Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware on my computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 FireNoodle

FireNoodle

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 08 February 2017 - 07:48 AM

Hi all, Ive been having issues with my computer recently, When In games it sometimes 'shifts' out. 

For example, whenever I play Overwatch just randomly it shows the taskbar ( like when you hit the windows key ). This leads me to believe theres some kind of possible malware on my computer, 

before running ComboFix, I ran at least 4 different virus/malware scanners and found nothing. So as a last resort I used ComboFix and I dont know if it fix it. THough after the scan was done, I did notice at least 40 GB of space from my C drive was freed, so something mustve been deleted. Hopefully it wasn't needed data. 

Told me to post a log and here it is:

 

Attached File  ComboFix.txt   53.1KB   6 downloads

 

 

So, whats wrong? Anything out of the unusual? 

 

Thanks,

Fire Noodle

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 PM

Posted 08 February 2017 - 11:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Wait for further instructions.

#3 FireNoodle

FireNoodle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 14 February 2017 - 07:50 AM

Hi there, 

I download FRST and heres the log, with the addition attached:

Attached File  Addition.txt   167.05KB   2 downloads

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Nathan (administrator) on NATHAN-PC (14-02-2017 20:41:00)
Running from C:\Users\Nathan\Desktop
Loaded Profiles: Nathan (Available Profiles: Nathan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Everything\Everything.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Paramount Software UK Ltd) E:\Other Programs\ReflectService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) D:\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5414\Agent.exe
(Blizzard Entertainment) E:\Battle Net\Battle.net\Battle.net.8293\Battle.net.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
() E:\Battle Net\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Battle Net\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [GoogleChromeAutoLaunch_03D75E4CDB7EC9B07D7B1096AAC5AF87] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [Steam] => D:\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nathan\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-07] (Electronic Arts)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [Spotify Web Helper] => C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-03] (Spotify Ltd)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [Spotify] => C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-03] (Spotify Ltd)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [Battle.net] => E:\Battle Net\Battle.net\Battle.net Launcher.exe [3122152 2016-06-22] (Blizzard Entertainment)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [5788112 2016-12-26] (SecureMix LLC)
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-12-28] (Hermann Schinagl)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{69509B3F-D5BB-4DFB-A1F7-2E6CA0010921}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7B31B981-DE31-4B20-98FB-C4C18028D1FF}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/webhp?hl=en
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = 
SearchScopes: HKU\S-1-5-21-2254207214-3013338899-2718949283-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-28] ()
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-28] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-2254207214-3013338899-2718949283-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2254207214-3013338899-2718949283-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-12-19] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={EFC76ED0-2A98-473A-8BC1-5A5DD36CBC55}&mid=06b3377d965e47d391a96d16b26bfcdb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=2013-04-08 20:27:42&v=13.3.0.17&sap=hp","hxxp://isearch.avg.com/?cid={EFC76ED0-2A98-473A-8BC1-5A5DD36CBC55}&mid=06b3377d965e47d391a96d16b26bfcdb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=2013-04-08 20:27:42&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://start.qone8.com/?type=hp&ts=1401338392&from=smt&uid=ST2000DM001-1CH164_W1E3PGVJXXXXW1E3PGVJ","hxxp://www.challenger.wa.edu.au"
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (BetterTTV) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-04]
CHR Extension: (Angry Birds) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-14]
CHR Extension: (Theme Creator) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-09-05]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (X New Tab Page) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh [2015-03-20]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Play Music) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-11]
CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Full Page Screenshot) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgomjpomoahpeekneidkinhcfjnnhmb [2017-01-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-31]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2016-11-25]
CHR Extension: (Skype) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Tom Clancy The Division - Theme) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamoamjmfcalcljfncbcjcpaciclfkac [2015-09-05]
CHR Extension: (My Chrome Theme) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (Enhanced Steam) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-01-30]
CHR Extension: (Oddshot) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja [2017-02-14]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; E:\Other Programs\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [387856 2016-12-01] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-19] (ESET)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S3 FanControllerService; C:\Program Files (x86)\Recon\fancontroller_service.exe [5221186 2012-06-15] (BitFenix) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4393936 2016-12-26] (SecureMix LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; E:\Autodesk Master Folder\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-07] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-01-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-01-03] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [63488 2017-01-17] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 ReflectService.exe; E:\Other Programs\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-04] (Razer Inc)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-07-09] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-19] (Microsoft Corporation)
S3 mi-raysat_3dsmax2015_64; "E:\alex\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe" [X]
S2 Mobizen plugin; E:\Other Programs\MobizenService\MobizenService.exe [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-05] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-19] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-19] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-19] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-19] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-19] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-19] (ESET)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3539160 2014-09-24] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-08] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-06] (Scarlet.Crush Productions)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 20:41 - 2017-02-14 20:41 - 00042828 _____ C:\Users\Nathan\Desktop\FRST.txt
2017-02-14 20:40 - 2017-02-14 20:41 - 00000000 ____D C:\FRST
2017-02-14 20:40 - 2017-02-14 20:40 - 02422272 _____ (Farbar) C:\Users\Nathan\Desktop\FRST64.exe
2017-02-13 23:03 - 2017-02-13 23:03 - 10487930 _____ C:\Users\Nathan\Desktop\MSInfo.txt
2017-02-12 18:26 - 2017-02-12 20:25 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Everything
2017-02-12 18:26 - 2017-02-12 18:26 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-02-12 18:26 - 2017-02-12 18:26 - 00000000 ____D C:\Program Files\Everything
2017-02-12 18:07 - 2017-02-12 18:07 - 01014086 _____ () C:\Users\Nathan\Downloads\Everything-1.3.4.686.x64.Multilingual-Setup.exe
2017-02-11 22:11 - 2017-02-11 22:11 - 00000000 ____D C:\Users\Nathan\AppData\Local\Gaijin
2017-02-11 22:11 - 2017-02-11 22:11 - 00000000 ____D C:\ProgramData\Gaijin
2017-02-11 16:29 - 2017-02-11 16:30 - 47683808 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\Windows-KB890830-x64-V5.44.exe
2017-02-11 01:47 - 2017-02-11 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-10 19:05 - 2017-02-10 19:06 - 59160068 _____ C:\Users\Nathan\Downloads\DeusExMD-OST-Sampler.zip
2017-02-10 18:41 - 2017-02-10 18:41 - 00000000 ____D C:\Users\Nathan\Documents\Deus Ex -  Mankind Divided
2017-02-10 18:41 - 2017-02-10 18:41 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Eidos Montreal
2017-02-10 18:08 - 2017-02-10 18:08 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2017-02-10 18:08 - 2017-02-10 18:08 - 00000000 ____D C:\Program Files (x86)\NirSoft
2017-02-10 18:07 - 2017-02-10 18:07 - 00361512 _____ C:\Users\Nathan\Downloads\wnetwatcher_setup.exe
2017-02-10 17:57 - 2017-02-10 17:57 - 00000000 ____D C:\Users\Nathan\AppData\Local\GlassWire
2017-02-10 17:57 - 2017-02-10 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-02-10 17:57 - 2017-02-10 17:57 - 00000000 ____D C:\ProgramData\GlassWire
2017-02-10 17:57 - 2017-02-10 17:57 - 00000000 ____D C:\Program Files (x86)\GlassWire
2017-02-10 17:57 - 2015-05-29 12:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2017-02-10 17:57 - 2015-05-29 12:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2017-02-10 17:53 - 2017-02-10 17:57 - 30633160 _____ (SecureMix LLC) C:\Users\Nathan\Downloads\GlassWireSetup.exe
2017-02-08 20:50 - 2017-02-08 20:50 - 00054370 _____ C:\Users\Nathan\Downloads\ComboFix.txt
2017-02-08 20:41 - 2017-02-08 19:08 - 00054370 _____ C:\Users\Nathan\Desktop\ComboFix.txt
2017-02-08 20:39 - 2017-02-08 20:48 - 00031621 _____ C:\Users\Nathan\Downloads\Addition.txt
2017-02-08 19:08 - 2017-02-08 19:08 - 00054370 _____ C:\ComboFix.txt
2017-02-08 18:20 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-08 18:19 - 2017-02-08 18:19 - 05659775 ____R (Swearware) C:\Users\Nathan\Downloads\ComboFix.exe
2017-02-08 18:15 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-08 18:15 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-08 18:15 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-08 18:15 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-08 18:15 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-08 18:15 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-08 18:15 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-08 18:13 - 2017-02-08 19:09 - 00000000 ____D C:\Qoobox
2017-02-08 18:13 - 2017-02-08 18:59 - 00000000 ____D C:\Windows\erdnt
2017-02-08 18:07 - 2017-02-11 01:47 - 00000000 ____D C:\Program Files\CCleaner
2017-02-08 18:07 - 2017-02-08 18:07 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-08 14:10 - 2017-02-08 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-08 13:59 - 2017-02-08 13:59 - 00000000 ____D C:\Users\Nathan\AppData\Local\Tempzxpsigne95724be8ba425db
2017-02-08 13:59 - 2017-02-08 13:59 - 00000000 ____D C:\Users\Nathan\AppData\Local\Tempzxpsignce56c83f35ad112f
2017-02-08 13:44 - 2017-02-08 13:44 - 00000000 ____D C:\Windows\pss
2017-02-07 12:38 - 2017-02-07 12:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 12:38 - 2017-02-07 12:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-07 01:58 - 2017-02-07 02:20 - 00000000 ____D C:\ProgramData\SophosClean
2017-02-07 01:30 - 2017-02-13 23:18 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-07 01:30 - 2017-02-13 23:17 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-07 01:30 - 2017-02-13 23:17 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-07 01:30 - 2017-02-13 23:17 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-07 01:30 - 2017-02-13 23:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-07 01:30 - 2017-02-07 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-07 01:30 - 2017-02-07 01:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-07 01:30 - 2017-02-07 01:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-07 01:30 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-07 01:18 - 2017-02-07 01:19 - 55566792 _____ (Malwarebytes ) C:\Users\Nathan\Downloads\mb3-setup-SEMFD.100SEM-3.0.6.1469.exe
2017-02-05 00:42 - 2017-02-05 00:42 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\BetterDiscord
2017-02-05 00:40 - 2017-02-05 00:40 - 00282071 _____ C:\Users\Nathan\Downloads\BD0.2.82Windows.zip
2017-02-04 01:36 - 2017-02-14 20:31 - 00000000 ____D C:\Users\Nathan\Desktop\begonehacker
2017-02-04 01:22 - 2017-02-04 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-04 01:22 - 2017-02-04 01:22 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-02-04 01:18 - 2017-02-04 01:21 - 162431744 _____ (Sophos Limited) C:\Users\Nathan\Downloads\Sophos Virus Removal Tool.exe
2017-02-04 01:06 - 2017-02-04 01:06 - 00000044 _____ C:\Users\Nathan\Desktop\LoLLogin.txt
2017-02-02 20:10 - 2017-02-02 20:10 - 01613229 _____ C:\Users\Nathan\Desktop\Mail - nathan king - Outlook.html
2017-02-02 20:10 - 2017-02-02 20:10 - 00049940 _____ C:\Users\Nathan\Downloads\Adv Dip Games Timetable.pdf
2017-02-02 20:10 - 2017-02-02 20:10 - 00000000 ____D C:\Users\Nathan\Desktop\Mail - nathan king - Outlook_files
2017-02-01 17:39 - 2017-02-01 17:39 - 00000148 _____ C:\Users\Nathan\Desktop\promotion.txt
2017-01-31 18:02 - 2017-01-31 18:02 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\SUPERHOT_Team
2017-01-31 18:02 - 2017-01-31 18:02 - 00000000 ____D C:\Users\Nathan\AppData\Local\SUPERHOT_Sp_z_o.o
2017-01-30 23:25 - 2017-01-30 23:25 - 00000126 _____ C:\Users\Nathan\Desktop\reececuckedhimself.txt
2017-01-29 18:28 - 2017-01-29 18:28 - 00409079 _____ C:\Users\Nathan\Desktop\1Untitled.wma
2017-01-26 15:45 - 2017-02-11 02:31 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\The Witness
2017-01-26 03:47 - 2017-01-26 03:47 - 00000096 _____ C:\Users\Nathan\Desktop\g2a and school logins.txt
2017-01-25 18:05 - 2017-01-25 18:05 - 00301319 _____ C:\Users\Nathan\Documents\test.wma
2017-01-25 18:04 - 2017-01-25 18:04 - 00283359 _____ C:\Users\Nathan\Desktop\test.wma
2017-01-25 18:01 - 2017-01-25 18:01 - 00395609 _____ C:\Users\Nathan\Desktop\6775765.wma
2017-01-25 16:13 - 2017-01-20 22:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-01-25 16:11 - 2017-01-24 07:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-25 16:11 - 2017-01-24 07:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 34934720 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 28209720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 19008392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 14677456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 14286392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-01-25 16:11 - 2017-01-21 00:36 - 11123424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 03623992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 03185720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00990264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00412720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00173272 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00156792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00150760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00135840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-01-25 16:11 - 2017-01-21 00:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-01-25 16:11 - 2017-01-21 00:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-01-25 14:47 - 2017-01-21 02:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-25 13:57 - 2017-01-06 09:10 - 00158264 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-25 13:57 - 2017-01-06 09:10 - 00126008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-25 13:57 - 2017-01-06 09:10 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-22 13:56 - 2017-01-22 13:56 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-01-17 14:21 - 2017-01-17 14:21 - 00108544 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
2017-01-17 14:21 - 2017-01-17 14:21 - 00098304 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2017-01-17 14:21 - 2017-01-17 14:21 - 00042496 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-14 20:40 - 2016-06-11 01:24 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-02-14 20:39 - 2015-07-20 17:13 - 00000000 ____D C:\Users\Nathan\AppData\Local\Battle.net
2017-02-14 20:36 - 2015-01-14 17:17 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Origin
2017-02-14 20:01 - 2016-03-07 15:50 - 00000000 ___RD C:\Users\Nathan\AppData\Local\Akamai
2017-02-14 20:00 - 2015-09-09 16:37 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-14 19:21 - 2015-03-02 21:35 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Spotify
2017-02-14 18:04 - 2015-08-16 20:23 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashDumps
2017-02-14 17:03 - 2016-02-20 19:15 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\vlc
2017-02-14 15:00 - 2015-09-09 16:37 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-14 14:12 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-14 14:12 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-14 14:11 - 2016-07-19 01:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-14 14:11 - 2015-01-14 15:23 - 00000000 ____D C:\Users\Nathan\AppData\Local\Adobe
2017-02-14 14:07 - 2009-07-14 13:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-14 14:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-02-14 14:01 - 2016-09-26 15:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\Spotify
2017-02-14 14:01 - 2015-06-02 01:15 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-14 14:01 - 2015-03-16 23:06 - 00000000 ____D C:\Users\Nathan\AppData\Local\LogMeIn Hamachi
2017-02-14 14:01 - 2015-01-14 18:54 - 00000000 ____D C:\ProgramData\Origin
2017-02-14 14:00 - 2015-01-14 14:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-02-14 14:00 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-13 23:23 - 2015-02-01 02:07 - 00007646 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2017-02-13 23:16 - 2016-03-08 22:50 - 00000000 ____D C:\Users\Nathan\Documents\Visual Studio 2013
2017-02-13 20:41 - 2016-03-08 22:50 - 00000000 ____D C:\Users\Nathan\Documents\Visual Studio 2015
2017-02-13 16:13 - 2015-02-17 23:44 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\uTorrent
2017-02-12 17:52 - 2015-01-22 01:52 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-02-12 03:25 - 2015-01-28 18:06 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
2017-02-11 16:51 - 2015-01-14 18:28 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-02-11 16:30 - 2015-01-15 13:33 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-08 19:09 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-02-08 18:46 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2017-02-08 18:44 - 2009-07-14 10:34 - 24903680 _____ C:\Windows\system32\config\SYSTEM.bak
2017-02-08 18:44 - 2009-07-14 10:34 - 204996608 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-02-08 18:44 - 2009-07-14 10:34 - 15204352 _____ C:\Windows\system32\config\DEFAULT.bak
2017-02-08 18:44 - 2009-07-14 10:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-02-08 18:44 - 2009-07-14 10:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2017-02-08 18:19 - 2015-01-15 01:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Ubisoft Game Launcher
2017-02-08 14:10 - 2015-09-09 16:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 13:13 - 2015-01-14 18:54 - 00000000 ____D C:\Program Files (x86)\Origin
2017-02-07 01:20 - 2016-11-06 15:36 - 00000000 ____D C:\AdwCleaner
2017-02-04 01:21 - 2017-01-13 23:58 - 00000169 _____ C:\Users\Nathan\BullseyeCoverageError.txt
2017-01-31 21:25 - 2016-12-24 19:54 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\obs-studio
2017-01-31 21:17 - 2016-12-24 19:54 - 00000879 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-01-29 20:56 - 2015-08-28 02:40 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\codelite
2017-01-25 16:13 - 2016-03-08 01:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-25 16:13 - 2015-01-28 18:05 - 00000000 ____D C:\ProgramData\Skype
2017-01-25 16:13 - 2015-01-13 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-25 16:13 - 2015-01-13 15:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-25 16:12 - 2015-01-13 15:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-25 14:47 - 2016-12-15 18:21 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-22 21:44 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-09 17:51 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-09 17:51 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-09 17:51 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-09 17:51 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2016-09-09 17:51 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 14:47 - 2015-01-13 15:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 04:04 - 2016-12-15 18:21 - 00005701 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-24 07:04 - 2016-07-07 17:18 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 01:32 - 2016-01-03 01:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\UNDERTALE
2017-01-22 14:23 - 2015-01-14 15:24 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 13:57 - 2015-08-03 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 13:57 - 2015-01-14 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 13:57 - 2015-01-14 15:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 13:56 - 2016-01-23 14:48 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 13:56 - 2015-08-03 19:11 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-22 13:56 - 2015-08-03 19:10 - 00000000 ____D C:\Program Files\Java
2017-01-22 13:35 - 2015-10-31 23:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 02:39 - 2016-09-09 17:51 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-21 02:39 - 2016-09-09 17:51 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-21 02:39 - 2016-09-09 17:51 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-21 02:39 - 2016-09-09 17:51 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-21 02:39 - 2016-09-09 17:51 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-21 00:36 - 2016-12-15 20:38 - 16403200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-01-21 00:36 - 2016-12-15 20:38 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-01-21 00:36 - 2016-11-30 16:34 - 01051072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-01-21 00:36 - 2016-10-27 01:03 - 00496680 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-01-21 00:36 - 2016-07-19 01:33 - 19092912 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-01-21 00:36 - 2016-07-19 01:33 - 16491120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-01-21 00:36 - 2016-07-19 01:33 - 13378448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-01-21 00:36 - 2016-07-19 01:33 - 04065808 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-21 00:36 - 2016-07-19 01:33 - 03585120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-21 00:36 - 2015-01-13 23:03 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-21 00:36 - 2015-01-13 23:03 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-21 00:36 - 2015-01-13 23:02 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 23:13 - 2016-07-19 01:35 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 23:13 - 2016-07-19 01:35 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 23:13 - 2016-07-19 01:35 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 23:13 - 2016-07-19 01:35 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 23:13 - 2016-07-19 01:35 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 23:13 - 2015-12-22 00:42 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 23:13 - 2015-12-22 00:42 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 22:04 - 2016-09-09 17:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-20 21:36 - 2016-12-15 18:21 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-19 16:47 - 2015-01-14 18:28 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-01-18 20:57 - 2015-01-13 23:03 - 07755067 _____ C:\Windows\system32\nvcoproc.bin
2017-01-17 14:10 - 2016-05-12 21:29 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-17 14:10 - 2016-05-12 21:29 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\discord
2017-01-17 14:10 - 2016-05-12 21:29 - 00000000 ____D C:\Users\Nathan\AppData\Local\Discord
 
==================== Files in the root of some directories =======
 
2016-04-12 00:19 - 2016-10-02 23:30 - 0000132 _____ () C:\Users\Nathan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-16 23:52 - 2016-05-16 23:52 - 0000132 _____ () C:\Users\Nathan\AppData\Roaming\Adobe Targa Format CS6 Prefs
2016-06-12 19:02 - 2016-06-13 19:21 - 0000034 _____ () C:\Users\Nathan\AppData\Roaming\AdobeWLCMCache.dat
2015-01-14 14:52 - 2016-11-03 20:04 - 2370560 _____ () C:\Users\Nathan\AppData\Local\file__0.localstorage
2015-09-08 23:51 - 2015-09-08 23:51 - 0002023 _____ () C:\Users\Nathan\AppData\Local\recently-used.xbel
2015-02-01 02:07 - 2017-02-13 23:23 - 0007646 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx0f3c
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx18af
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx1f6c
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx20f4
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx254d
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx25ae
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Nathan\AppData\Local\Tempdivx2c43
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx44eb
2015-06-17 01:24 - 2015-06-17 01:24 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx4bc3
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx513e
2015-07-13 18:16 - 2015-07-13 18:16 - 0043494 _____ () C:\Users\Nathan\AppData\Local\Tempdivx52e2
2015-06-07 18:44 - 2015-06-07 18:44 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx55b9
2015-06-02 01:07 - 2015-06-02 01:07 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx64f7
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx66c2
2015-07-13 18:20 - 2015-07-13 18:20 - 0043494 _____ () C:\Users\Nathan\AppData\Local\Tempdivx66f0
2015-06-07 18:44 - 2015-06-07 18:44 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx6918
2015-06-06 15:42 - 2015-06-06 15:42 - 0022424 _____ () C:\Users\Nathan\AppData\Local\Tempdivx6a46
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivx6f2e
2015-06-09 23:04 - 2015-06-09 23:04 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx764c
2015-06-06 15:41 - 2015-06-06 15:41 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx7f22
2015-06-17 21:38 - 2015-06-17 21:38 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx802a
2015-06-06 15:42 - 2015-06-06 15:42 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx8605
2015-06-17 01:25 - 2015-06-17 01:25 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivx9418
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivxa544
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Nathan\AppData\Local\Tempdivxb240
2015-06-17 01:24 - 2015-06-17 01:24 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxbd97
2015-06-02 01:07 - 2015-06-02 01:07 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxbe30
2015-07-13 23:40 - 2015-07-13 23:40 - 0043494 _____ () C:\Users\Nathan\AppData\Local\Tempdivxc29a
2015-06-18 17:51 - 2015-06-18 17:51 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxc9d2
2015-06-17 01:24 - 2015-06-17 01:24 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxcde2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivxda7d
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Nathan\AppData\Local\Tempdivxe584
2015-06-02 17:14 - 2015-06-02 17:14 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxe5ee
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivxe8c8
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Nathan\AppData\Local\Tempdivxe91e
2015-06-17 01:25 - 2015-06-17 01:25 - 0043682 _____ () C:\Users\Nathan\AppData\Local\Tempdivxe9d8
2015-06-03 00:51 - 2015-06-03 00:51 - 0000000 _____ () C:\Users\Nathan\AppData\Local\{5477F1AC-AA17-43FF-A9B2-DEB99E52761B}
2015-03-19 00:39 - 2015-03-19 00:39 - 0000000 _____ () C:\Users\Nathan\AppData\Local\{613CFD23-19C9-405A-8586-D1812B75EC68}
2016-03-20 23:41 - 2016-03-20 23:41 - 0000000 _____ () C:\Users\Nathan\AppData\Local\{A7367C9F-E2DB-4D86-8809-8B53C73C0D08}
2017-01-05 04:01 - 2017-01-05 04:01 - 0000000 _____ () C:\Users\Nathan\AppData\Local\{D2000D10-61F3-46DA-B4DE-7E00B8CA66F6}
2015-03-19 00:39 - 2015-03-19 00:39 - 0000000 _____ () C:\Users\Nathan\AppData\Local\{D841DE4C-8FD9-4067-8F92-6898D0808D56}
2015-12-05 02:46 - 2016-12-24 23:29 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 18:21 - 2017-01-25 13:57 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 18:21 - 2017-01-25 04:04 - 0005701 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-02-12 17:52 - 2017-02-12 17:52 - 0192512 _____ () C:\Users\Nathan\AppData\Local\Temp\sfamcc00001.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-02 20:39
 
==================== End of FRST.txt ============================
 
 
 
 
 
Also, I think i've narrowed down the problems to Akami Net Session interface, theres problems with it no having proper access to the directory. I've posted it in the attachments, worth looking at. This has always been a problem, and the constant 'Fullscreen, focusing desktop changing' problem has not gone away. Also now games like overwatch has been 'stuttering', an issue i had so long ago I found malware and quarantined it. 
Attached File  COULDITBE.PNG   514.77KB   0 downloads
Attached File  COULDITBE2.PNG   520.68KB   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 PM

Posted 14 February 2017 - 08:41 AM


ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
---


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2254207214-3013338899-2718949283-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={EFC76ED0-2A98-473A-8BC1-5A5DD36CBC55}&mid=06b3377d965e47d391a96d16b26bfcdb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=2013-04-08 20:27:42&v=13.3.0.17&sap=hp","hxxp://isearch.avg.com/?cid={EFC76ED0-2A98-473A-8BC1-5A5DD36CBC55}&mid=06b3377d965e47d391a96d16b26bfcdb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=2013-04-08 20:27:42&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://start.qone8.com... (long line)
CHR Extension: (BetterTTV) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
S3 mi-raysat_3dsmax2015_64; "E:\alex\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe" [X]
S2 Mobizen plugin; E:\Other Programs\MobizenService\MobizenService.exe [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
AlternateDataStreams: C:\Users\Nathan:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:BC359956 [127]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.


Is the problem still with the overwatch game or others games also.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 PM

Posted 20 February 2017 - 09:10 AM

Are you still with me.

#6 FireNoodle

FireNoodle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 20 February 2017 - 10:36 AM

Hi there, 

Sorry for not replying. 

Just mark the thread as solved.

 

I think what the problem was the akami Net Session interface not having sufficient permissions. After I went into the folders and gave my user admin ownership the issue just went away I guess. I no longer see lines of events under Akami Net Session interface, meaning its practically fixed! 

 

After running all these virus/malware scanners they've deleted some needed programs, like Zoek.exe deleting my uttorrent file, (i'm guessing thats what  'autoclean', did in the console text line. Or Combofix deleting 40GB of data off my c drive (hopefully it wasn't needed?).

 

Out of all of them though, i've not found a single infected file. 

So therefore, if anyone has the same problem as me, just go to your Akami Net Session Folder in c/users/ur name/ AppData/Local: and then set ownership from Administrators to your login name. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users