-4681-80B8-9BBAF2CFC4DD}] => LPort=8370
FirewallRules: [{7ADF3966-5025-47E2-8E11-5A3F2F087D56}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{788D2D86-0E75-4F71-9AC3-4883B2CEBDE3}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{605FA55B-919F-4617-A738-518149206B94}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{C92BE20E-650D-4A89-8303-EE79C2911ADE}] => C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{D7DA4A1F-48EF-43F3-AB30-FDFD8747587C}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{2B772AAC-773B-4876-AF7D-D14565F2997C}] => LPort=6994
FirewallRules: [{573E2ECA-F501-419D-94B7-CEFABCF834A9}] => LPort=6994
FirewallRules: [{FBC1D666-17D1-489A-9D02-C82E2A0BAD5D}] => LPort=6888
FirewallRules: [{E5C5C00B-E32F-4879-A63B-F9CF5FA6FA5C}] => LPort=6888
FirewallRules: [{2ECA2CFE-BC19-4B6A-ADBB-70B98E76E255}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{59CBD121-B7D9-4F0D-A0A4-6961E6289E4C}] => C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

03-02-2017 19:09:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: AppEx Networks Accelerator LWF
Description: AppEx Networks Accelerator LWF
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: APXACC
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 02:16:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MpCmdRun.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc8f9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x00000000000c9353
Faulting process id: 0x1560
Faulting application start time: 0x01d27e499f9b6402
Faulting application path: c:\program files\windows defender\MpCmdRun.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: df99714c-ea3c-11e6-84b3-60a44c2c477d

Error: (02/03/2017 10:05:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TouchClient.exe version 3.5.7.45015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7fc

Start Time: 01d27e26624b0138

Termination Time: 35

Application Path: C:\Touch\TouchClient.exe

Report Id:

Error: (02/03/2017 07:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MpCmdRun.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc8f9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000001883d
Faulting process id: 0xc58
Faulting application start time: 0x01d27e125612b577
Faulting application path: c:\program files\windows defender\MpCmdRun.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 948513e6-ea05-11e6-a4d9-60a44c2c477d

Error: (02/03/2017 06:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MpCmdRun.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc8f9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000001883d
Faulting process id: 0x11b8
Faulting application start time: 0x01d27e0b9a7fc13f
Faulting application path: c:\program files\windows defender\MpCmdRun.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: dc6f4591-e9fe-11e6-a4d9-60a44c2c477d

Error: (02/03/2017 11:58:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0x80070006
Fault offset: 0x000000000000b3dd
Faulting process id: 0x7f8
Faulting application start time: 0x01d27d91bfd6cd14
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: fe74a1c3-e9c4-11e6-8d9f-60a44c2c477d

Error: (02/03/2017 07:07:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IDMan.exe version 6.26.8.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b4

Start Time: 01d27da8f80aba31

Termination Time: 26

Application Path: C:\Program Files (x86)\Internet Download Manager\IDMan.exe

Report Id: 5ecd0d8c-e99c-11e6-8d9f-60a44c2c477d

Error: (02/03/2017 05:16:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MpCmdRun.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc8f9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x00000000000c9353
Faulting process id: 0x1040
Faulting application start time: 0x01d27d99a011b740
Faulting application path: c:\program files\windows defender\MpCmdRun.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: dfe817b5-e98c-11e6-8d9f-60a44c2c477d

Error: (02/03/2017 01:16:22 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1618205624-3503738366-1965457278-1389}/">.

Error: (02/03/2017 12:01:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000029c86
Faulting process id: 0xb6c
Faulting application start time: 0x01d27d6aad5da083
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: e847697d-e960-11e6-8763-60a44c2c477d

Error: (02/02/2017 10:26:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WTFast.Service.exe, version: 4.2.2.862, time stamp: 0x57e56b1d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00631a48
Faulting process id: 0x934
Faulting application start time: 0x01d27d5e43883d5c
Faulting application path: C:\Program Files (x86)\WTFast\service\WTFast.Service.exe
Faulting module path: unknown
Report Id: a494e41f-e953-11e6-b3b9-60a44c2c477d


System errors:
=============
Error: (02/04/2017 02:31:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/04/2017 02:30:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/04/2017 02:30:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/03/2017 09:34:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/03/2017 09:33:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/03/2017 09:33:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
The system cannot find the file specified.

Error: (02/03/2017 05:51:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/03/2017 05:50:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/03/2017 05:50:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/03/2017 05:50:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


==================== Memory info =========================== 

Processor: AMD A4-5300 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 4057.65 MB
Available physical RAM: 2760.18 MB
Total Virtual: 8113.5 MB
Available Virtual: 6237.25 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:227.94 GB) (Free:96.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:237.82 GB) (Free:151.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EF81EF81)
Partition 1: (Active) - (Size=227.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.8 GB) - (Type=05)

==================== End of Addition.txt ============================

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Marnel (administrator) on RCX00-PC (04-02-2017 03:15:39)
Running from C:\Users\Marnel\Downloads
Loaded Profiles: Marnel (Available Profiles: Marnel & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Solid State Networks) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
() C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3994736 2016-10-23] (Tonec Inc.)
HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-22] (Piriform Ltd)
HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9136168 2016-12-22] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-16] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\UltimateSecurityPackage\Freshla.dll => No File
AppInit_DLLs-x32: C:\ProgramData\UltimateSecurityPackage\Faxis.dll => No File
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{24C1F3D4-3955-4611-9ECA-CCD3475CAEEB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{526D58D6-A93B-444C-A7C4-CDC6944B0F8C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{540911FC-0D4E-486F-BA2E-397B323C3F3F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3116FB4-A61C-4A48-B6D1-F91037205825}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-11] (Internet Download Manager, Tonec Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-11]
FF HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Marnel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Marnel\AppData\Roaming\IDM\idmmzcc5 [2017-02-04] [not signed]
FF HKU\S-1-5-21-1618205624-3503738366-1965457278-1389\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\RCX00\AppData\Roaming\raidcall\plugins\nprcplugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Google Drive) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (IDM Integration Module) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR Profile: C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-04]
CHR Extension: (Google Sheets) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-04]
CHR Extension: (Skype) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-04]
CHR Extension: (IDM Integration Module) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-04]
CHR Extension: (Gmail) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR Profile: C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-02-04]
CHR Profile: C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-02-04]
CHR Extension: (Google Slides) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-04]
CHR Extension: (Google Docs) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-04]
CHR Extension: (Google Drive) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-04]
CHR Extension: (YouTube) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-04]
CHR Extension: (Google Sheets) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-04]
CHR Extension: (Skype) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-04]
CHR Extension: (IDM Integration Module) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-04]
CHR Extension: (Gmail) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\Marnel\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\RCX00\AppData\Local\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\RCX00\AppData\Local\Slick Savings\coupons.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-23]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14246 2016-12-14] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5206216 2013-10-04] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-24] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2015-06-15] () [File not signed]
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2014-03-07] (TENCENT) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-10-19] (Acronis)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag264.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\D:\Program Files\Garena Messenger\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\ADMINI~1\AppData\Local\Temp\gkernel.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 03:15 - 2017-02-04 03:16 - 00025300 _____ C:\Users\Marnel\Downloads\FRST.txt
2017-02-04 03:15 - 2017-02-04 03:15 - 00000000 ____D C:\FRST
2017-02-04 02:46 - 2017-02-04 02:47 - 02420736 _____ (Farbar) C:\Users\Marnel\Downloads\FRST64.exe
2017-02-04 01:43 - 2017-02-04 01:43 - 00000000 ____D C:\Users\Marnel\Desktop\Sigs
2017-02-04 01:32 - 2017-02-04 02:00 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Adobe
2017-02-04 01:32 - 2017-02-04 01:32 - 00000000 ____D C:\Users\Marnel\AppData\Local\Adobe
2017-02-04 01:29 - 2017-02-04 01:56 - 00000132 _____ C:\Users\Marnel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-04 01:26 - 2017-02-04 01:26 - 00000000 ____D C:\Users\Marnel\AppData\LocalLow\Adobe
2017-02-03 23:50 - 2017-02-03 23:52 - 00000000 ____D C:\Users\Marnel\Documents\C9
2017-02-03 23:50 - 2017-02-03 23:50 - 00000945 _____ C:\Users\Marnel\Desktop\C9Launcher - Shortcut.lnk
2017-02-03 23:45 - 2017-02-03 23:45 - 00000945 _____ C:\Users\Administrator\Desktop\C9Launcher - Shortcut.lnk
2017-02-03 23:13 - 2017-02-03 23:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\LolClient
2017-02-03 23:13 - 2017-02-03 23:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-02-03 23:12 - 2017-02-03 23:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GarenaPlus
2017-02-03 23:12 - 2017-02-03 23:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Garena
2017-02-03 22:06 - 2017-02-03 22:06 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Unity
2017-02-03 21:38 - 2017-02-03 21:38 - 00000000 ____D C:\TouchDefence
2017-02-03 21:35 - 2017-02-04 02:30 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-02-03 13:03 - 2017-02-03 13:03 - 00014848 ___SH C:\Users\Marnel\Desktop\Thumbs.db
2017-02-03 12:43 - 2017-02-03 12:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-02-03 12:42 - 2017-02-03 12:58 - 00002225 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2017-02-03 12:40 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-02-03 12:40 - 2017-02-03 12:42 - 00000000 ____D C:\Users\Administrator
2017-02-03 12:40 - 2017-02-03 12:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-02-03 12:40 - 2017-02-03 12:40 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-02-03 12:40 - 2017-02-03 12:40 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-02-03 12:40 - 2017-02-03 12:40 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-02-03 12:40 - 2017-02-03 12:40 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-02-03 12:40 - 2014-10-18 21:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-02-03 12:40 - 2009-07-14 15:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-02-03 08:50 - 2017-02-04 01:26 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\NVIDIA
2017-02-03 08:48 - 2017-02-03 08:48 - 00000913 _____ C:\Users\Marnel\Desktop\Multi-MEmu.lnk
2017-02-03 08:48 - 2017-02-03 08:48 - 00000897 _____ C:\Users\Marnel\Desktop\MEmu.lnk
2017-02-03 08:48 - 2017-02-03 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEmu
2017-02-03 08:46 - 2017-02-03 14:31 - 00000000 ____D C:\Users\Marnel\.MemuHyperv
2017-02-03 08:45 - 2017-02-03 08:50 - 00000000 ____D C:\Users\Marnel\.android
2017-02-03 08:14 - 2017-02-03 11:57 - 00000836 _____ C:\Users\Marnel\Desktop\Resume download of C9.lnk
2017-02-03 07:23 - 2017-02-03 07:23 - 00000000 ____D C:\ProgramData\WEBZEN
2017-02-03 07:19 - 2017-02-03 07:19 - 00000414 _____ C:\Users\Marnel\Downloads\c9.txt
2017-02-03 07:12 - 2017-02-04 03:17 - 00016710 _____ C:\Windows\System32\Tasks\60a56906b63
2017-02-03 07:12 - 2017-02-03 07:12 - 00000000 ___HD C:\ProgramData\60a56906b63
2017-02-03 07:11 - 2017-02-03 07:11 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\WinRAR
2017-02-03 07:11 - 2016-12-23 16:57 - 00000000 ____D C:\Users\Marnel\Desktop\Crack
2017-02-03 05:43 - 2017-02-03 05:43 - 00001159 _____ C:\Users\Marnel\Desktop\O2Mania English - Shortcut.lnk
2017-02-03 04:28 - 2017-02-03 04:29 - 00000000 ____D C:\Users\Marnel\AppData\Local\ElevatedDiagnostics
2017-02-03 02:38 - 2017-02-03 02:38 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\LolClient
2017-02-03 01:32 - 2017-02-03 01:40 - 00000000 ____D C:\Users\Marnel\Documents\GTA San Andreas User Files
2017-02-03 01:32 - 2017-02-03 01:32 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-03 01:25 - 2017-02-04 00:51 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\vlc
2017-02-03 01:23 - 2017-02-03 01:23 - 00000000 ____D C:\Users\Marnel\AppData\Local\Steam
2017-02-03 01:23 - 2017-02-03 01:23 - 00000000 ____D C:\Users\Marnel\AppData\Local\CEF
2017-02-03 01:15 - 2017-02-03 14:01 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-03 01:15 - 2017-02-03 01:15 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-03 01:15 - 2017-02-03 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-03 01:15 - 2017-02-03 01:15 - 00000000 ____D C:\Program Files\CCleaner
2017-02-03 01:14 - 2017-02-03 01:15 - 08813488 _____ (Piriform Ltd) C:\Users\Marnel\Desktop\ccsetup526.exe
2017-02-03 01:12 - 2017-02-03 01:12 - 00054713 _____ C:\Users\Marnel\Downloads\3e7a855807939d489577d4302ffaf9ae.html
2017-02-03 01:08 - 2017-02-04 02:31 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\DMCache
2017-02-03 01:08 - 2017-02-03 01:21 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\IDM
2017-02-03 01:08 - 2017-02-03 01:11 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-02-03 01:08 - 2017-02-03 01:08 - 00000983 _____ C:\Users\Marnel\Desktop\Internet Download Manager.lnk
2017-02-03 01:08 - 2017-02-03 01:08 - 00000000 ____D C:\Users\Marnel\Downloads\Video
2017-02-03 01:08 - 2017-02-03 01:08 - 00000000 ____D C:\Users\Marnel\Downloads\Compressed
2017-02-03 01:08 - 2017-02-03 01:08 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-03 01:08 - 2017-02-03 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-03 01:02 - 2017-02-03 01:02 - 00000000 ____D C:\Users\Marnel\AppData\Local\Blizzard Entertainment
2017-02-03 01:01 - 2017-02-03 01:02 - 00000000 ____D C:\Users\Marnel\AppData\Local\Battle.net
2017-02-03 01:01 - 2017-02-03 01:01 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Battle.net
2017-02-03 00:26 - 2017-02-03 00:26 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Notepad++
2017-02-03 00:24 - 2017-02-03 22:05 - 00000000 ____D C:\Touch
2017-02-03 00:24 - 2017-02-03 00:24 - 00000572 _____ C:\Users\Public\Desktop\Touch.lnk
2017-02-03 00:24 - 2017-02-03 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Touch
2017-02-03 00:23 - 2017-02-03 00:23 - 00112504 _____ C:\Users\Marnel\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-03 00:23 - 2017-02-03 00:23 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Garena
2017-02-03 00:22 - 2017-02-04 02:33 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\GarenaPlus
2017-02-03 00:18 - 2017-02-03 00:18 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\NCH Software
2017-02-03 00:18 - 2017-02-03 00:18 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\DAEMON Tools Lite
2017-02-03 00:15 - 2017-02-04 02:41 - 00002229 _____ C:\Users\Marnel\Desktop\Google Chrome.lnk
2017-02-03 00:15 - 2017-02-03 00:15 - 00000000 ____D C:\Users\Marnel\AppData\Local\NVIDIA
2017-02-03 00:14 - 2017-02-03 08:46 - 00000000 ____D C:\Users\Marnel
2017-02-03 00:14 - 2017-02-03 01:24 - 00000000 ____D C:\Users\Marnel\AppData\Local\Google
2017-02-03 00:14 - 2017-02-03 00:14 - 00000020 ___SH C:\Users\Marnel\ntuser.ini
2017-02-03 00:14 - 2017-02-03 00:14 - 00000000 _SHDL C:\Users\Marnel\My Documents
2017-02-03 00:14 - 2017-02-03 00:14 - 00000000 _SHDL C:\Users\Marnel\Documents\My Videos
2017-02-03 00:14 - 2017-02-03 00:14 - 00000000 _SHDL C:\Users\Marnel\Documents\My Pictures
2017-02-03 00:14 - 2017-02-03 00:14 - 00000000 _SHDL C:\Users\Marnel\Documents\My Music
2017-02-03 00:14 - 2014-10-18 21:37 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Macromedia
2017-02-03 00:14 - 2009-07-14 15:45 - 00000000 ____D C:\Users\Marnel\AppData\Roaming\Media Center Programs
2017-02-03 00:02 - 2017-02-03 00:06 - 01886860 _____ (Piriform Ltd) C:\Users\RCX00\Downloads\ccsetup526 (1).exe
2017-02-02 23:46 - 2017-02-02 23:54 - 00815084 _____ (Piriform Ltd) C:\Users\RCX00\Downloads\ccsetup526.exe
2017-02-02 23:37 - 2017-02-02 23:37 - 00133720 _____ C:\Users\RCX00\Downloads\Windows 7 Genuine Remove Tool.rar
2017-02-01 11:08 - 2017-02-01 11:08 - 00000000 ____D C:\Users\RCX00\AppData\Local\TeamSpeak 3
2017-02-01 11:08 - 2017-02-01 11:08 - 00000000 ____D C:\Users\RCX00\.TeamSpeak 3
2017-02-01 11:08 - 2017-02-01 11:08 - 00000000 ____D C:\Users\RCX00\.QtWebEngineProcess
2017-01-30 21:13 - 2015-07-18 21:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-01-30 21:13 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-01-26 16:31 - 2017-01-26 16:31 - 01246891 _____ C:\Users\RCX00\Downloads\Patch 002.rar
2017-01-23 20:24 - 2017-01-23 20:25 - 03240427 _____ C:\Users\RCX00\Downloads\RF Online Skin - Black Skin (new).rar
2017-01-23 03:40 - 2017-01-23 03:40 - 00000000 ____D C:\Users\RCX00\AppData\LocalLow\GameScience
2017-01-23 03:07 - 2017-01-23 03:07 - 00000222 _____ C:\Users\RCX00\Desktop\Art of War Red Tides.url
2017-01-21 07:40 - 2017-01-21 13:01 - 01560576 _____ C:\Users\RCX00\Documents\Normalizaztion.accdb
2017-01-21 07:39 - 2017-01-21 13:03 - 00462848 _____ C:\Users\RCX00\Documents\db_oop.accdb
2017-01-21 06:24 - 2017-01-21 07:39 - 00720896 _____ C:\Users\RCX00\Documents\Database4.accdb
2017-01-20 03:19 - 2017-01-20 03:19 - 00000040 ____H C:\1D1CDF7935FF
2017-01-20 03:09 - 2017-01-27 03:09 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-01-20 03:09 - 2017-01-20 03:09 - 00693520 _____ (NCH Software) C:\Users\RCX00\Downloads\disketchpsetup.exe
2017-01-20 03:09 - 2017-01-20 03:09 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\NCH Software
2017-01-20 03:09 - 2017-01-20 03:09 - 00000000 ____D C:\ProgramData\NCH Software
2017-01-19 22:53 - 2017-01-19 22:53 - 00171578 _____ C:\Users\RCX00\Downloads\rs2xml.jar
2017-01-19 18:25 - 2017-01-19 18:25 - 00000000 ____D C:\Users\RCX00\Downloads\mysql-connector-java-5.1.40
2017-01-19 18:22 - 2017-01-19 18:25 - 04263693 _____ C:\Users\RCX00\Downloads\mysql-connector-java-5.1.40.zip
2017-01-19 18:11 - 2017-01-19 18:11 - 00000000 ____D C:\Users\RCX00\Downloads\mysql-connector-java-5.0.8
2017-01-19 15:17 - 2017-01-19 15:22 - 08795408 _____ C:\Users\RCX00\Downloads\mysql-connector-java-5.0.8.zip
2017-01-18 09:19 - 2017-01-18 09:19 - 27750436 _____ C:\Users\RCX00\Downloads\QSG Patch.rar
2017-01-16 09:55 - 2017-01-16 09:55 - 00000000 ____D C:\Users\RCX00\.netbeans-derby
2017-01-11 13:45 - 2017-02-03 00:16 - 00000000 ____D C:\Program Files (x86)\Cheat Engine
2017-01-11 13:45 - 2017-01-11 13:45 - 03708905 _____ (Dark Byte ) C:\Users\RCX00\Downloads\Cheat Engine 5.4.exe
2017-01-11 13:15 - 2017-01-11 13:16 - 11863360 _____ (Cheat Engine ) C:\Users\RCX00\Downloads\CheatEngine66.exe
2017-01-05 12:58 - 2017-01-05 12:58 - 00000223 _____ C:\Users\RCX00\Desktop\right click chaos.ahk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 02:49 - 2016-03-17 10:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-04 02:42 - 2016-08-14 18:58 - 00000000 ____D C:\ProgramData\Adobe
2017-02-04 02:40 - 2009-07-14 12:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 02:40 - 2009-07-14 12:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 02:33 - 2015-06-07 23:05 - 00000000 ____D C:\ProgramData\GarenaMessenger
2017-02-04 02:30 - 2016-06-18 12:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-04 02:30 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-04 00:21 - 2009-07-14 13:13 - 00795422 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 00:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-02-04 00:16 - 2015-06-07 23:07 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-02-03 14:07 - 2015-07-24 16:14 - 00000000 ____D C:\Users\RCX00\AppData\Local\Warframe
2017-02-03 14:04 - 2015-06-07 20:44 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-03 14:04 - 2013-10-20 02:18 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-03 14:03 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2017-02-03 12:42 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-03 04:28 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-03 01:23 - 2014-01-07 19:27 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-03 01:02 - 2016-05-01 14:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-03 00:58 - 2015-11-15 22:55 - 00000000 ____D C:\Users\RCX00\AppData\Local\Overwolf
2017-02-03 00:55 - 2014-08-15 22:45 - 00000000 ____D C:\Users\RCX00\AppData\Local\Macromedia
2017-02-03 00:55 - 2013-10-19 14:42 - 00000000 ____D C:\Users\RCX00\AppData\Local\Microsoft Games
2017-02-03 00:53 - 2016-05-01 14:55 - 00000000 ____D C:\Users\RCX00\AppData\Local\Battle.net
2017-02-03 00:52 - 2016-12-14 21:07 - 00000000 ____D C:\Users\RCX00\AppData\Local\Adobe
2017-02-03 00:52 - 2016-12-08 01:50 - 00000000 ____D C:\Users\RCX00\AppData\Local\Adobe-BackupByPhotoshopCS6Portable
2017-02-03 00:44 - 2013-10-19 15:29 - 00000000 ____D C:\ProgramData\Skype
2017-02-03 00:41 - 2016-10-19 18:58 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-02-03 00:36 - 2016-06-21 12:02 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-03 00:35 - 2013-10-19 14:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-03 00:19 - 2016-08-17 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-03 00:19 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-02 23:58 - 2015-06-07 23:05 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\GarenaPlus
2017-02-02 23:58 - 2013-10-19 19:20 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\uTorrent
2017-02-02 23:52 - 2016-04-29 18:16 - 00000000 ___RD C:\Users\RCX00\Documents\MEGA
2017-02-02 23:32 - 2009-07-14 12:45 - 04970808 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-02 23:30 - 2016-04-23 21:42 - 00000000 ____D C:\Program Files\XSOUL-XM8
2017-02-02 23:09 - 2016-09-24 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-02-02 23:09 - 2016-09-24 04:56 - 00000000 ____D C:\Program Files (x86)\DAUM
2017-02-02 22:52 - 2016-03-31 15:39 - 00000000 ____D C:\Program Files (x86)\R.G. Freedom
2017-02-02 22:47 - 2013-10-19 14:16 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-02 22:45 - 2016-12-18 16:12 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\Spotify
2017-02-02 22:45 - 2009-07-14 15:46 - 00000000 ____D C:\Windows\ShellNew
2017-02-02 22:44 - 2014-02-08 13:15 - 00000000 ____D C:\Users\RCX00\AppData\Local\SKIDROW
2017-02-02 22:42 - 2015-01-04 21:23 - 00000000 ____D C:\ProgramData\DatacardService
2017-02-02 22:40 - 2016-07-10 20:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-02 22:37 - 2016-08-17 21:56 - 00000000 ____D C:\Users\RCX00\AppData\LocalLow\Weappy
2017-02-02 22:32 - 2014-01-07 19:37 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-02 22:28 - 2016-04-26 21:07 - 00000000 ____D C:\Program Files (x86)\WGA Remover
2017-02-02 22:26 - 2016-10-01 13:01 - 00000000 ____D C:\Program Files (x86)\WTFast
2017-02-02 22:26 - 2016-06-28 19:53 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\5kplayer
2017-02-02 22:17 - 2016-11-20 23:58 - 00000000 ___RD C:\Users\RCX00\Google Drive
2017-02-02 22:12 - 2013-10-19 14:11 - 00000000 ____D C:\Users\RCX00
2017-01-26 16:41 - 2016-08-02 05:49 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\discord
2017-01-25 21:03 - 2016-03-31 16:08 - 00000000 ____D C:\Users\RCX00\Documents\American Truck Simulator
2017-01-20 21:55 - 2016-03-10 18:53 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-20 11:44 - 2015-10-22 22:30 - 00000000 ____D C:\Program Files\NetBeans 8.0.2
2017-01-20 03:30 - 2016-12-15 04:35 - 00000000 ____D C:\Users\RCX00\Documents\dumps
2017-01-20 03:19 - 2016-12-14 21:07 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\Adobe
2017-01-16 09:59 - 2015-10-23 07:46 - 00000000 ____D C:\Users\RCX00\Documents\NetBeansProjects
2017-01-12 22:09 - 2015-07-23 12:44 - 00000000 ____D C:\Users\RCX00\AppData\Local\Steam
2017-01-12 05:19 - 2016-12-23 01:17 - 00002176 _____ C:\Users\RCX00\Desktop\Discord.lnk
2017-01-12 05:19 - 2016-08-02 05:49 - 00000000 ____D C:\Users\RCX00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 17:11 - 2015-09-16 13:30 - 00000000 ____D C:\Users\RCX00\Documents\Visual Studio 2015
2017-01-11 15:38 - 2016-03-10 18:53 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-11 15:26 - 2016-03-10 18:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 02:49 - 2016-03-17 10:36 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 02:49 - 2016-03-17 10:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 02:49 - 2016-03-17 10:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 02:49 - 2016-03-17 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 02:49 - 2014-08-15 22:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-11-20 22:52 - 2016-11-21 00:24 - 7065600 _____ () C:\Program Files (x86)\GUT45C2.tmp
2017-02-04 01:29 - 2017-02-04 01:56 - 0000132 _____ () C:\Users\Marnel\AppData\Roaming\Adobe PNG Format CS6 Prefs
1998-05-11 20:01 - 1998-05-11 20:01 - 0039951 _____ () C:\ProgramData\WIN32.B

Some files in TEMP:
====================
2017-02-03 23:52 - 2017-02-03 23:52 - 0000081 _____ () C:\Users\Marnel\AppData\Local\Temp\59ce752ca35102bf60716ab8d110b07f.dll
2017-02-03 23:51 - 2017-02-03 23:51 - 0000512 _____ () C:\Users\Marnel\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll
2017-02-03 00:16 - 2017-02-03 00:16 - 0363208 _____ (BitRaider, LLC) C:\Users\Marnel\AppData\Local\Temp\BRSVC_2252389_hlp.exe
2017-02-03 02:23 - 2017-02-03 02:23 - 0097472 _____ () C:\Users\Marnel\AppData\Local\Temp\PH_patch_20170119to20170126.exe
2015-06-07 19:37 - 2015-06-07 20:42 - 302470552 _____ (AMD Inc.) C:\Users\RCX00\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-06-09 01:10 - 2014-12-05 14:43 - 6245888 _____ (Advanced Micro Devices, Inc.) C:\Users\RCX00\AppData\Local\Temp\AutoDetectUtilApp.exe
2016-01-12 15:02 - 2016-01-12 15:04 - 8210256 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\driver-updater-setup.exe
2015-04-05 14:49 - 2015-04-05 14:49 - 0204800 _____ (Sony DADC Austria AG) C:\Users\RCX00\AppData\Local\Temp\drm_dyndata_7380014.dll
2015-11-14 16:46 - 2004-08-18 16:37 - 0331776 _____ (Electronic Arts Inc.) C:\Users\RCX00\AppData\Local\Temp\eauninstall.exe
2016-03-19 21:33 - 2016-03-17 12:13 - 3585576 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn1556635582.dll
2016-03-10 14:58 - 2016-02-24 19:15 - 3258408 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn3073946679.dll
2016-01-30 18:47 - 2016-01-29 12:04 - 3340328 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn3680220437.dll
2016-03-24 08:58 - 2016-03-22 19:26 - 3584040 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn770000468.dll
2015-01-23 21:23 - 2015-01-23 21:23 - 0837368 _____ (Minecraft Projects) C:\Users\RCX00\AppData\Local\Temp\ICReinstall_luckyblock.exe
2016-07-30 02:51 - 2016-07-30 02:51 - 0741440 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-11-20 19:12 - 2016-11-20 19:12 - 0737856 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-03-09 03:06 - 2016-03-09 03:06 - 0736352 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\RCX00\AppData\Local\Temp\libeay32.dll
2016-07-30 03:52 - 2016-07-30 03:52 - 0683520 _____ () C:\Users\RCX00\AppData\Local\Temp\linker.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 0970912 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\msvcr120.dll
2015-01-18 19:20 - 2015-01-18 20:11 - 1833216 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
2015-08-27 09:59 - 2015-08-27 10:01 - 5621420 _____ () C:\Users\RCX00\AppData\Local\Temp\npp.6.8.1.Installer.exe
2016-08-14 17:25 - 2016-08-14 17:25 - 4211112 _____ () C:\Users\RCX00\AppData\Local\Temp\npp.6.9.2.Installer.exe
2015-12-30 18:20 - 2016-07-11 06:36 - 0735152 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI.dll
2016-06-18 12:38 - 2016-07-11 06:36 - 0859984 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI64.dll
2015-12-31 02:18 - 2016-07-11 06:36 - 0335296 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvStInst.exe
2016-01-12 15:02 - 2016-01-12 15:03 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup.exe
2016-01-12 15:02 - 2016-01-12 15:03 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_0.exe
2016-01-21 10:28 - 2016-01-21 10:28 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_1.exe
2015-11-11 15:16 - 2015-11-11 15:18 - 30147048 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150724to150727.exe
2015-11-11 15:20 - 2015-11-11 15:22 - 31537400 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150727to150729.exe
2015-11-11 15:23 - 2015-11-11 15:33 - 151425144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150729to150807.exe
2015-11-11 15:38 - 2015-11-11 15:47 - 125054560 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150807to150825.exe
2015-11-11 15:52 - 2015-11-11 16:01 - 117606144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150825to150909.exe
2015-11-11 16:05 - 2015-11-11 16:09 - 88832144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150909to150917.exe
2015-11-11 16:14 - 2015-11-11 16:16 - 28640728 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150917to150922.exe
2015-11-11 16:16 - 2015-11-11 16:28 - 164006584 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150922to151006.exe
2015-11-11 16:33 - 2015-11-11 16:41 - 104861416 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151006to151015.exe
2015-11-11 16:45 - 2015-11-11 17:06 - 249747672 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151015to151103.exe
2016-01-22 18:24 - 2016-01-22 18:37 - 297661400 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151103to151112.exe
2016-01-22 18:44 - 2016-01-22 18:45 - 13788392 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151112to151113.exe
2016-01-22 18:45 - 2016-01-22 18:58 - 282197720 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151113to151125.exe
2016-01-22 19:03 - 2016-01-22 19:03 - 25659672 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151125to151201.exe
2016-01-22 19:04 - 2016-01-22 19:06 - 162471168 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151201to151210.exe
2016-01-22 19:11 - 2016-01-22 19:12 - 180450360 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151210to160120.exe
2016-01-22 19:17 - 2016-01-22 19:18 - 44972704 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160120to160121.exe
2016-02-02 14:03 - 2016-02-02 14:06 - 252297296 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160121to160202.exe
2016-02-03 23:59 - 2016-02-03 23:59 - 24879424 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160202to160203.exe
2016-02-23 18:24 - 2016-02-23 18:36 - 230981048 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160203to160211.exe
2016-03-10 15:01 - 2016-03-10 15:12 - 175119160 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160211to160301.exe
2016-03-10 15:17 - 2016-03-10 15:25 - 128191312 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160301to160310.exe
2016-03-12 23:33 - 2016-03-12 23:33 - 2279216 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160310to160311.exe
2016-03-15 00:31 - 2016-03-15 00:32 - 17558600 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160311to160314.exe
2016-03-24 08:24 - 2016-03-24 08:35 - 206340600 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160314to160324.exe
2016-04-04 03:46 - 2016-04-04 03:46 - 13122712 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160324to160328.exe
2016-04-05 18:24 - 2016-04-05 18:26 - 45363128 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160328to160401.exe
2016-04-07 19:07 - 2016-04-07 19:25 - 380076808 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160401to160407.exe
2016-04-28 20:47 - 2016-04-28 20:57 - 325372264 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160407to160421.exe
2016-04-29 11:38 - 2016-04-29 11:39 - 12436912 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160421to160422.exe
2016-05-05 15:49 - 2016-05-05 15:55 - 221088920 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160422to160505.exe
2016-05-20 20:42 - 2016-05-20 20:42 - 13566816 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160505to160506.exe
2016-05-20 20:43 - 2016-05-20 20:51 - 273520192 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160506to160519.exe
2016-06-10 10:17 - 2016-06-10 10:24 - 173300480 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160519to160607.exe
2016-06-28 14:22 - 2016-06-28 14:24 - 127437224 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160607to160616.exe
2016-06-28 14:44 - 2016-06-28 14:44 - 13337912 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160616to160621.exe
2016-08-21 16:49 - 2016-08-21 16:52 - 143484704 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160621to160630.exe
2016-08-21 17:07 - 2016-08-21 17:12 - 214328576 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160630to160714.exe
2016-08-21 17:18 - 2016-08-21 17:23 - 220898336 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160714to160726.exe
2016-08-21 17:29 - 2016-08-21 17:30 - 29985816 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160726to160803.exe
2016-08-21 17:30 - 2016-08-21 17:36 - 231746224 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160803to160811.exe
2016-08-21 17:41 - 2016-08-21 17:42 - 15851840 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160811to160816_1.exe
2016-10-30 14:02 - 2016-10-30 14:02 - 0095528 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160816to20160825.exe
2016-10-30 14:20 - 2016-10-30 14:20 - 0095304 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160825to20160913.exe
2016-10-30 14:37 - 2016-10-30 14:37 - 0100024 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160913to20160922.exe
2016-10-30 14:42 - 2016-10-30 14:42 - 0088664 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160922to20160928.exe
2016-10-30 14:44 - 2016-10-30 14:44 - 0090608 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160928to20160929.exe
2016-10-30 14:53 - 2016-10-30 14:53 - 0094144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160929to20161006_1.exe
2016-10-30 15:06 - 2016-10-30 15:06 - 0094840 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161006to20161020.exe
2016-11-10 19:24 - 2016-11-10 19:24 - 0098064 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161020to20161110_1.exe
2016-11-22 13:10 - 2016-11-22 13:11 - 0093736 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161110to20161122.exe
2016-12-09 01:00 - 2016-12-09 01:00 - 0095664 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161122to20161208_1.exe
2016-12-16 17:56 - 2016-12-16 17:57 - 0090640 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161208to20161215.exe
2017-01-16 23:52 - 2017-01-16 23:52 - 0090568 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161215to20170106.exe
2017-01-17 00:13 - 2017-01-17 00:13 - 0099168 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170106to20170112.exe
2017-01-17 00:23 - 2017-01-17 00:24 - 0091312 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170112to20170114.exe
2017-02-02 22:48 - 2017-02-02 22:49 - 0090432 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170114to20170119.exe
2016-07-30 03:52 - 2016-07-30 03:52 - 11189600 _____ (promptdownloader.com) C:\Users\RCX00\AppData\Local\Temp\Prompt-Downloader-1373270740.exe
2015-06-07 21:11 - 2015-11-25 18:47 - 61022552 _____ () C:\Users\RCX00\AppData\Local\Temp\raptrpatch.exe
2015-06-07 21:11 - 2015-11-25 18:43 - 0221632 _____ () C:\Users\RCX00\AppData\Local\Temp\raptr_stub.exe
2016-06-21 12:10 - 2016-06-21 12:10 - 1380712 _____ () C:\Users\RCX00\AppData\Local\Temp\RazerCortex_ClientManager_Steam_Setup.exe
2016-07-30 03:50 - 2016-07-30 03:50 - 0943104 _____ () C:\Users\RCX00\AppData\Local\Temp\Removewat Final__9774_il63008.exe
2016-10-19 19:15 - 2017-02-02 23:09 - 0192512 _____ () C:\Users\RCX00\AppData\Local\Temp\sfamcc00001.dll
2016-10-19 19:15 - 2017-02-02 23:09 - 0158720 _____ () C:\Users\RCX00\AppData\Local\Temp\sfareca00001.dll
2015-02-11 01:56 - 2015-02-11 01:56 - 0105984 _____ () C:\Users\RCX00\AppData\Local\Temp\sfextra.dll
2015-05-31 19:18 - 2016-06-10 14:59 - 41774720 _____ (Skype Technologies S.A.) C:\Users\RCX00\AppData\Local\Temp\SkypeSetup.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 0772672 _____ () C:\Users\RCX00\AppData\Local\Temp\sqlite3.dll
2015-11-14 16:54 - 2004-08-18 16:33 - 0086016 _____ (EA) C:\Users\RCX00\AppData\Local\Temp\The Sims 2_uninst.exe
2015-06-08 04:22 - 2015-06-08 04:22 - 0716473 _____ () C:\Users\RCX00\AppData\Local\Temp\ubi1BC0.tmp.exe
2017-01-30 21:01 - 2017-01-30 21:01 - 14773216 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\vcredist_x64.exe
2016-03-09 11:04 - 2016-03-09 11:06 - 28849904 _____ () C:\Users\RCX00\AppData\Local\Temp\vlc-2.2.1-win32.exe
2015-08-03 07:58 - 2015-08-03 07:58 - 0118784 _____ () C:\Users\RCX00\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-03 05:18

==================== End of FRST.txt ============================

Attached Files


Edited by Marnel, 03 February 2017 - 02:25 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 03 February 2017 - 08:29 PM

Welcome back. :)
 
Download the attached file and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
 
 
Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Marnel

Marnel
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:50 PM

Posted 03 February 2017 - 10:54 PM

Thank you for helping me :)

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Marnel (04-02-2017 11:15:18) Run:1
Running from C:\Users\Marnel\Downloads
Loaded Profiles: Marnel (Available Profiles: Marnel & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {5D655676-668B-4B11-8398-67342F94C592} - System32\Tasks\60a56906b63 => Rundll32.exe "C:\ProgramData\60a56906b63\60a56906b63.dll",GetProxyDllInfo <==== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
AppInit_DLLs: C:\ProgramData\UltimateSecurityPackage\Freshla.dll => No File
AppInit_DLLs-x32: C:\ProgramData\UltimateSecurityPackage\Faxis.dll => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\RCX00\AppData\Roaming\raidcall\plugins\nprcplugin.dll [No File]
S3 gkernel; \??\C:\Users\ADMINI~1\AppData\Local\Temp\gkernel.sys [X]
2017-02-03 23:52 - 2017-02-03 23:52 - 0000081 _____ () C:\Users\Marnel\AppData\Local\Temp\59ce752ca35102bf60716ab8d110b07f.dll
2017-02-03 23:51 - 2017-02-03 23:51 - 0000512 _____ () C:\Users\Marnel\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll
2017-02-03 00:16 - 2017-02-03 00:16 - 0363208 _____ (BitRaider, LLC) C:\Users\Marnel\AppData\Local\Temp\BRSVC_2252389_hlp.exe
2017-02-03 02:23 - 2017-02-03 02:23 - 0097472 _____ () C:\Users\Marnel\AppData\Local\Temp\PH_patch_20170119to20170126.exe
2015-06-07 19:37 - 2015-06-07 20:42 - 302470552 _____ (AMD Inc.) C:\Users\RCX00\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-06-09 01:10 - 2014-12-05 14:43 - 6245888 _____ (Advanced Micro Devices, Inc.) C:\Users\RCX00\AppData\Local\Temp\AutoDetectUtilApp.exe
2016-01-12 15:02 - 2016-01-12 15:04 - 8210256 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\driver-updater-setup.exe
2015-04-05 14:49 - 2015-04-05 14:49 - 0204800 _____ (Sony DADC Austria AG) C:\Users\RCX00\AppData\Local\Temp\drm_dyndata_7380014.dll
2015-11-14 16:46 - 2004-08-18 16:37 - 0331776 _____ (Electronic Arts Inc.) C:\Users\RCX00\AppData\Local\Temp\eauninstall.exe
2016-03-19 21:33 - 2016-03-17 12:13 - 3585576 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn1556635582.dll
2016-03-10 14:58 - 2016-02-24 19:15 - 3258408 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn3073946679.dll
2016-01-30 18:47 - 2016-01-29 12:04 - 3340328 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn3680220437.dll
2016-03-24 08:58 - 2016-03-22 19:26 - 3584040 _____ () C:\Users\RCX00\AppData\Local\Temp\ggspawn770000468.dll
2015-01-23 21:23 - 2015-01-23 21:23 - 0837368 _____ (Minecraft Projects) C:\Users\RCX00\AppData\Local\Temp\ICReinstall_luckyblock.exe
2016-07-30 02:51 - 2016-07-30 02:51 - 0741440 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-11-20 19:12 - 2016-11-20 19:12 - 0737856 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-03-09 03:06 - 2016-03-09 03:06 - 0736352 _____ (Oracle Corporation) C:\Users\RCX00\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\RCX00\AppData\Local\Temp\libeay32.dll
2016-07-30 03:52 - 2016-07-30 03:52 - 0683520 _____ () C:\Users\RCX00\AppData\Local\Temp\linker.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 0970912 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\msvcr120.dll
2015-01-18 19:20 - 2015-01-18 20:11 - 1833216 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
2015-08-27 09:59 - 2015-08-27 10:01 - 5621420 _____ () C:\Users\RCX00\AppData\Local\Temp\npp.6.8.1.Installer.exe
2016-08-14 17:25 - 2016-08-14 17:25 - 4211112 _____ () C:\Users\RCX00\AppData\Local\Temp\npp.6.9.2.Installer.exe
2015-12-30 18:20 - 2016-07-11 06:36 - 0735152 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI.dll
2016-06-18 12:38 - 2016-07-11 06:36 - 0859984 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI64.dll
2015-12-31 02:18 - 2016-07-11 06:36 - 0335296 _____ (NVIDIA Corporation) C:\Users\RCX00\AppData\Local\Temp\nvStInst.exe
2016-01-12 15:02 - 2016-01-12 15:03 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup.exe
2016-01-12 15:02 - 2016-01-12 15:03 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_0.exe
2016-01-21 10:28 - 2016-01-21 10:28 - 5590184 _____ (Auslogics Labs Pty Ltd                                      ) C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_1.exe
2015-11-11 15:16 - 2015-11-11 15:18 - 30147048 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150724to150727.exe
2015-11-11 15:20 - 2015-11-11 15:22 - 31537400 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150727to150729.exe
2015-11-11 15:23 - 2015-11-11 15:33 - 151425144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150729to150807.exe
2015-11-11 15:38 - 2015-11-11 15:47 - 125054560 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150807to150825.exe
2015-11-11 15:52 - 2015-11-11 16:01 - 117606144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150825to150909.exe
2015-11-11 16:05 - 2015-11-11 16:09 - 88832144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150909to150917.exe
2015-11-11 16:14 - 2015-11-11 16:16 - 28640728 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150917to150922.exe
2015-11-11 16:16 - 2015-11-11 16:28 - 164006584 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_150922to151006.exe
2015-11-11 16:33 - 2015-11-11 16:41 - 104861416 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151006to151015.exe
2015-11-11 16:45 - 2015-11-11 17:06 - 249747672 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151015to151103.exe
2016-01-22 18:24 - 2016-01-22 18:37 - 297661400 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151103to151112.exe
2016-01-22 18:44 - 2016-01-22 18:45 - 13788392 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151112to151113.exe
2016-01-22 18:45 - 2016-01-22 18:58 - 282197720 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151113to151125.exe
2016-01-22 19:03 - 2016-01-22 19:03 - 25659672 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151125to151201.exe
2016-01-22 19:04 - 2016-01-22 19:06 - 162471168 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151201to151210.exe
2016-01-22 19:11 - 2016-01-22 19:12 - 180450360 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_151210to160120.exe
2016-01-22 19:17 - 2016-01-22 19:18 - 44972704 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160120to160121.exe
2016-02-02 14:03 - 2016-02-02 14:06 - 252297296 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160121to160202.exe
2016-02-03 23:59 - 2016-02-03 23:59 - 24879424 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160202to160203.exe
2016-02-23 18:24 - 2016-02-23 18:36 - 230981048 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160203to160211.exe
2016-03-10 15:01 - 2016-03-10 15:12 - 175119160 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160211to160301.exe
2016-03-10 15:17 - 2016-03-10 15:25 - 128191312 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160301to160310.exe
2016-03-12 23:33 - 2016-03-12 23:33 - 2279216 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160310to160311.exe
2016-03-15 00:31 - 2016-03-15 00:32 - 17558600 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160311to160314.exe
2016-03-24 08:24 - 2016-03-24 08:35 - 206340600 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160314to160324.exe
2016-04-04 03:46 - 2016-04-04 03:46 - 13122712 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160324to160328.exe
2016-04-05 18:24 - 2016-04-05 18:26 - 45363128 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160328to160401.exe
2016-04-07 19:07 - 2016-04-07 19:25 - 380076808 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160401to160407.exe
2016-04-28 20:47 - 2016-04-28 20:57 - 325372264 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160407to160421.exe
2016-04-29 11:38 - 2016-04-29 11:39 - 12436912 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160421to160422.exe
2016-05-05 15:49 - 2016-05-05 15:55 - 221088920 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160422to160505.exe
2016-05-20 20:42 - 2016-05-20 20:42 - 13566816 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160505to160506.exe
2016-05-20 20:43 - 2016-05-20 20:51 - 273520192 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160506to160519.exe
2016-06-10 10:17 - 2016-06-10 10:24 - 173300480 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160519to160607.exe
2016-06-28 14:22 - 2016-06-28 14:24 - 127437224 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160607to160616.exe
2016-06-28 14:44 - 2016-06-28 14:44 - 13337912 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160616to160621.exe
2016-08-21 16:49 - 2016-08-21 16:52 - 143484704 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160621to160630.exe
2016-08-21 17:07 - 2016-08-21 17:12 - 214328576 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160630to160714.exe
2016-08-21 17:18 - 2016-08-21 17:23 - 220898336 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160714to160726.exe
2016-08-21 17:29 - 2016-08-21 17:30 - 29985816 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160726to160803.exe
2016-08-21 17:30 - 2016-08-21 17:36 - 231746224 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160803to160811.exe
2016-08-21 17:41 - 2016-08-21 17:42 - 15851840 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_160811to160816_1.exe
2016-10-30 14:02 - 2016-10-30 14:02 - 0095528 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160816to20160825.exe
2016-10-30 14:20 - 2016-10-30 14:20 - 0095304 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160825to20160913.exe
2016-10-30 14:37 - 2016-10-30 14:37 - 0100024 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160913to20160922.exe
2016-10-30 14:42 - 2016-10-30 14:42 - 0088664 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160922to20160928.exe
2016-10-30 14:44 - 2016-10-30 14:44 - 0090608 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160928to20160929.exe
2016-10-30 14:53 - 2016-10-30 14:53 - 0094144 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160929to20161006_1.exe
2016-10-30 15:06 - 2016-10-30 15:06 - 0094840 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161006to20161020.exe
2016-11-10 19:24 - 2016-11-10 19:24 - 0098064 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161020to20161110_1.exe
2016-11-22 13:10 - 2016-11-22 13:11 - 0093736 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161110to20161122.exe
2016-12-09 01:00 - 2016-12-09 01:00 - 0095664 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161122to20161208_1.exe
2016-12-16 17:56 - 2016-12-16 17:57 - 0090640 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161208to20161215.exe
2017-01-16 23:52 - 2017-01-16 23:52 - 0090568 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161215to20170106.exe
2017-01-17 00:13 - 2017-01-17 00:13 - 0099168 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170106to20170112.exe
2017-01-17 00:23 - 2017-01-17 00:24 - 0091312 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170112to20170114.exe
2017-02-02 22:48 - 2017-02-02 22:49 - 0090432 _____ () C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170114to20170119.exe
2016-07-30 03:52 - 2016-07-30 03:52 - 11189600 _____ (promptdownloader.com) C:\Users\RCX00\AppData\Local\Temp\Prompt-Downloader-1373270740.exe
2015-06-07 21:11 - 2015-11-25 18:47 - 61022552 _____ () C:\Users\RCX00\AppData\Local\Temp\raptrpatch.exe
2015-06-07 21:11 - 2015-11-25 18:43 - 0221632 _____ () C:\Users\RCX00\AppData\Local\Temp\raptr_stub.exe
2016-06-21 12:10 - 2016-06-21 12:10 - 1380712 _____ () C:\Users\RCX00\AppData\Local\Temp\RazerCortex_ClientManager_Steam_Setup.exe
2016-07-30 03:50 - 2016-07-30 03:50 - 0943104 _____ () C:\Users\RCX00\AppData\Local\Temp\Removewat Final__9774_il63008.exe
2016-10-19 19:15 - 2017-02-02 23:09 - 0192512 _____ () C:\Users\RCX00\AppData\Local\Temp\sfamcc00001.dll
2016-10-19 19:15 - 2017-02-02 23:09 - 0158720 _____ () C:\Users\RCX00\AppData\Local\Temp\sfareca00001.dll
2015-02-11 01:56 - 2015-02-11 01:56 - 0105984 _____ () C:\Users\RCX00\AppData\Local\Temp\sfextra.dll
2015-05-31 19:18 - 2016-06-10 14:59 - 41774720 _____ (Skype Technologies S.A.) C:\Users\RCX00\AppData\Local\Temp\SkypeSetup.exe
2016-08-13 05:36 - 2016-08-13 05:36 - 0772672 _____ () C:\Users\RCX00\AppData\Local\Temp\sqlite3.dll
2015-11-14 16:54 - 2004-08-18 16:33 - 0086016 _____ (EA) C:\Users\RCX00\AppData\Local\Temp\The Sims 2_uninst.exe
2015-06-08 04:22 - 2015-06-08 04:22 - 0716473 _____ () C:\Users\RCX00\AppData\Local\Temp\ubi1BC0.tmp.exe
2017-01-30 21:01 - 2017-01-30 21:01 - 14773216 _____ (Microsoft Corporation) C:\Users\RCX00\AppData\Local\Temp\vcredist_x64.exe
2016-03-09 11:04 - 2016-03-09 11:06 - 28849904 _____ () C:\Users\RCX00\AppData\Local\Temp\vlc-2.2.1-win32.exe
2015-08-03 07:58 - 2015-08-03 07:58 - 0118784 _____ () C:\Users\RCX00\AppData\Local\Temp\xmlUpdater.exe
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
CMD: bitsadmin.exe /reset /allusers
EmptyTemp:
Reboot:
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5D655676-668B-4B11-8398-67342F94C592} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D655676-668B-4B11-8398-67342F94C592} => key removed successfully
C:\Windows\System32\Tasks\60a56906b63 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\60a56906b63 => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => key removed successfully
"C:\ProgramData\UltimateSecurityPackage\Freshla.dll" => Value data removed successfully.
"C:\ProgramData\UltimateSecurityPackage\Faxis.dll" => Value data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@raidcall.en/RCplugin => key removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
C:\Users\Marnel\AppData\Local\Temp\59ce752ca35102bf60716ab8d110b07f.dll => moved successfully
C:\Users\Marnel\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll => moved successfully
C:\Users\Marnel\AppData\Local\Temp\BRSVC_2252389_hlp.exe => moved successfully
C:\Users\Marnel\AppData\Local\Temp\PH_patch_20170119to20170126.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\AutoDetectUtilApp.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\driver-updater-setup.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\drm_dyndata_7380014.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ggspawn1556635582.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ggspawn3073946679.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ggspawn3680220437.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ggspawn770000468.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ICReinstall_luckyblock.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\linker.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\npp.6.8.1.Installer.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\npp.6.9.2.Installer.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_0.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\pc-status-monitor-setup_1.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150724to150727.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150727to150729.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150729to150807.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150807to150825.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150825to150909.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150909to150917.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150917to150922.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_150922to151006.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151006to151015.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151015to151103.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151103to151112.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151112to151113.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151113to151125.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151125to151201.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151201to151210.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_151210to160120.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160120to160121.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160121to160202.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160202to160203.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160203to160211.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160211to160301.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160301to160310.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160310to160311.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160311to160314.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160314to160324.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160324to160328.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160328to160401.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160401to160407.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160407to160421.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160421to160422.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160422to160505.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160505to160506.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160506to160519.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160519to160607.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160607to160616.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160616to160621.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160621to160630.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160630to160714.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160714to160726.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160726to160803.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160803to160811.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_160811to160816_1.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160816to20160825.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160825to20160913.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160913to20160922.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160922to20160928.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160928to20160929.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20160929to20161006_1.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161006to20161020.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161020to20161110_1.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161110to20161122.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161122to20161208_1.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161208to20161215.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20161215to20170106.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170106to20170112.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170112to20170114.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\PH_patch_20170114to20170119.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\Prompt-Downloader-1373270740.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\raptrpatch.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\RazerCortex_ClientManager_Steam_Setup.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\Removewat Final__9774_il63008.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\sfextra.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\RCX00\AppData\Local\Temp\The Sims 2_uninst.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\ubi1BC0.tmp.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\vcredist_x64.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
C:\Users\RCX00\AppData\Local\Temp\xmlUpdater.exe => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12D99739-FFD3-3761-8AA6-F929E0FE407E}\\SystemComponent => value removed successfully

========= bitsadmin.exe /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9924629 B
Java, Flash, Steam htmlcache => 131451 B
Windows/system/drivers => 7342336 B
Edge => 0 B
Chrome => 549971638 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83458 B
systemprofile32 => 613415 B
LocalService => 132244 B
NetworkService => 692 B
RCX00 => 12439533616 B
Marnel => 442431429 B
Administrator => 13634067 B

RecycleBin => 4290056 B
EmptyTemp: => 12.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:23:45 ====

AdwCleaner[S0].txt

# AdwCleaner v6.000 - Logfile created 20/08/2016 at 09:30:55
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-19.4 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : RCX00 - RCX00-PC
# Running from : C:\Users\RCX00\Downloads\adwcleaner_6.000.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

Service Found:  Program Manager
Service Found:  backlh


***** [ Folders ] *****

Folder Found:  C:\Users\RCX00\AppData\Local\28050
Folder Found:  C:\Users\RCX00\AppData\Local\AppsHat Mobile Apps
Folder Found:  C:\Users\RCX00\AppData\Local\Slick Savings
Folder Found:  C:\Users\RCX00\AppData\Local\torch
Folder Found:  C:\Users\RCX00\AppData\Local\webplayer
Folder Found:  C:\Users\RCX00\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Folder Found:  C:\Users\RCX00\AppData\Local\Webplayer
Folder Found:  C:\Users\RCX00\AppData\Roaming\OpenCandy
Folder Found:  C:\Users\RCX00\AppData\Roaming\tencent
Folder Found:  C:\Users\RCX00\AppData\Roaming\Tencent
Folder Found:  C:\Users\RCX00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Found:  C:\Users\RCX00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Found:  C:\ProgramData\apn
Folder Found:  C:\ProgramData\BitGuard
Folder Found:  C:\ProgramData\Browser Manager
Folder Found:  C:\ProgramData\BrowserProtect
Folder Found:  C:\ProgramData\TweakBit
Folder Found:  C:\ProgramData\Logic Handler
Folder Found:  C:\ProgramData\UltimateSecurityPackage
Folder Found:  C:\ProgramData\UltimateSecurityPackages
Folder Found:  C:\ProgramData\Application Data\apn
Folder Found:  C:\ProgramData\Application Data\BitGuard
Folder Found:  C:\ProgramData\Application Data\Browser Manager
Folder Found:  C:\ProgramData\Application Data\BrowserProtect
Folder Found:  C:\ProgramData\Application Data\TweakBit
Folder Found:  C:\ProgramData\Application Data\Logic Handler
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackage
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackages
Folder Found:  C:\Program Files (x86)\MyPC Backup
Folder Found:  C:\Program Files (x86)\TweakBit
Folder Found:  C:\Program Files (x86)\ContentPush
Folder Found:  C:\Program Files (x86)\Bowdomphocather
Folder Found:  C:\Program Files (x86)\Common Files\ProgramManager
Folder Found:  C:\Program Files (x86)\Common Files\Spigot
Folder Found:  C:\ProgramData\UltimateSecurityPackage
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackage
Folder Found:  C:\ProgramData\UltimateSecurityPackages
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackages
Folder Found:  C:\Users\RCX00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Found:  C:\ProgramData\UltimateSecurityPackage
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackage
Folder Found:  C:\ProgramData\UltimateSecurityPackages
Folder Found:  C:\ProgramData\Application Data\UltimateSecurityPackages


***** [ Files ] *****

File Found:  C:\Windows\SysNative\roboot64.exe
File Found:  C:\END
File Found:  C:\Windows\SysWOW64\findit.xml
File Found:  C:\Users\RCX00\AppData\Local\Temp\Utils.dll


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  PPI Update


***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\Classes\pokki
Key Found:  HKCU\Software\Classes\pokki
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found:  HKU\.DEFAULT\Software\AppDataLow\Software\Settings Manager
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\smarttweak
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\torch
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\Webplayer
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\INSTALLPATH\STATUS
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\mtUltimateSecurityPackage
Key Found:  HKU\S-1-5-21-1618205624-3503738366-1965457278-1000\Software\AppDataLow\Software\Settings Manager
Key Found:  HKU\S-1-5-18\Software\AppDataLow\Software\Settings Manager
Key Found:  HKCU\Software\smarttweak
Key Found:  HKCU\Software\torch
Key Found:  HKCU\Software\Webplayer
Key Found:  HKCU\Software\INSTALLPATH\STATUS
Key Found:  HKCU\Software\mtUltimateSecurityPackage
Key Found:  HKCU\Software\AppDataLow\Software\Settings Manager
Key Found:  HKLM\SOFTWARE\Application Updater
Key Found:  HKLM\SOFTWARE\SafetyNut
Key Found:  HKLM\SOFTWARE\torch
Key Found:  HKLM\SOFTWARE\SAFETYNUT
Key Found:  HKLM\SOFTWARE\MYGAME
Key Found:  HKLM\SOFTWARE\TWEAKBIT
Key Found:  HKLM\SOFTWARE\mtUltimateSecurityPackage
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Key Found:  HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Value Found:  HKCU\Environment [SNF]
Value Found:  HKCU\Environment [SNP]
Key Found:  HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Value Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj []
Value Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj []
Value Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof []
Value Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk []
Value Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp []


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\RCX00\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hbcennhacfaagdopikcegfcobcadeocj
Chrome pref Found:  [C:\Users\RCX00\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - icdlfehblmklkikfigmjhbmmpmkmpooj
Chrome pref Found:  [C:\Users\RCX00\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mhkaekfpcppmmioggniknbnbdbcigpkk
Chrome pref Found:  [C:\Users\RCX00\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pfndaklgolladniicklehhancnlgocpp

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [7398 Bytes] - [20/08/2016 09:30:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7471 Bytes] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Marnel (Administrator) on Sat 02/04/2017 at 11:35:45.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14 

Successfully deleted: C:\Windows\system32\Tasks\Program Manager (Task)
Successfully deleted: C:\Program Files (x86)\GUT45C2.tmp (File) 
Successfully deleted: C:\Users\Marnel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Q19YO81 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marnel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2FOV3AC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marnel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCZN9DSK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marnel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4PBORK7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marnel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV2OB4G6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\system32\REN63C8.tmp (File) 
Successfully deleted: C:\Windows\system32\REN63C9.tmp (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Q19YO81 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2FOV3AC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCZN9DSK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4PBORK7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV2OB4G6 (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/04/2017 at 11:51:12.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 04 February 2017 - 10:25 AM

Were you able to clean what AdwCleaner found? Scan and Clean.
  • favicon-32x32.png Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The log is available throughout History ->Application logs. Please post it contents in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Marnel

Marnel
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:50 PM

Posted 06 February 2017 - 10:39 AM

Report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/6/17
Scan Time: 10:59 PM
Logfile: Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1192
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RCX00-PC\Marnel

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 522755
Time Elapsed: 28 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.Elex, C:\WINDOWS\TEMP\G6B9F.TMP.EXE, Quarantined, [1033], [361532],1.0.1192

Module: 2
Adware.Elex.Generic, C:\PROGRAMDATA\1917G40D34C1840\1917G40D34C1840.DLL, Quarantined, [2143], [363783],1.0.1192
Adware.Elex, C:\WINDOWS\TEMP\G6B9F.TMP.EXE, Quarantined, [1033], [361532],1.0.1192

Registry Key: 6
PUP.Optional.MoviesToolBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}, Quarantined, [8797], [168558],1.0.1192
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{559C4971-DBC5-47B8-BF28-31385B5463A7}, Quarantined, [821], [367412],1.0.1192
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{70EFE01F-F291-41CB-97D2-E10B0192119E}, Quarantined, [821], [361952],1.0.1192
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\UltimateSecurityPackage.exe, Quarantined, [96], [261072],1.0.1192
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1917g40d34c1840, Quarantined, [821], [367417],1.0.1192
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\60a56906b63, Quarantined, [821], [361959],1.0.1192

Registry Value: 4
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [96], [-1],0.0.0
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{559C4971-DBC5-47B8-BF28-31385B5463A7}|PATH, Quarantined, [821], [367412],1.0.1192
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{70EFE01F-F291-41CB-97D2-E10B0192119E}|PATH, Quarantined, [821], [361952],1.0.1192

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\1917g40d34c1840, Quarantined, [821], [367405],1.0.1192

File: 16
Adware.Elex.Generic, C:\PROGRAMDATA\1917G40D34C1840\1917G40D34C1840.DLL, Quarantined, [2143], [363783],1.0.1192
Adware.Elex, C:\WINDOWS\TEMP\G6B9F.TMP.EXE, Quarantined, [1033], [361532],1.0.1192
PUP.Optional.Linkury.ACMB1, C:\USERS\RCX00\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Quarantined, [96], [302554],1.0.1192
PUP.Optional.Linkury, C:\USERS\RCX00\APPDATA\ROAMING\NOAH.DAT, Quarantined, [398], [258092],1.0.1192
PUP.Optional.Linkury, C:\USERS\RCX00\APPDATA\ROAMING\MD.XML, Quarantined, [398], [258091],1.0.1192
PUP.Optional.Linkury.ACMB1, C:\USERS\RCX00\APPDATA\ROAMING\CONFIG.XML, Quarantined, [96], [302553],1.0.1192
PUP.Optional.Linkury.Gen, C:\USERS\RCX00\APPDATA\ROAMING\JAYTOP.TST, Quarantined, [19837], [261636],1.0.1192
PUP.Optional.Linkury.Generic, C:\USERS\RCX00\APPDATA\ROAMING\AGENT.DAT, Quarantined, [2380], [360491],1.0.1192
PUP.Optional.FindIt, C:\USERS\RCX00\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KT1HIW1C.DEFAULT-1456045267901\PREFS.JS, Replaced, [19756], [301725],1.0.1192
PUP.Optional.Linkury.ACMB1, C:\USERS\RCX00\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KT1HIW1C.DEFAULT-1456045267901\PREFS.JS, Replaced, [96], [302805],1.0.1192
RiskWare.Tool.CK, C:\USERS\RCX00\DOWNLOADS\CHEAT ENGINE 5.4.EXE, Quarantined, [339], [144334],1.0.1192
Adware.Elex, C:\WINDOWS\TEMP\GDCE9.TMP, Quarantined, [1033], [367425],1.0.1192
PUP.Optional.OpenCandy, C:\USERS\RCX00\DOWNLOADS\CHEATENGINE66.EXE, Quarantined, [645], [101648],1.0.1192
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\60a56906b63, Quarantined, [821], [361975],1.0.1192
Trojan.Agent.Generic, C:\ProgramData\1917g40d34c1840\169.tmp, Quarantined, [821], [367405],1.0.1192
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\1917g40d34c1840, Quarantined, [821], [367421],1.0.1192

Physical Sector: 0
(No malicious items detected)


(end)


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 06 February 2017 - 02:48 PM

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Post the contents of the ESET Log.txt report.

Don't forget to re-enable previously switched-off protection software!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Marnel

Marnel
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:50 PM

Posted 07 February 2017 - 12:15 AM

ESET:
C:\AdwCleaner\quarantine\files\agyewoyroqsbdyvallhcnkllmncksnmh\Speedtest Optimizer\Downloader.exe	a variant of Win32/Auslogics.A potentially unwanted application	cleaned by deleting
C:\AdwCleaner\quarantine\files\bicrsxplqdveoojnzmyicrmibcpgcmmu\@A3592ADB-854A-443A-854E-EB92130D470D.xpi	JS/Mindspark.D potentially unwanted application	deleted
C:\AdwCleaner\quarantine\files\eqaguzilemqpzlzpdocnhqbstyoniktm\Faxis.dll	Win32/Toolbar.Linkury.BA potentially unwanted application	cleaned by deleting
C:\AdwCleaner\quarantine\files\eqaguzilemqpzlzpdocnhqbstyoniktm\Rantax.exe	Win64/Toolbar.Linkury.O potentially unwanted application	cleaned by deleting
C:\AdwCleaner\quarantine\files\eqaguzilemqpzlzpdocnhqbstyoniktm\VoyaTip.exe	Win32/Toolbar.Linkury.AZ potentially unwanted application	cleaned by deleting
C:\AdwCleaner\quarantine\files\izwmvrexncqztxesfasfabynjbauhgss\FLV Player\WebPlayer.exe	Win32/Somoto.I potentially unwanted application	cleaned by deleting
C:\FRST\Quarantine\C\Users\RCX00\AppData\Local\Temp\driver-updater-setup.exe.xBAD	a variant of Win32/Auslogics.A potentially unwanted application	cleaned by deleting
C:\Users\Marnel\Desktop\ccsetup526.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\RCX00\Desktop\Folders\MC Files\Mods\1.8.1\luckyblock.exe	a variant of Win32/InstallCore.ADX.gen potentially unwanted application	cleaned by deleting
C:\Users\RCX00\Desktop\Studio\SkinsSpotlights-CreatorSuite\CreatorSuite.exe	a variant of MSIL/Packed.Confuser.N suspicious application	cleaned by deleting
C:\Users\RCX00\Downloads\ccsetup526 (1).exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\RCX00\Downloads\QSG Patch.rar	multiple threats,a variant of Win32/Packed.Themida suspicious application,Win32/Jeefo.A virus	deleted
C:\Users\RCX00\Downloads\RF Philippines - Omni Server by SGN.rar	a variant of Win32/Packed.Themida suspicious application	deleted
C:\Windows\Installer\MSIE860.tmp	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application	cleaned by deleting
C:\Windows\SysWOW64\%TEMP%\InstallManager.exe	Win32/InstallMonetizer.BC potentially unwanted application,a variant of Win32/InstallMonetizer.BC potentially unwanted application,a variant of Win32/InstallMonetizer.BD potentially unwanted application	cleaned by deleting
D:\Games\RF Omni\ccrfg.dll	a variant of Win32/Packed.Themida suspicious application	cleaned by deleting
D:\Games\Universe.Sandbox.2\steam_api.dll	a variant of Win32/HackTool.Crack.DW potentially unsafe application	cleaned by deleting
D:\Games\Universe.Sandbox.2\steam_api64.dll	a variant of Win64/HackTool.Crack.E potentially unsafe application	cleaned by deleting
D:\RCX00-PC\Backup Set 2017-02-06 234637\Backup Files 2017-02-06 234637\Backup files 6.zip	Win32/Bundled.Toolbar.Google.D potentially unsafe application	deleted



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 07 February 2017 - 02:42 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Marnel

Marnel
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:50 PM

Posted 07 February 2017 - 03:47 PM

It's pretty good right now



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 07 February 2017 - 05:59 PM

Congratulations. :)

Read and follow the suggestions given at this web site by Miekiemoes .

 

Best wishes. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:50 AM

Posted 07 February 2017 - 05:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users