Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Remove Launchpage.org Browser Hijack


  • This topic is locked This topic is locked
36 replies to this topic

#1 jackwill

jackwill

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 02 March 2017 - 07:31 PM

Hello

 

Several days ago I got browser hijacked by launchpage.org. It infected all three of my browsers Google Chrome, Firefox, and Internet Explorer. I fixed IE and Chrome by resetting those browsers. However I can't remove it from Firefox. Launchpage.org is my start page now no matter what I do including refreshing Firefox, restoring start page to default and to my original start page. To make matters worse I can't find launchpage.org anywhere in my system It's not in program files, add/remove programs, the registry, startup, services,  and not in processes when I open task manager. I have removed all addons and extensions from Firefox as well. I have re-posted here in this forum at the request of boopme

I'm running Windows 7

 

Thank you for your help

Jack

 

 

First.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by DD (administrator) on DD-PC (02-03-2017 16:11:48)
Running from C:\Users\DD\Downloads
Loaded Profiles: DD (Available Profiles: DD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
BootExecute:
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{6A6749DD-6616-4DC1-934D-046B85D9E893}: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{AF680BDF-F279-4EC0-805C-669D3BFE205D}: [DhcpNameServer] 64.59.160.13 64.59.161.68

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 [2017-03-02]
FF Homepage: Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 -> hxxp://www.drudgereport.com/
FF Extension: (Adblock Plus) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-27]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\features\{73583fa8-eaf6-41dc-b560-b65689ab28ce}\disableSHA1rollout@mozilla.org.xpi [2017-03-01]
FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\features\{73583fa8-eaf6-41dc-b560-b65689ab28ce}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
FF Extension: (G Data BankGuard) - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2016-11-17] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: @my.com/Games -> C:\Users\DD\AppData\Local\MyComGames\NPMyComDetector.dll [2016-10-08] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js [2017-02-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\22947107.cfg [2017-02-27] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2017-03-01]
CHR Extension: (YouTube) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (Adobe Acrobat) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (AdBlock) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28]
CHR Extension: (Skype) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-22] (SUPERAntiSpyware.com)
S4 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-27] (SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S4 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [858632 2010-10-19] (MicroWorld Technologies Inc.)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () [File not signed]
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [59256 2012-02-18] (G Data Software AG)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-03-02] ()
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-02] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U4 bdselfpr; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U0 SR; no ImagePath
U2 SRService; no ImagePath
U4 vsserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 16:11 - 2017-03-02 16:12 - 00021754 _____ C:\Users\DD\Downloads\FRST.txt
2017-03-02 16:10 - 2017-03-02 16:10 - 02423808 _____ (Farbar) C:\Users\DD\Downloads\FRST64.exe
2017-03-01 16:30 - 2017-03-01 16:30 - 00001239 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-03-01 16:29 - 2017-03-01 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-03-01 16:29 - 2017-03-01 16:29 - 00001057 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-01 16:27 - 2017-03-01 16:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-01 16:23 - 2017-03-01 16:23 - 02622304 _____ (Kaspersky Lab) C:\Users\DD\Downloads\kss16.0.0.1344en_9702.exe
2017-03-01 16:17 - 2017-03-01 16:17 - 00009746 _____ C:\Users\DD\Desktop\AdwCleaner[C2].txt
2017-03-01 16:02 - 2017-03-01 16:02 - 04031440 _____ C:\Users\DD\Downloads\AdwCleaner(3).exe
2017-02-28 20:06 - 2017-02-28 20:06 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(2).exe
2017-02-28 15:48 - 2017-02-28 15:48 - 02870984 _____ (ESET) C:\Users\DD\Downloads\esetsmartinstaller_enu.exe
2017-02-28 15:47 - 2017-02-28 15:47 - 00005101 _____ C:\Users\DD\Desktop\JRT.txt
2017-02-28 15:43 - 2017-02-28 15:43 - 01663040 _____ (Malwarebytes) C:\Users\DD\Downloads\JRT.exe
2017-02-28 15:34 - 2017-02-28 15:34 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(1).exe
2017-02-28 15:33 - 2017-02-28 15:33 - 00042454 _____ C:\Users\DD\Desktop\MTB1.txt
2017-02-28 15:30 - 2017-02-28 15:33 - 00042454 _____ C:\Users\DD\Downloads\MTB.txt
2017-02-28 15:29 - 2017-02-28 15:29 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(2).exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox.exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(1).exe
2017-02-28 02:20 - 2017-02-28 02:20 - 04015056 _____ C:\Users\DD\Downloads\adwcleaner_6.043.exe
2017-02-28 01:32 - 2017-02-28 01:32 - 09261616 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup527.exe
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-27 19:06 - 2017-02-27 19:06 - 11581544 _____ (SurfRight B.V.) C:\Users\DD\Downloads\hitmanpro_x64.exe
2017-02-27 19:02 - 2017-02-27 19:02 - 48750920 _____ C:\Users\DD\Downloads\BDPUARLauncher.exe
2017-02-27 19:01 - 2017-02-27 19:02 - 00000000 ____D C:\Users\DD\AppData\Local\NPE
2017-02-27 19:01 - 2017-02-27 19:01 - 03423928 _____ (Symantec Corporation) C:\Users\DD\Downloads\NPE.exe
2017-02-27 19:01 - 2017-02-27 19:01 - 00000000 ____D C:\ProgramData\Norton
2017-02-27 16:00 - 2016-08-22 11:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-02-23 14:33 - 2017-03-02 16:04 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-02-20 00:22 - 2017-02-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-20 00:05 - 2017-02-28 23:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-20 00:05 - 2017-02-20 01:00 - 00000000 ____D C:\Users\DD\Documents\Heroes of the Storm
2017-02-15 15:21 - 2017-02-15 15:21 - 00000000 ____D C:\Users\DD\ansel
2017-02-14 19:11 - 2017-02-09 14:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 19:06 - 2017-02-09 16:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-14 19:06 - 2017-02-09 16:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-04 17:04 - 2017-01-20 10:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-01 20:03 - 2017-02-01 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 16:11 - 2013-11-02 11:48 - 00000000 ___DC C:\FRST
2017-03-02 16:11 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 16:11 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 16:06 - 2016-11-18 15:24 - 00000000 ____D C:\Users\DD\AppData\LocalLow\Mozilla
2017-03-02 16:06 - 2011-02-18 12:20 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E46314-3DC2-4210-B488-0F78D666A3BA}
2017-03-02 16:05 - 2015-08-27 15:55 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-02 16:04 - 2016-06-24 13:48 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-03-02 16:04 - 2016-06-24 13:48 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-03-02 16:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 02:19 - 2012-04-03 09:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-02 02:16 - 2013-11-26 14:52 - 00000000 ____D C:\Users\DD\AppData\Local\Battle.net
2017-03-01 19:36 - 2013-11-26 14:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-01 19:36 - 2013-07-10 07:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-03-01 16:09 - 2013-08-20 13:56 - 00000000 ___DC C:\AdwCleaner
2017-03-01 16:05 - 2015-03-10 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-03-01 02:06 - 2013-11-26 14:53 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-01 02:06 - 2012-05-23 10:56 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-02-28 18:24 - 2012-06-23 19:40 - 00000000 ____D C:\Users\DD\AppData\Roaming\Skype
2017-02-28 02:28 - 2010-08-12 13:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-27 16:18 - 2012-07-13 08:43 - 02229885 _____ C:\Users\DD\AppData\Local\census.cache
2017-02-27 16:18 - 2012-07-13 08:43 - 00107222 _____ C:\Users\DD\AppData\Local\ars.cache
2017-02-27 16:10 - 2014-03-05 14:31 - 00000010 _____ C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2017-02-27 01:26 - 2016-11-17 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-27 01:26 - 2016-06-24 13:29 - 00002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-27 01:26 - 2014-12-25 00:08 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-27 01:26 - 2010-06-05 12:49 - 00001633 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-24 02:34 - 2013-11-07 00:04 - 00000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2017-02-23 18:15 - 2015-07-10 23:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 15:31 - 2013-08-14 23:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-22 15:27 - 2010-06-05 13:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 14:50 - 2011-11-12 09:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-21 19:39 - 2014-08-22 17:01 - 00000000 ____D C:\Users\DD\AppData\Local\Adobe
2017-02-21 19:39 - 2012-04-03 09:13 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 19:39 - 2012-04-03 09:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-21 19:39 - 2011-11-21 10:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 19:39 - 2011-05-18 14:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 19:39 - 2010-02-11 06:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 00:57 - 2011-12-07 14:40 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-02-15 15:21 - 2010-06-05 12:48 - 00000000 ____D C:\Users\DD
2017-02-14 19:12 - 2015-08-28 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 19:12 - 2015-08-27 15:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 19:12 - 2012-03-19 11:53 - 00000000 ___DC C:\temp
2017-02-14 19:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-14 19:11 - 2016-03-11 01:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 16:52 - 2016-12-14 18:09 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 16:52 - 2016-12-05 16:52 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-09 16:52 - 2016-11-26 23:57 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 16:52 - 2016-11-18 21:53 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 16:52 - 2016-09-01 21:54 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 15:13 - 2016-10-07 20:54 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-09 14:57 - 2015-12-24 02:22 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 14:57 - 2015-12-24 02:22 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 14:57 - 2015-08-28 16:04 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 14:57 - 2015-08-28 11:30 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-04 17:09 - 2009-07-13 21:13 - 00818406 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 17:06 - 2016-10-07 20:54 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:05 - 2015-08-27 15:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-04 17:05 - 2015-08-27 15:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 23:40 - 2014-09-21 12:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-03 23:40 - 2012-06-23 19:39 - 00000000 ____D C:\ProgramData\Skype
2017-02-02 14:20 - 2010-06-05 12:49 - 00117528 _____ C:\Users\DD\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-02 14:18 - 2009-07-13 20:45 - 00443272 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-01 20:07 - 2010-06-05 18:49 - 00831412 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-01 20:07 - 2010-06-05 13:18 - 00000376 _____ C:\Windows\ODBC.INI
2017-02-01 20:06 - 2010-06-05 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-01 20:06 - 2009-07-13 18:34 - 00000629 _____ C:\Windows\win.ini
2017-02-01 20:03 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew

==================== Files in the root of some directories =======

2016-11-05 01:39 - 2016-11-05 01:39 - 0000048 ____H () C:\Program Files (x86)\pkid37rhrq.dat
2012-07-13 08:43 - 2017-02-27 16:18 - 0107222 _____ () C:\Users\DD\AppData\Local\ars.cache
2012-07-13 08:43 - 2017-02-27 16:18 - 2229885 _____ () C:\Users\DD\AppData\Local\census.cache
2011-12-13 12:24 - 2011-12-13 12:24 - 0000090 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\Users\DD\AppData\Local\hm574rin7weu6s02i
2011-02-06 12:58 - 2011-02-06 12:58 - 0000036 _____ () C:\Users\DD\AppData\Local\housecall.guid.cache
2012-04-10 07:58 - 2012-10-09 10:38 - 0007610 _____ () C:\Users\DD\AppData\Local\Resmon.ResmonCfg
2014-03-05 14:31 - 2017-02-27 16:10 - 0000010 _____ () C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2011-10-12 14:45 - 2011-10-12 14:45 - 0017408 _____ () C:\Users\DD\AppData\Local\WebpageIcons.db
2010-11-07 13:06 - 2010-11-11 01:21 - 0079990 _____ () C:\ProgramData\bdinstall.bin
2016-06-24 13:39 - 2016-06-24 13:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\ProgramData\hm574rin7weu6s02i

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 17:59

==================== End of FRST.txt ============================



FRST.Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by DD (02-03-2017 16:12:44)
Running from C:\Users\DD\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-05 20:48:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081963628-3576801843-3607325219-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3081963628-3576801843-3607325219-1009 - Limited - Enabled)
DD (S-1-5-21-3081963628-3576801843-3607325219-1000 - Administrator - Enabled) => C:\Users\DD
Guest (S-1-5-21-3081963628-3576801843-3607325219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081963628-3576801843-3607325219-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Armored Warfare MyCom (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Armored Warfare MyCom) (Version: 1.103 - My.com B.V.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ET6 B15.0210.1 (HKLM-x32\...\InstallShield_{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}) (Version: 1.00.0000 - GIGABYTE)
ET6 B15.0210.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
Lunascape6 (All Users) (HKLM-x32\...\Lunascape6) (Version: 6.15.0.27562 - Lunascape)
MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 2.0.09 - Samsung Electronics Ltd.)
Media Player Classic - Home Cinema 1.6.1.4235 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\MyComGames) (Version: 3.176 - My.com B.V.)
NCTAudioConvert ActiveX EXE Server 2.7.3 (HKLM-x32\...\NCTAudioConvert ActiveX EXE Server_is1) (Version:  - NCT Company)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Quake 4™ (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
Quake 4™ (x32 Version: 1.0 - Activision) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{a36eb0e8-1b0f-43ec-a749-5f106086fd5a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{cec74eaf-e465-4472-83c4-90a5185b20b1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01232810-1D65-48CF-977A-CE198FA91053} - System32\Tasks\{B850934B-F695-40AB-A01D-B360393C4558} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {049A0173-1937-4B95-82E9-2C218C20C18B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {0830E9AF-2BAC-4415-9F60-EF1DA45815F9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1F2039ED-413C-456D-A5FF-6E32DC384CED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {27292ABE-3C6E-4978-BB73-BCADE4444B8E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {2D7AAFC5-D733-4507-9FD2-D775ED7E4CAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {2F939884-B4BF-4354-AE7A-EE0F0B8BEBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2FC83FAC-AE00-49F2-808E-2DDF86854A53} - System32\Tasks\{6AE781BE-1F13-49DA-92AB-3B961936E0CD} => pcalua.exe -a D:\EBR2310.exe -d D:\
Task: {37E0D40B-44CE-4750-A296-C819BEFA4865} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {46C2C4DC-1229-4495-870A-A9EC3F7ED60F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {48455699-7E75-4D20-890A-0E570B7BFD77} - System32\Tasks\{33F632CD-5CC6-4B1C-94AD-37795CD2D93A} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {4D498655-BAFD-4BE2-8FC7-5AE6DA2A10BA} - System32\Tasks\{25C54368-B8DC-4D2F-8806-5B77133FACE1} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {4D8E9700-C2FE-4495-A2E4-DFFCF4D9E81F} - System32\Tasks\{62986EA1-7351-47CF-8B19-C446E3B1C3D7} => pcalua.exe -a C:\Users\DD\Desktop\jre-8u101-windows-i586.exe -d C:\Users\DD\Desktop
Task: {56CAF681-80CF-444B-8FE7-A5035F54EE1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {62A0CC52-6F97-4F2B-AE22-B3ECBB76CEBB} - System32\Tasks\{D3241676-56BB-4791-9D4D-0E8FFD9216DB} => pcalua.exe -a C:\Users\DD\Desktop\Stuff\esetsmartinstaller_enu.exe -d C:\Users\DD\Desktop\Stuff
Task: {7804D17F-A9CA-43BA-9D2A-8B82FCFF67EF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {860C6F97-2EBF-439B-83C5-A971CBB8BEF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93FD64B2-9555-43F2-8BC8-08E6231E3EC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {9F0FE122-7641-4545-8146-89D16CC5D4E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {B25DB6D7-0C97-4F6E-85C8-D17C50B99B87} - System32\Tasks\{5C73714A-E708-41A8-B97B-46EB085DA9E5} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe
Task: {B9019520-FBAC-434C-8265-C118191AE878} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BF6BFDAD-9447-4EA9-AC81-E2B3BECA3C0F} - System32\Tasks\{AF35BDFF-4B9A-4D78-A010-44259A366973} => pcalua.exe -a C:\Users\DD\Desktop\ESETUninstaller.exe -d C:\Users\DD\Desktop
Task: {C2A4BC8D-7CBD-4AD2-A12E-A80C2F799F4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C6955145-9E63-4C3D-8D0A-551C276A79BA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {CA52A7C9-1564-4EA5-A738-995D44FF9144} - System32\Tasks\{B9B97057-9B27-431B-964B-A6BB25F1E077} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {CD58AF5D-877E-4BF7-9AAA-08BFE4F13310} - System32\Tasks\{C01D5F8F-007F-46B4-876C-26BBC136878E} => pcalua.exe -a C:\Users\DD\Desktop\Audio.exe -d C:\Users\DD\Desktop
Task: {DB876364-EFBE-48D6-9F1B-9F3479243790} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DDA11CB3-ADF6-4599-AF27-71EF8570CB67} - System32\Tasks\{D5B63CDB-8C14-41AE-933E-4ED271891E05} => pcalua.exe -a D:\Setup\rsrc\Autorun.exe -d D:\
Task: {EADC365D-FCFD-4709-B691-42755D30B444} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {ED9A1351-1737-4CC3-B2E9-55400BE8ED60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F24ED2F7-183B-4B0D-B0E9-277696031FCF} - System32\Tasks\{7ABE38F0-7692-4D89-BC89-05816D6D4837} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {FAD3725F-28E9-40DD-B33C-D55169FE8C50} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D

==================== Loaded Modules (Whitelisted) ==============

2016-10-07 20:54 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-08-28 11:30 - 2017-02-09 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-08-28 17:26 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2014-12-26 18:29 - 2014-12-26 18:29 - 02895943 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2015-02-10 12:51 - 2015-02-10 12:51 - 00663619 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2014-05-27 14:24 - 2014-05-27 14:24 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2015-02-10 15:14 - 2015-02-10 15:14 - 01503300 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2015-01-07 15:55 - 2015-01-07 15:55 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2015-02-09 19:42 - 2015-02-09 19:42 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2016-10-07 20:54 - 2017-01-20 10:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-10-07 20:54 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-07 20:54 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-24 18:53 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avasdmft => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avas_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avss_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpsec => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7780 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123simsen.com -> www.123simsen.com

There are 7777 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-10-22 01:22 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.160.13 - 64.59.161.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AVKService => 2
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: CSIScanner => 2
MSCONFIG\Services: fshoster => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HitmanPro35Crusader => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: PDAgent => 2
MSCONFIG\Services: PDEngine => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Argus Monitor => "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe"
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VIAxHCUtl => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B3CDC5D-8603-404B-93AA-8764ED5AC9C3}] => (Allow) svchost.exe
FirewallRules: [{6D320AE6-E627-4DCA-9B3B-B454F9A1C6DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{DBE8DBC1-0A02-4DF2-87E2-45E754FD3E3A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{83D10DFF-F660-480B-A4DB-2564E9BB892E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{44EAB302-F1B8-43F2-A67B-A7C9E3620D87}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [UDP Query User{93EA40DD-4A57-47EC-B877-8BB1FF88D044}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [{7FF8E154-189F-40D3-9068-610E1CED45BD}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{01103AD7-46B8-49AD-B1F8-443B58393BCA}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{600522BB-FF44-4B74-B251-22F255A4D19E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A7EF6DA4-BF0A-4C9E-9A3A-5BBFE871B2DE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{7214E08F-066D-4495-97ED-039BB5B127A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F5783D21-5A92-44E7-A36D-FA88CCF0F6E9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F8E2756A-B0A1-4B13-BEBD-55CABFCCD0A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{9C5FB8F3-25C5-4EF0-8AB0-8E0F3115A0F9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{1816DAFC-C604-4AA2-A71A-AD6D096CBEAE}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{D19BE041-FDC9-4D73-9788-82F9A334D4D0}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{B723C3A0-0925-4D80-8391-015B07C63E43}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{3CD327F3-F21C-4845-8111-D8AE36D9D461}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{E991B7A5-D15A-4F7E-8324-BAA7385E81C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{875D33CD-BD12-4770-8C36-88A6243B6F46}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BDEA8D8D-0DE6-4B9C-8402-2705587A20E8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D8B5146C-0CAA-4A86-84E8-D6915A86D99D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{DB3549EE-3113-4D21-BD6B-18EAF3C85066}] => (Allow) C:\Users\DD\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{19CB3872-96A8-4518-AC3F-DD65F2F70B51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98FB41C4-F665-4E94-851D-D5997A316A22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{DFFF9073-27F7-4CCB-AE59-E3E82793CEEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{51BBB2EA-B46D-4E87-9997-657A251D05F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{390DA61B-230B-47C4-A9BD-66F4228C9AD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{80641D2D-6D7B-4AD8-B988-8DCDDD5666AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47FB3F3B-4985-4CC4-8529-CF4B5FA44175}] => (Allow) LPort=2869
FirewallRules: [{A0C1B516-BD34-409D-8713-E3771913222E}] => (Allow) LPort=1900
FirewallRules: [{13C5846F-D709-4D22-96F4-DC2077DF9174}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{9CAFC448-2D40-42B2-8A9E-E541FF2EBECC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3092163A-68F0-42CE-8A95-0101CA3CFEBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{8ECE94C9-11AF-45F3-A369-1FA1CBBAF21D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B01EEC42-B309-4DDE-8C7B-ECEB71FFEBD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{7C0E6DDB-25B3-486C-A0D2-3EB8D2B9DBBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E3E282AE-0DE0-489A-90CD-7F449CD64A5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{F7837662-1D3C-458B-AE87-8E3A87072F71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{2200A122-CCD2-481C-831F-8FCB6C88AB40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{BD46F62F-8031-480C-8583-EF11B4941CEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{E75CB423-2657-4159-A217-FE48138BF2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{464D9D5B-2687-4857-BE05-42164BB194BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{D0C63D1B-CB3A-46AC-97D9-4AD7CF83388C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D66898F8-9166-4B8F-BFBE-D92BA85A9BFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{2D7A391F-D793-4E0E-B23E-1772BB2814DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4CD07BCF-420C-44E1-8C03-759FAACC3540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{877DB920-8CC1-4263-871E-E6B732AEC451}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{24897253-0524-4D8D-87F8-FB56DF315D9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8953C8DE-49C2-49B8-906B-0BD50C09AA3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC08CE1D-48B4-4140-93EE-16B542F6B680}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC961CC6-5C62-4955-98FF-2A541C557622}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8C213B41-B795-46F8-BC14-95C384FC22D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8F3F9F60-4F78-4DFA-8DC9-5AAF5840D64B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D88755C4-7827-43D9-B8A0-F3A4089804FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D72CBBC5-118C-499F-A69F-BA9CB7A885B9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B34C2D43-6874-4922-95D8-D8179C93BBD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{4087770E-6CE0-440C-8EAD-40264597B494}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0E8474D3-A8FF-4643-9E33-4D169144D34A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{6FBC18F8-D3BA-4E7F-B2A2-E3CD82EA6DB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{5792377D-896A-4C9D-9CD7-7F6C77DBC1CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7F0E3051-BF20-45D8-BA45-D8A38A4AE154}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ECCEA396-21FF-439D-AE8D-C290A2B0CF0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{4616CF22-3D9A-42AA-8757-62824EAF1926}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{79670772-FFFA-4AB1-95B9-E867BC2E5CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DE2329C-D757-4BC1-8358-B34B21451F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1671A18-FF20-4B47-A2AD-735DA7DA07D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{324D0CE7-97F1-4E04-A4D5-56A3B4614F19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F1866E55-81A9-4921-A32B-DAABC6A1EC36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{656D33AF-431F-4C50-B0CD-DFAA27C866DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{3BA5537F-AA60-4F3A-9D65-65CA76A54C97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{42C75B6D-12DF-471B-BDBE-3F3733684EFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{6A9CDC3B-6A96-4907-94E0-7C32705B3266}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68770589-0360-45C9-A105-713D7873FFBD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{19657FBC-DCF2-45F5-9A66-B29B4D1F30F7}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{F09480F4-9E0B-484A-B8C1-CE9EC4E752D4}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{9C211D39-4783-4DBB-98AB-344A875957D5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CD75C091-F45D-4059-BCDD-C792A8E7FB56}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B497432D-2744-49C6-B862-F259C1827A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9FE4A190-6FBB-4997-985B-8CEBF1B01A74}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0B35F06C-8B93-49E9-95A3-D23DBBCF46F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{351A3B41-419E-486D-9EF3-17A883D52745}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04264010-E756-4802-AECC-7D24630494C2}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{B3DDD109-9F82-4451-9695-01140562AAF0}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{2A1C9763-48BF-4C18-8675-060017D15619}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{EB6F02A0-6F9A-4FFC-9424-5D1ADD3FDA58}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [TCP Query User{6CDB5985-6F4C-4008-914A-43504ACC8C5B}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{14F273DD-09F3-4156-87AE-F15047D1A57A}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{BFFAC72D-12D1-474A-A94D-71BB0614FDAB}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{1B8CE42D-46DA-4598-BA23-CEA2B0122356}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{DC77C00E-2375-41CD-A7AD-0D8ABE25E305}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1ED3F967-F7A1-486C-9D40-0D00E51E6949}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D6946A8E-1420-4461-88EB-0B4A506C0486}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{20FBBB53-B4F8-4009-9F52-4892F832AAE5}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{AC850EF3-EB27-4F7F-BEAF-5505705DEB33}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{163D07A8-B19F-4898-82FD-2676EC8557FA}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{C05C70CD-2101-423E-BC4E-B4C88689E1E2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{79E545FE-71B3-462A-AC4D-A1787B99C9CD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{69C45118-83F4-4E41-8004-DAE8128930E0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{07B5E7D9-75BF-420A-A618-0F1CE5641148}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{7E34ADA1-1E4F-499E-A29A-3BD9078D5A58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B4BAFD4-D185-459E-8E5A-F5E6315A7EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DB1C2D20-CD0D-43EB-9784-2AB8985AEB2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADAE11A7-FDB0-4250-AD93-98C1AE7C26E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDF1E74-DC16-496F-8160-B157C9688D2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84805EA5-FC29-4F84-86D7-C14684335B12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2017 00:00:01 Scheduled Checkpoint
26-02-2017 19:14:10 Windows Update
28-02-2017 15:45:19 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 04:04:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\users\dd\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/01/2017 03:54:09 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (03/02/2017 04:03:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (03/02/2017 04:03:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/02/2017 04:03:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/01/2017 04:10:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (03/01/2017 04:10:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/01/2017 04:10:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/01/2017 04:09:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/01/2017 04:08:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/01/2017 04:08:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/01/2017 04:08:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-08-28 12:34:16.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 12:34:16.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:42.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:41.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:42.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:41.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 34%
Total physical RAM: 8173.55 MB
Available physical RAM: 5343.05 MB
Total Virtual: 28171.74 MB
Available Virtual: 25093.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:200.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5DA22AB3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 04 March 2017 - 10:33 AM

Hello jackwill and welcome to BleepingComputer!          :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 2 days, feel free to PM me.         :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the "Follow this topic" button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

I'm currently reviewing your log files and will reply back to you with more instructions as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 04 March 2017 - 01:21 PM

Hi jackwill.

 

Going through your logs, I found that you had use Combofix before. Combofix is a very powerful tool that should be used under the supervision of trained helper only. Running it on your own could damage your system.

 

-----------------------

 

We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Yahoo! Detect

Additional instructions can be found here if needed.

 

-----------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.24KB   11 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix has been completed, please create the new FRST log files for me. (FRST.txt and Addition.txt)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 04 March 2017 - 07:41 PM

Hello Sirawit

I could not find Yahoo Detect listed in Programs and Features. As I recall I deleted the Yahoo Detect folder a week or so ago

Here is the Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by DD (04-03-2017 16:32:50) Run:2
Running from C:\Users\DD\Downloads
Loaded Profiles: DD (Available Profiles: DD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js [2017-02-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\22947107.cfg [2017-02-27] <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key removed successfully
HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key not found.
C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js => moved successfully
C:\Program Files (x86)\mozilla firefox\22947107.cfg => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21910405 B
Java, Flash, Steam htmlcache => 1283 B
Windows/system/drivers => 76796363 B
Edge => 0 B
Chrome => 2272966 B
Firefox => 380637921 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 49908 B
systemprofile32 => 86626 B
LocalService => 33326 B
NetworkService => 55808 B
DD => 576679798 B

RecycleBin => 3384 B
EmptyTemp: => 1017.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:34:13 ====


Edited by jackwill, 04 March 2017 - 07:53 PM.


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 05 March 2017 - 10:39 AM

Hi jackwill.

 

Our fix ran OK. Could you please check your Firefox again for Launchpage.org? Is it still there?

 

 

Hello Sirawit

I could not find Yahoo Detect listed in Programs and Features. As I recall I deleted the Yahoo Detect folder a week or so ago

 

That's fine. For now please create a new set of FRST log files for me. (FRST.txt and addition.txt)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 05 March 2017 - 11:38 PM

Hello Sirawit

Unfortunately launchpage.org is still my start page
 

For what it's worth this is the page url Not sure it's a good idea to click on it though. Mind you it only goes to the home page of launchpage.org

https://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D


Here is the FRST.txt log. I could not find the Addition.txt log in either FRST's folder or the folder from which I ran it

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by DD (05-03-2017 20:27:07) Run:3
Running from C:\Users\DD\Downloads
Loaded Profiles: DD (Available Profiles: DD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js [2017-02-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\22947107.cfg [2017-02-27] <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key not found.
HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js" => not found.
"C:\Program Files (x86)\mozilla firefox\22947107.cfg" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7830267 B
Java, Flash, Steam htmlcache => 4486 B
Windows/system/drivers => 1650 B
Edge => 0 B
Chrome => 0 B
Firefox => 18226450 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1698 B
DD => 99487240 B

RecycleBin => 0 B
EmptyTemp: => 127.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:27:26 ====


 


Edited by jackwill, 05 March 2017 - 11:47 PM.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 06 March 2017 - 12:22 AM

Hi jackwill.

 

This file is fixlog.txt, not FRST.txt, please follow the instructions below to get the right log files.

 

FRST Scan from NORMAL or SAFE mode:

 

Please move FRST.exe from your Downloads folder to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 06 March 2017 - 02:01 AM

Ok will do Sirawit

One thing may be of interest is, at the suggestion of the Firefox forum users, I right clicked on the Firefox icon and then properties, beside Target it reads "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" https://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D

 

Problem is I can't find launchpage.org anywhere in the Mozilla Firefox folder

Edit: Problem solved I think. I removed the launchpage url from the "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" in Properties and reset my start page and it is working properly again. Now when I open Firefox my start page is google.ca again


Anyway, here is the fixlog.txt log you wanted


Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by DD (05-03-2017 20:27:07) Run:3
Running from C:\Users\DD\Downloads
Loaded Profiles: DD (Available Profiles: DD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js [2017-02-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\22947107.cfg [2017-02-27] <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key not found.
HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94} => key not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\22947107.js" => not found.
"C:\Program Files (x86)\mozilla firefox\22947107.cfg" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Classes\exefile => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7830267 B
Java, Flash, Steam htmlcache => 4486 B
Windows/system/drivers => 1650 B
Edge => 0 B
Chrome => 0 B
Firefox => 18226450 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1698 B
DD => 99487240 B

RecycleBin => 0 B
EmptyTemp: => 127.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:27:26 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by DD (administrator) on DD-PC (05-03-2017 23:20:57)
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{6A6749DD-6616-4DC1-934D-046B85D9E893}: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{AF680BDF-F279-4EC0-805C-669D3BFE205D}: [DhcpNameServer] 64.59.160.13 64.59.161.68

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 [2017-03-05]
FF Homepage: Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 -> hxxp://www.drudgereport.com/
FF Extension: (Adblock Plus) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-27]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\features\{4df61802-bda7-4101-bfe9-6c16f82ae4ce}\disableSHA1rollout@mozilla.org.xpi [2017-03-02]
FF Extension: (G Data BankGuard) - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2016-11-17] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: @my.com/Games -> C:\Users\DD\AppData\Local\MyComGames\NPMyComDetector.dll [2016-10-08] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (YouTube) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (Adobe Acrobat) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (AdBlock) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28]
CHR Extension: (Skype) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-22] (SUPERAntiSpyware.com)
S4 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-27] (SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S4 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [858632 2010-10-19] (MicroWorld Technologies Inc.)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () [File not signed]
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [59256 2012-02-18] (G Data Software AG)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-03-05] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U4 bdselfpr; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U0 SR; no ImagePath
U2 SRService; no ImagePath
U4 vsserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 23:20 - 2017-03-05 23:21 - 00019056 _____ C:\Users\DD\Desktop\FRST.txt
2017-03-05 23:04 - 2017-03-05 23:04 - 00003489 _____ C:\Users\DD\Desktop\Fixlog.txt
2017-03-04 16:32 - 2017-03-05 20:27 - 00003494 _____ C:\Users\DD\Downloads\Fixlog.txt
2017-03-04 16:32 - 2017-03-05 20:26 - 00000000 ____D C:\Users\DD\Downloads\FRST-OlderVersion
2017-03-02 16:12 - 2017-03-02 16:14 - 00064860 _____ C:\Users\DD\Downloads\Addition.txt
2017-03-02 16:11 - 2017-03-02 16:14 - 00040288 _____ C:\Users\DD\Downloads\FRST.txt
2017-03-02 16:10 - 2017-03-05 20:26 - 02423808 ____C (Farbar) C:\Users\DD\Desktop\FRST64.exe
2017-03-01 16:29 - 2017-03-01 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-01 16:27 - 2017-03-01 16:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-01 16:23 - 2017-03-01 16:23 - 02622304 _____ (Kaspersky Lab) C:\Users\DD\Downloads\kss16.0.0.1344en_9702.exe
2017-03-01 16:02 - 2017-03-01 16:02 - 04031440 _____ C:\Users\DD\Downloads\AdwCleaner(3).exe
2017-02-28 20:06 - 2017-02-28 20:06 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(2).exe
2017-02-28 15:48 - 2017-02-28 15:48 - 02870984 _____ (ESET) C:\Users\DD\Downloads\esetsmartinstaller_enu.exe
2017-02-28 15:43 - 2017-02-28 15:43 - 01663040 _____ (Malwarebytes) C:\Users\DD\Downloads\JRT.exe
2017-02-28 15:34 - 2017-02-28 15:34 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(1).exe
2017-02-28 15:30 - 2017-02-28 15:33 - 00042454 _____ C:\Users\DD\Downloads\MTB.txt
2017-02-28 15:29 - 2017-02-28 15:29 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(2).exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox.exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(1).exe
2017-02-28 02:20 - 2017-02-28 02:20 - 04015056 _____ C:\Users\DD\Downloads\adwcleaner_6.043.exe
2017-02-28 01:32 - 2017-02-28 01:32 - 09261616 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup527.exe
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-27 19:06 - 2017-02-27 19:06 - 11581544 _____ (SurfRight B.V.) C:\Users\DD\Downloads\hitmanpro_x64.exe
2017-02-27 19:02 - 2017-02-27 19:02 - 48750920 _____ C:\Users\DD\Downloads\BDPUARLauncher.exe
2017-02-27 19:01 - 2017-02-27 19:02 - 00000000 ____D C:\Users\DD\AppData\Local\NPE
2017-02-27 19:01 - 2017-02-27 19:01 - 03423928 _____ (Symantec Corporation) C:\Users\DD\Downloads\NPE.exe
2017-02-27 19:01 - 2017-02-27 19:01 - 00000000 ____D C:\ProgramData\Norton
2017-02-27 16:00 - 2016-08-22 11:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-02-23 14:33 - 2017-03-05 23:09 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-02-20 00:22 - 2017-02-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-20 00:05 - 2017-02-28 23:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-20 00:05 - 2017-02-20 01:00 - 00000000 ____D C:\Users\DD\Documents\Heroes of the Storm
2017-02-15 15:21 - 2017-02-15 15:21 - 00000000 ____D C:\Users\DD\ansel
2017-02-14 19:11 - 2017-02-09 14:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 19:06 - 2017-02-09 16:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-14 19:06 - 2017-02-09 16:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-04 17:04 - 2017-01-20 10:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 23:20 - 2016-11-18 15:24 - 00000000 ____D C:\Users\DD\AppData\LocalLow\Mozilla
2017-03-05 23:20 - 2013-11-02 11:48 - 00000000 ___DC C:\FRST
2017-03-05 23:19 - 2012-04-03 09:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-05 23:16 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-05 23:16 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-05 23:09 - 2016-06-24 13:48 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-03-05 23:09 - 2016-06-24 13:48 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-03-05 23:09 - 2015-08-27 15:55 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 23:09 - 2011-04-30 02:20 - 05598208 ___SH C:\Users\DD\Desktop\Thumbs.db
2017-03-05 23:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-05 23:04 - 2016-06-24 13:29 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-05 23:01 - 2013-11-26 14:52 - 00000000 ____D C:\Users\DD\AppData\Local\Battle.net
2017-03-05 22:20 - 2011-02-18 12:20 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E46314-3DC2-4210-B488-0F78D666A3BA}
2017-03-05 20:50 - 2013-07-10 07:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-03-05 20:49 - 2013-11-26 14:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-04 16:36 - 2012-03-19 11:43 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-04 16:34 - 2011-12-11 12:05 - 00000000 ____D C:\Users\DD\AppData\LocalLow\Temp
2017-03-04 16:33 - 2016-11-17 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-04 16:33 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-04 03:15 - 2012-06-23 19:40 - 00000000 ____D C:\Users\DD\AppData\Roaming\Skype
2017-03-02 20:38 - 2012-05-23 10:56 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-03-02 20:37 - 2013-11-26 14:53 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-01 16:09 - 2013-08-20 13:56 - 00000000 ___DC C:\AdwCleaner
2017-03-01 16:05 - 2015-03-10 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-28 02:28 - 2010-08-12 13:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-27 16:18 - 2012-07-13 08:43 - 02229885 _____ C:\Users\DD\AppData\Local\census.cache
2017-02-27 16:18 - 2012-07-13 08:43 - 00107222 _____ C:\Users\DD\AppData\Local\ars.cache
2017-02-27 16:10 - 2014-03-05 14:31 - 00000010 _____ C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2017-02-27 01:26 - 2014-12-25 00:08 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-27 01:26 - 2010-06-05 12:49 - 00001633 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-24 02:34 - 2013-11-07 00:04 - 00000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2017-02-23 18:15 - 2015-07-10 23:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 15:31 - 2013-08-14 23:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-22 15:27 - 2010-06-05 13:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 14:50 - 2011-11-12 09:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-21 19:39 - 2014-08-22 17:01 - 00000000 ____D C:\Users\DD\AppData\Local\Adobe
2017-02-21 19:39 - 2012-04-03 09:13 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 19:39 - 2012-04-03 09:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-21 19:39 - 2011-11-21 10:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 19:39 - 2011-05-18 14:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 19:39 - 2010-02-11 06:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 00:57 - 2011-12-07 14:40 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-02-15 15:21 - 2010-06-05 12:48 - 00000000 ____D C:\Users\DD
2017-02-14 19:12 - 2015-08-28 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 19:12 - 2015-08-27 15:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 19:12 - 2012-03-19 11:53 - 00000000 ___DC C:\temp
2017-02-14 19:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-14 19:11 - 2016-03-11 01:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 16:52 - 2016-12-14 18:09 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 16:52 - 2016-12-05 16:52 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-09 16:52 - 2016-11-26 23:57 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 16:52 - 2016-11-18 21:53 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 16:52 - 2016-09-01 21:54 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 15:13 - 2016-10-07 20:54 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-09 14:57 - 2015-12-24 02:22 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 14:57 - 2015-12-24 02:22 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 14:57 - 2015-08-28 16:04 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 14:57 - 2015-08-28 11:30 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-04 17:09 - 2009-07-13 21:13 - 00818406 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 17:06 - 2016-10-07 20:54 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:05 - 2015-08-27 15:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-04 17:05 - 2015-08-27 15:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 23:40 - 2014-09-21 12:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-03 23:40 - 2012-06-23 19:39 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-11-05 01:39 - 2016-11-05 01:39 - 0000048 ____H () C:\Program Files (x86)\pkid37rhrq.dat
2012-07-13 08:43 - 2017-02-27 16:18 - 0107222 _____ () C:\Users\DD\AppData\Local\ars.cache
2012-07-13 08:43 - 2017-02-27 16:18 - 2229885 _____ () C:\Users\DD\AppData\Local\census.cache
2011-12-13 12:24 - 2011-12-13 12:24 - 0000090 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\Users\DD\AppData\Local\hm574rin7weu6s02i
2011-02-06 12:58 - 2011-02-06 12:58 - 0000036 _____ () C:\Users\DD\AppData\Local\housecall.guid.cache
2012-04-10 07:58 - 2012-10-09 10:38 - 0007610 _____ () C:\Users\DD\AppData\Local\Resmon.ResmonCfg
2014-03-05 14:31 - 2017-02-27 16:10 - 0000010 _____ () C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2011-10-12 14:45 - 2011-10-12 14:45 - 0017408 _____ () C:\Users\DD\AppData\Local\WebpageIcons.db
2010-11-07 13:06 - 2010-11-11 01:21 - 0079990 _____ () C:\ProgramData\bdinstall.bin
2016-06-24 13:39 - 2016-06-24 13:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\ProgramData\hm574rin7weu6s02i

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 17:23

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by DD (05-03-2017 23:22:01)
Running from C:\Users\DD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-05 20:48:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081963628-3576801843-3607325219-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3081963628-3576801843-3607325219-1009 - Limited - Enabled)
DD (S-1-5-21-3081963628-3576801843-3607325219-1000 - Administrator - Enabled) => C:\Users\DD
Guest (S-1-5-21-3081963628-3576801843-3607325219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081963628-3576801843-3607325219-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Armored Warfare MyCom (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Armored Warfare MyCom) (Version: 1.103 - My.com B.V.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ET6 B15.0210.1 (HKLM-x32\...\InstallShield_{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}) (Version: 1.00.0000 - GIGABYTE)
ET6 B15.0210.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
Lunascape6 (All Users) (HKLM-x32\...\Lunascape6) (Version: 6.15.0.27562 - Lunascape)
MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 2.0.09 - Samsung Electronics Ltd.)
Media Player Classic - Home Cinema 1.6.1.4235 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\MyComGames) (Version: 3.176 - My.com B.V.)
NCTAudioConvert ActiveX EXE Server 2.7.3 (HKLM-x32\...\NCTAudioConvert ActiveX EXE Server_is1) (Version:  - NCT Company)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Quake 4™ (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
Quake 4™ (x32 Version: 1.0 - Activision) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{a36eb0e8-1b0f-43ec-a749-5f106086fd5a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{cec74eaf-e465-4472-83c4-90a5185b20b1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01232810-1D65-48CF-977A-CE198FA91053} - System32\Tasks\{B850934B-F695-40AB-A01D-B360393C4558} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {0830E9AF-2BAC-4415-9F60-EF1DA45815F9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1F2039ED-413C-456D-A5FF-6E32DC384CED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {27292ABE-3C6E-4978-BB73-BCADE4444B8E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {2D7AAFC5-D733-4507-9FD2-D775ED7E4CAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {2F939884-B4BF-4354-AE7A-EE0F0B8BEBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2FC83FAC-AE00-49F2-808E-2DDF86854A53} - System32\Tasks\{6AE781BE-1F13-49DA-92AB-3B961936E0CD} => pcalua.exe -a D:\EBR2310.exe -d D:\
Task: {37E0D40B-44CE-4750-A296-C819BEFA4865} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {419B3ABC-2084-40DF-847A-EB1FB318FDE5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {46C2C4DC-1229-4495-870A-A9EC3F7ED60F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {48455699-7E75-4D20-890A-0E570B7BFD77} - System32\Tasks\{33F632CD-5CC6-4B1C-94AD-37795CD2D93A} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {4D498655-BAFD-4BE2-8FC7-5AE6DA2A10BA} - System32\Tasks\{25C54368-B8DC-4D2F-8806-5B77133FACE1} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {4D8E9700-C2FE-4495-A2E4-DFFCF4D9E81F} - System32\Tasks\{62986EA1-7351-47CF-8B19-C446E3B1C3D7} => pcalua.exe -a C:\Users\DD\Desktop\jre-8u101-windows-i586.exe -d C:\Users\DD\Desktop
Task: {56CAF681-80CF-444B-8FE7-A5035F54EE1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {62A0CC52-6F97-4F2B-AE22-B3ECBB76CEBB} - System32\Tasks\{D3241676-56BB-4791-9D4D-0E8FFD9216DB} => pcalua.exe -a C:\Users\DD\Desktop\Stuff\esetsmartinstaller_enu.exe -d C:\Users\DD\Desktop\Stuff
Task: {7804D17F-A9CA-43BA-9D2A-8B82FCFF67EF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {860C6F97-2EBF-439B-83C5-A971CBB8BEF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93FD64B2-9555-43F2-8BC8-08E6231E3EC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {9F0FE122-7641-4545-8146-89D16CC5D4E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {B25DB6D7-0C97-4F6E-85C8-D17C50B99B87} - System32\Tasks\{5C73714A-E708-41A8-B97B-46EB085DA9E5} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe
Task: {B9019520-FBAC-434C-8265-C118191AE878} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BF6BFDAD-9447-4EA9-AC81-E2B3BECA3C0F} - System32\Tasks\{AF35BDFF-4B9A-4D78-A010-44259A366973} => pcalua.exe -a C:\Users\DD\Desktop\ESETUninstaller.exe -d C:\Users\DD\Desktop
Task: {C2A4BC8D-7CBD-4AD2-A12E-A80C2F799F4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C6955145-9E63-4C3D-8D0A-551C276A79BA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {CA52A7C9-1564-4EA5-A738-995D44FF9144} - System32\Tasks\{B9B97057-9B27-431B-964B-A6BB25F1E077} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {CD58AF5D-877E-4BF7-9AAA-08BFE4F13310} - System32\Tasks\{C01D5F8F-007F-46B4-876C-26BBC136878E} => pcalua.exe -a C:\Users\DD\Desktop\Audio.exe -d C:\Users\DD\Desktop
Task: {DB876364-EFBE-48D6-9F1B-9F3479243790} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DDA11CB3-ADF6-4599-AF27-71EF8570CB67} - System32\Tasks\{D5B63CDB-8C14-41AE-933E-4ED271891E05} => pcalua.exe -a D:\Setup\rsrc\Autorun.exe -d D:\
Task: {EADC365D-FCFD-4709-B691-42755D30B444} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {ED9A1351-1737-4CC3-B2E9-55400BE8ED60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F24ED2F7-183B-4B0D-B0E9-277696031FCF} - System32\Tasks\{7ABE38F0-7692-4D89-BC89-05816D6D4837} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {FAD3725F-28E9-40DD-B33C-D55169FE8C50} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-07 20:54 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-08-28 11:30 - 2017-02-09 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-08-28 17:26 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2014-12-26 18:29 - 2014-12-26 18:29 - 02895943 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2015-02-10 12:51 - 2015-02-10 12:51 - 00663619 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2014-05-27 14:24 - 2014-05-27 14:24 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2015-02-10 15:14 - 2015-02-10 15:14 - 01503300 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2015-01-07 15:55 - 2015-01-07 15:55 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2015-02-09 19:42 - 2015-02-09 19:42 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2016-10-07 20:54 - 2017-01-20 10:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-07 20:54 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-07 20:54 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-24 18:53 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avasdmft => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avas_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avss_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpsec => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7780 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123simsen.com -> www.123simsen.com

There are 7777 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-10-22 01:22 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.160.13 - 64.59.161.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AVKService => 2
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: CSIScanner => 2
MSCONFIG\Services: fshoster => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HitmanPro35Crusader => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: PDAgent => 2
MSCONFIG\Services: PDEngine => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Argus Monitor => "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe"
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
MSCONFIG\startupreg: Kaspersky Software Updater => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VIAxHCUtl => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B3CDC5D-8603-404B-93AA-8764ED5AC9C3}] => (Allow) svchost.exe
FirewallRules: [{6D320AE6-E627-4DCA-9B3B-B454F9A1C6DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{DBE8DBC1-0A02-4DF2-87E2-45E754FD3E3A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{83D10DFF-F660-480B-A4DB-2564E9BB892E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{44EAB302-F1B8-43F2-A67B-A7C9E3620D87}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [UDP Query User{93EA40DD-4A57-47EC-B877-8BB1FF88D044}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [{7FF8E154-189F-40D3-9068-610E1CED45BD}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{01103AD7-46B8-49AD-B1F8-443B58393BCA}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{600522BB-FF44-4B74-B251-22F255A4D19E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A7EF6DA4-BF0A-4C9E-9A3A-5BBFE871B2DE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{7214E08F-066D-4495-97ED-039BB5B127A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F5783D21-5A92-44E7-A36D-FA88CCF0F6E9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F8E2756A-B0A1-4B13-BEBD-55CABFCCD0A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{9C5FB8F3-25C5-4EF0-8AB0-8E0F3115A0F9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{1816DAFC-C604-4AA2-A71A-AD6D096CBEAE}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{D19BE041-FDC9-4D73-9788-82F9A334D4D0}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{B723C3A0-0925-4D80-8391-015B07C63E43}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{3CD327F3-F21C-4845-8111-D8AE36D9D461}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{E991B7A5-D15A-4F7E-8324-BAA7385E81C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{875D33CD-BD12-4770-8C36-88A6243B6F46}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BDEA8D8D-0DE6-4B9C-8402-2705587A20E8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D8B5146C-0CAA-4A86-84E8-D6915A86D99D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{DB3549EE-3113-4D21-BD6B-18EAF3C85066}] => (Allow) C:\Users\DD\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{19CB3872-96A8-4518-AC3F-DD65F2F70B51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98FB41C4-F665-4E94-851D-D5997A316A22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{DFFF9073-27F7-4CCB-AE59-E3E82793CEEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{51BBB2EA-B46D-4E87-9997-657A251D05F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{390DA61B-230B-47C4-A9BD-66F4228C9AD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{80641D2D-6D7B-4AD8-B988-8DCDDD5666AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47FB3F3B-4985-4CC4-8529-CF4B5FA44175}] => (Allow) LPort=2869
FirewallRules: [{A0C1B516-BD34-409D-8713-E3771913222E}] => (Allow) LPort=1900
FirewallRules: [{13C5846F-D709-4D22-96F4-DC2077DF9174}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{9CAFC448-2D40-42B2-8A9E-E541FF2EBECC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3092163A-68F0-42CE-8A95-0101CA3CFEBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{8ECE94C9-11AF-45F3-A369-1FA1CBBAF21D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B01EEC42-B309-4DDE-8C7B-ECEB71FFEBD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{7C0E6DDB-25B3-486C-A0D2-3EB8D2B9DBBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E3E282AE-0DE0-489A-90CD-7F449CD64A5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{F7837662-1D3C-458B-AE87-8E3A87072F71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{2200A122-CCD2-481C-831F-8FCB6C88AB40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{BD46F62F-8031-480C-8583-EF11B4941CEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{E75CB423-2657-4159-A217-FE48138BF2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{464D9D5B-2687-4857-BE05-42164BB194BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{D0C63D1B-CB3A-46AC-97D9-4AD7CF83388C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D66898F8-9166-4B8F-BFBE-D92BA85A9BFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{2D7A391F-D793-4E0E-B23E-1772BB2814DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4CD07BCF-420C-44E1-8C03-759FAACC3540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{877DB920-8CC1-4263-871E-E6B732AEC451}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{24897253-0524-4D8D-87F8-FB56DF315D9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8953C8DE-49C2-49B8-906B-0BD50C09AA3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC08CE1D-48B4-4140-93EE-16B542F6B680}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC961CC6-5C62-4955-98FF-2A541C557622}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8C213B41-B795-46F8-BC14-95C384FC22D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8F3F9F60-4F78-4DFA-8DC9-5AAF5840D64B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D88755C4-7827-43D9-B8A0-F3A4089804FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D72CBBC5-118C-499F-A69F-BA9CB7A885B9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B34C2D43-6874-4922-95D8-D8179C93BBD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{4087770E-6CE0-440C-8EAD-40264597B494}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0E8474D3-A8FF-4643-9E33-4D169144D34A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{6FBC18F8-D3BA-4E7F-B2A2-E3CD82EA6DB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{5792377D-896A-4C9D-9CD7-7F6C77DBC1CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7F0E3051-BF20-45D8-BA45-D8A38A4AE154}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ECCEA396-21FF-439D-AE8D-C290A2B0CF0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{4616CF22-3D9A-42AA-8757-62824EAF1926}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{79670772-FFFA-4AB1-95B9-E867BC2E5CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DE2329C-D757-4BC1-8358-B34B21451F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1671A18-FF20-4B47-A2AD-735DA7DA07D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{324D0CE7-97F1-4E04-A4D5-56A3B4614F19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F1866E55-81A9-4921-A32B-DAABC6A1EC36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{656D33AF-431F-4C50-B0CD-DFAA27C866DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{3BA5537F-AA60-4F3A-9D65-65CA76A54C97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{42C75B6D-12DF-471B-BDBE-3F3733684EFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{6A9CDC3B-6A96-4907-94E0-7C32705B3266}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68770589-0360-45C9-A105-713D7873FFBD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{19657FBC-DCF2-45F5-9A66-B29B4D1F30F7}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{F09480F4-9E0B-484A-B8C1-CE9EC4E752D4}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{9C211D39-4783-4DBB-98AB-344A875957D5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CD75C091-F45D-4059-BCDD-C792A8E7FB56}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B497432D-2744-49C6-B862-F259C1827A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9FE4A190-6FBB-4997-985B-8CEBF1B01A74}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0B35F06C-8B93-49E9-95A3-D23DBBCF46F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{351A3B41-419E-486D-9EF3-17A883D52745}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04264010-E756-4802-AECC-7D24630494C2}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{B3DDD109-9F82-4451-9695-01140562AAF0}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{2A1C9763-48BF-4C18-8675-060017D15619}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{EB6F02A0-6F9A-4FFC-9424-5D1ADD3FDA58}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [TCP Query User{6CDB5985-6F4C-4008-914A-43504ACC8C5B}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{14F273DD-09F3-4156-87AE-F15047D1A57A}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{BFFAC72D-12D1-474A-A94D-71BB0614FDAB}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{1B8CE42D-46DA-4598-BA23-CEA2B0122356}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{DC77C00E-2375-41CD-A7AD-0D8ABE25E305}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1ED3F967-F7A1-486C-9D40-0D00E51E6949}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D6946A8E-1420-4461-88EB-0B4A506C0486}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{20FBBB53-B4F8-4009-9F52-4892F832AAE5}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{AC850EF3-EB27-4F7F-BEAF-5505705DEB33}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{163D07A8-B19F-4898-82FD-2676EC8557FA}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{C05C70CD-2101-423E-BC4E-B4C88689E1E2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{79E545FE-71B3-462A-AC4D-A1787B99C9CD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{69C45118-83F4-4E41-8004-DAE8128930E0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{07B5E7D9-75BF-420A-A618-0F1CE5641148}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{7E34ADA1-1E4F-499E-A29A-3BD9078D5A58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B4BAFD4-D185-459E-8E5A-F5E6315A7EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DB1C2D20-CD0D-43EB-9784-2AB8985AEB2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADAE11A7-FDB0-4250-AD93-98C1AE7C26E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDF1E74-DC16-496F-8160-B157C9688D2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84805EA5-FC29-4F84-86D7-C14684335B12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2017 00:00:01 Scheduled Checkpoint
26-02-2017 19:14:10 Windows Update
28-02-2017 15:45:19 JRT Pre-Junkware Removal
02-03-2017 16:14:31 Windows Update
04-03-2017 16:32:54 Restore Point Created by FRST
05-03-2017 20:27:07 Restore Point Created by FRST
05-03-2017 20:39:57 Windows Update
05-03-2017 23:04:13 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 08:27:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9b4993a5-acee-4b4a-a3fc-d93318f697fa}

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (03/05/2017 11:08:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (03/05/2017 11:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/05/2017 11:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/05/2017 11:05:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/05/2017 11:05:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/05/2017 11:04:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-08-28 12:34:16.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 12:34:16.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:42.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:41.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:42.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:41.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 8173.55 MB
Available physical RAM: 6157.71 MB
Total Virtual: 28171.74 MB
Available Virtual: 26230.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:208.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5DA22AB3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



 


Edited by jackwill, 06 March 2017 - 02:53 AM.


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 06 March 2017 - 03:52 AM

Hi jackwill.

 

Please don't run the fix again right now. (Don't use the Fix button for now.)

 

Thanks for your information. We need to look a bit deeper.

 

Open FRST.exe again. Now please select Shortcut.txt box, then press Scan. The tool will generate a log file named Shortcut.txt on your desktop, along with new FRST.txt and Addition.txt please post all these three log files in your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 06 March 2017 - 04:01 AM

Hello Sirawit

 

 

btw my PC appears to be functioning normally

 

 

Users shortcut scan result (x64) Version: 05-03-2017
Ran by DD (06-03-2017 00:58:23)
Running from C:\Users\DD\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk -> hxxp://us.blizzard.com/support
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk -> hxxp://signup.worldofwarcraft.com
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk -> hxxp://enus.nydus.battle.net/wow/enUS/installer/manua
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{87247DF3-62D7-4E34-B335-A815C4A80E8A}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{87247DF3-62D7-4E34-B335-A815C4A80E8A}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.quake4game.com
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk -> hxxp://us.blizzard.com/support
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk -> hxxp://signup.worldofwarcraft.com
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk -> hxxp://enus.nydus.battle.net/wow/enUS/installer/manua
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{1D893892-D9CC-4D5A-A60B-6B7911EFF533}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{1D893892-D9CC-4D5A-A60B-6B7911EFF533}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.doom3.com


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Account Billing.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enUS\AccountBilling.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Blizzard Technical Support.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enUS\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk -> C:\Games\World_of_Tanks\wiki.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk -> C:\Games\World_of_Tanks\game_manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk -> C:\Games\World_of_Tanks\readme.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk -> C:\Games\World_of_Tanks\website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk -> C:\Games\World_of_Tanks\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0\Demos\vulkaninfo.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.0\vulkaninfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0\Demos\vulkaninfo32.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.0\vulkaninfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk -> C:\Program Files\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Documentation.lnk -> C:\Program Files (x86)\id Software\Quake 4\Docs\help.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Quake 4 single player.lnk -> C:\Program Files (x86)\id Software\Quake 4\Quake4.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Quake 4.lnk -> C:\Program Files (x86)\id Software\Quake 4\Quake4.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Website.lnk -> C:\Program Files (x86)\id Software\Quake 4\Quake4.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2\OLYMPUS Master 2 Help.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\OLYMPUSMaster.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2\OLYMPUS Master 2 ReadMe.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2\OLYMPUS Master 2.lnk -> C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\OLYMPUS Master.exe (OLYMPUS IMAGING CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\License Agreement.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\License Agreement.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\NCTAudioConver Help File.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\NCTAudioConvert.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\NCTAudioConvert Help.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Help\NCTAudioConvert3.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\NCTAudioConvert MS VB 6.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\TestVBAudioConvert\TestVBAudioConvert.vbp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\NCTAudioConvert MS VB.NET Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\TestVBNETAudioConvert\TestVBNETAudioConvert.sln ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Readme.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Uninstall NCTAudioConvert ActiveX EXE Server.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert Borland C++ Builder 6.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestBCBAudioConvert\TestBCBAudioConvert.bpr ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert Borland Delphi 6.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestDelphiAudioConvert\TestDelphiAudioConvert.dpr ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert MS C# 7.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestCSAudioConvert\TestCSAudioConvert.sln ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert MS VB 6.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestVBAudioConvert\TestVBAudioConvert.vbp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert MS VB.NET 7.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestVBNETAudioConvert\TestVBNETAudioConvert.sln ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCT\AudioConvert 3.5\Samples\NCTAudioConvert MS VC 6.0 Sample.lnk -> C:\Program Files (x86)\NCT\AudioConvert3\Samples\TestVCAudioConvert\TestVCAudioConvert.dsw ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble\Qt License.lnk -> C:\Program Files (x86)\Mumble\qt.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble\Speex License.lnk -> C:\Program Files (x86)\Mumble\speex.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center\Microsoft Mouse and Keyboard Center.lnk -> c:\Windows\Installer\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}\DeviceCenter.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema\Changelog.lnk -> C:\Program Files (x86)\Media Player Classic - Home Cinema\Changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema\Media Player Classic - Home Cinema.lnk -> C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema\Uninstall Media Player Classic - Home Cinema.lnk -> C:\Program Files (x86)\Media Player Classic - Home Cinema\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\License.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\License.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Uninstall Lunascape6.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan\Kaspersky Security Scan.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe (AO Kaspersky Lab)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan\Visit Kaspersky Lab on the Web.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kl.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\Installer\setup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\@BIOS.lnk -> C:\Program Files (x86)\GIGABYTE\@BIOS\BIOS_Run.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\ET6.lnk -> C:\Windows\Installer\{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}\ET6SC.exe_735ECBF644A04C2A9E7343111FE074FE.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\Help.lnk -> C:\Windows\Installer\{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}\et6help.chm_B849112009224CE08745414ED57F42B9.exe (Flexera Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\AutoGreen\AutoGreen.lnk -> C:\Windows\Installer\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}\CallAG.exe_C75FAD21EC0842F392D6C9C0AB355345.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diablo III™.lnk -> 0x4C0000000114020000000000C0000000000000468500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000360014001F80DF8F22EDA89E704883B196B02CFE0D5220000000474653498602AEE8639A4F4FB4790E4E4A2A8EB5000000000000000000000B0044006900610062006C006F002000490049004900222128000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE000000000000000000000000
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft™.lnk -> 0x4C0000000114020000000000C0000000000000468500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000360014001F80DF8F22EDA89E704883B196B02CFE0D522000000047465349685CC321C5A6754A8FFDDB503CE6F67B00000000000000000000120057006F0072006C00640020006F006600200057006100720063007200610066007400222128000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE000000000000000000000000
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\Dolby Axon Help.lnk -> C:\Program Files (x86)\DolbyAxon\Axon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\Dolby Axon.lnk -> C:\Program Files (x86)\DolbyAxon\Axon.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> C:\Program Files (x86)\Diablo III\Manual.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu\Solution Menu Readme.lnk -> C:\Program Files (x86)\Canon\SolutionMenu\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu\Solution Menu.lnk -> C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\My Printer Readme.lnk -> C:\Program Files\Canon\MyPrinter\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Readme.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series Manual\Uninstall.lnk -> C:\Program Files (x86)\Canon\IJ Manual\CANON IP2700 SERIES\uninstall.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series\Readme XPS.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon iP2700 series\readme_English_xps.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series\Readme.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon iP2700 series\readme_English.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor\AbiWord 2.8.lnk -> C:\Program Files (x86)\AbiWord\bin\AbiWord.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E8AE0286-9A63-4F4F-B479-0E4E4A2A8EB5}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\DD\Links\Desktop.lnk -> C:\Users\DD\Desktop ()
Shortcut: C:\Users\DD\Links\Downloads.lnk -> C:\Users\DD\Downloads ()
Shortcut: C:\Users\DD\Links\OneDrive.lnk -> C:\Users\DD\SkyDrive ()
Shortcut: C:\Users\DD\Links\RecentPlaces.lnk -> System Folder
Shortcut: C:\Users\DD\Documents\AMD OverDrive.lnk -> C:\Program Files (x86)\AMD\OverDrive\AMD OverDrive.exe (No File)
Shortcut: C:\Users\DD\Documents\Canon Solution Menu EX.lnk -> C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (No File)
Shortcut: C:\Users\DD\Documents\Heroes of the Storm\T_123734438_611@1.lnk -> C:\Users\DD\Documents\Heroes of the Storm\Accounts\77938994\1-Hero-1-7991461 ()
Shortcut: C:\Users\DD\Desktop\Stuff\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\DD\Desktop\Stuff\Mumble.lnk -> C:\Program Files (x86)\Mumble\mumble.exe (No File)
Shortcut: C:\Users\DD\Desktop\Stuff\Skype.lnk -> C:\Windows\Installer\{1845470B-EB14-4ABC-835B-E36C693DC07D}\SkypeIcon.exe ()
Shortcut: C:\Users\DD\Desktop\Stuff\PCMaintenance\Ad-Aware Antivirus.lnk -> C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareDesktop.exe (No File)
Shortcut: C:\Users\DD\Desktop\Stuff\PCMaintenance\Panda Cloud Cleaner.lnk -> C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe (No File)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\My.com Game Center.lnk -> C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe (MY.COM B.V.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -> C:\Users\DD\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\The Happy Cloud.lnk -> C:\ProgramData\HappyCloud\Application\HappyCloudService.exe (Happy Cloud, Inc.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\Uninstall.lnk -> C:\ProgramData\HappyCloud\Application\uninstaller.exe ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Quake 4™.lnk -> 0x4C0000000114020000000000C0000000000000468500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000360014001F80DF8F22EDA89E704883B196B02CFE0D522000000047465349F37D2487D762344EB335A815C4A80E8A0000000000000000000008005100750061006B00650020003400222128000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE000000000000000000000000
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk -> C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HiJackThis.lnk -> C:\Users\DD\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -> 0x4C0000000114020000000000C000000000000046C1000000000000000000000000000000000000000000000000000000000000000000000095FFFFFF01000000000000000000000000000000160014001F80F1A15925D721D411BDAF00C04F60B9F000000C00480065006C007000500061006E0065002E006500780065008D000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE00000000650000003153505355284C9F799F394BA8D0E1D42DE1D5F34900000005000000001F0000001B0000004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00480065006C007000700061006E00650000000000000000000000000000000000
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -> 0x4C0000000114020000000000C000000000000046C1000000000000000000000000000000000000000000000000000000000000000000000060FFFFFF01000000000000000000000000000000160014001F80F3A15925D721D411BDAF00C04F60B9F000000B007300680065006C006C00330032002E0064006C006C0099000000090000A01C00000031535053E28A5846BC4C3843BBFC139326986DCE00000000710000003153505355284C9F799F394BA8D0E1D42DE1D5F35500000005000000001F000000220000004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E005300680065006C006C002E00520075006E004400690061006C006F0067000000000000000000000000000000
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7a5afdf4c340002b\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{87247DF3-62D7-4E34-B335-A815C4A80E8A}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\id Software\Quake 4\Quake4.exe ()
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\DD\AppData\Local\Microsoft\Windows\GameExplorer\{1D893892-D9CC-4D5A-A60B-6B7911EFF533}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\DOOM 3\Doom3.exe (No File)
Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Quake 4 multiplayer.lnk -> C:\Program Files (x86)\id Software\Quake 4\Quake4.exe () -> +set fs_game q4mp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4\Uninstall Quake 4.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe (InstallShield Software Corporation) -> /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6 (Safe Mode).lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\User Profile Management Tools\Backup Profile.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\LunaMig.exe (Lunascape Corporation) -> -backup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\User Profile Management Tools\Reset Profile.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\LunaMig.exe (Lunascape Corporation) -> -reset
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\User Profile Management Tools\Restore Profile.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\LunaMig.exe (Lunascape Corporation) -> -restore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater\Kaspersky Software Updater Eula.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe (AO Kaspersky Lab) -> ksu eula
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater\Kaspersky Software Updater.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe (AO Kaspersky Lab) -> ksu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater\Uninstall Kaspersky Software Updater.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ksu_setup.exe (Kaspersky Lab) -> /x
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan\Kaspersky Security Scan Help.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe (AO Kaspersky Lab) ->  help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan\Kaspersky Security Scan License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe (AO Kaspersky Lab) ->  eula
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan\Remove Kaspersky Security Scan.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\setup.exe (Kaspersky Lab) -> /x
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu\Solution Menu Uninstall.lnk -> C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe (CANON INC.) -> C:\Program Files (x86)\Canon\SolutionMenu\uninst.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\My Printer Uninstall.lnk -> C:\Program Files\Canon\MyPrinter\uninst.exe (CANON INC.) -> C:\Program Files\Canon\MyPrinter\uninst.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\My Printer.lnk -> C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) -> /mn
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint EX\Easy-PhotoPrint EX Uninstall.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe (CANON INC.) -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series Manual\Canon iP2700 series On-screen Manual.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON IP2700 SERIES\English\Info.egv"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series\View Print History XPS.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNMXPVA4.EXE (CANON INC.) -> "Canon iP2700 series XPS"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\DD\Documents\Canon MP280 series On-screen Manual.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP280 SERIES\English\Info.egv"
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy Homepage.url -> URL: hxxp://www.piriform.com/speccy
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema\Media Player Classic - Home Cinema on the Web.url -> URL: hxxp://mpc-hc.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\DD\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\DD\Documents\pics\Favorites\Get Bookmark Add-ons.URL -> URL: hxxps://addons.mozilla.org/en-US/firefox/bookmarks/
InternetURL: C:\Users\DD\Documents\pics\Favorites\Mozilla Firefox\About Us.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/about/
InternetURL: C:\Users\DD\Documents\pics\Favorites\Mozilla Firefox\Customize Firefox.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/customize/
InternetURL: C:\Users\DD\Documents\pics\Favorites\Mozilla Firefox\Get Involved.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/community/
InternetURL: C:\Users\DD\Documents\pics\Favorites\Mozilla Firefox\Help and Tutorials.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/help/
InternetURL: C:\Users\DD\Documents\pics\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\DD\Documents\pics\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\DD\Documents\pics\Favorites\Bookmarks Toolbar Folder\Getting Started.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/central/
InternetURL: C:\Users\DD\Documents\Favorites\Get Bookmark Add-ons.URL -> URL: hxxps://addons.mozilla.org/en-US/firefox/bookmarks/
InternetURL: C:\Users\DD\Documents\Favorites\The Ethnic Cleansing of Palestine.url -> BASEURL: hxxp://www.scribd.com/doc/53369338/The-Ethnic-Cleansing-of-Palestine URL: hxxp://www.scribd.com/doc/53369338/The-Ethnic-Cleansing-of-Palestine
InternetURL: C:\Users\DD\Documents\Favorites\Mozilla Firefox\About Us.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/about/
InternetURL: C:\Users\DD\Documents\Favorites\Mozilla Firefox\Customize Firefox.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/customize/
InternetURL: C:\Users\DD\Documents\Favorites\Mozilla Firefox\Get Involved.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/community/
InternetURL: C:\Users\DD\Documents\Favorites\Mozilla Firefox\Help and Tutorials.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/help/
InternetURL: C:\Users\DD\Documents\Favorites\Bookmarks Toolbar Folder\Getting Started.URL -> URL: hxxp://www.mozilla.com/en-US/firefox/central/
InternetURL: C:\Users\DD\Desktop\Stuff\Global Warming\Ocean temperatures the new bluff in alarmism « JoNova.URL -> URL: hxxp://joannenova.com.au/2009/07/ocean-temperatures-the-new-bluff-in-alarmism/
InternetURL: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/
InternetURL: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Armored Warfare.url -> URL: mycomgames://play/13.2000009
InternetURL: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Uninstall Armored Warfare.url -> URL: mycomgames://uninstall/13.2000009

==================== End of Shortcut.txt =============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by DD (06-03-2017 00:56:51)
Running from C:\Users\DD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-05 20:48:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3081963628-3576801843-3607325219-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3081963628-3576801843-3607325219-1009 - Limited - Enabled)
DD (S-1-5-21-3081963628-3576801843-3607325219-1000 - Administrator - Enabled) => C:\Users\DD
Guest (S-1-5-21-3081963628-3576801843-3607325219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3081963628-3576801843-3607325219-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Armored Warfare MyCom (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\Armored Warfare MyCom) (Version: 1.103 - My.com B.V.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ET6 B15.0210.1 (HKLM-x32\...\InstallShield_{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}) (Version: 1.00.0000 - GIGABYTE)
ET6 B15.0210.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
Lunascape6 (All Users) (HKLM-x32\...\Lunascape6) (Version: 6.15.0.27562 - Lunascape)
MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 2.0.09 - Samsung Electronics Ltd.)
Media Player Classic - Home Cinema 1.6.1.4235 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM-x32\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\MyComGames) (Version: 3.176 - My.com B.V.)
NCTAudioConvert ActiveX EXE Server 2.7.3 (HKLM-x32\...\NCTAudioConvert ActiveX EXE Server_is1) (Version:  - NCT Company)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Quake 4™ (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
Quake 4™ (x32 Version: 1.0 - Activision) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{a36eb0e8-1b0f-43ec-a749-5f106086fd5a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{cec74eaf-e465-4472-83c4-90a5185b20b1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DD\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01232810-1D65-48CF-977A-CE198FA91053} - System32\Tasks\{B850934B-F695-40AB-A01D-B360393C4558} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {0830E9AF-2BAC-4415-9F60-EF1DA45815F9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1F2039ED-413C-456D-A5FF-6E32DC384CED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {27292ABE-3C6E-4978-BB73-BCADE4444B8E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {2D7AAFC5-D733-4507-9FD2-D775ED7E4CAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {2F939884-B4BF-4354-AE7A-EE0F0B8BEBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2FC83FAC-AE00-49F2-808E-2DDF86854A53} - System32\Tasks\{6AE781BE-1F13-49DA-92AB-3B961936E0CD} => pcalua.exe -a D:\EBR2310.exe -d D:\
Task: {37E0D40B-44CE-4750-A296-C819BEFA4865} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {419B3ABC-2084-40DF-847A-EB1FB318FDE5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {46C2C4DC-1229-4495-870A-A9EC3F7ED60F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {48455699-7E75-4D20-890A-0E570B7BFD77} - System32\Tasks\{33F632CD-5CC6-4B1C-94AD-37795CD2D93A} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {4D498655-BAFD-4BE2-8FC7-5AE6DA2A10BA} - System32\Tasks\{25C54368-B8DC-4D2F-8806-5B77133FACE1} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {4D8E9700-C2FE-4495-A2E4-DFFCF4D9E81F} - System32\Tasks\{62986EA1-7351-47CF-8B19-C446E3B1C3D7} => pcalua.exe -a C:\Users\DD\Desktop\jre-8u101-windows-i586.exe -d C:\Users\DD\Desktop
Task: {56CAF681-80CF-444B-8FE7-A5035F54EE1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {62A0CC52-6F97-4F2B-AE22-B3ECBB76CEBB} - System32\Tasks\{D3241676-56BB-4791-9D4D-0E8FFD9216DB} => pcalua.exe -a C:\Users\DD\Desktop\Stuff\esetsmartinstaller_enu.exe -d C:\Users\DD\Desktop\Stuff
Task: {7804D17F-A9CA-43BA-9D2A-8B82FCFF67EF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {860C6F97-2EBF-439B-83C5-A971CBB8BEF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93FD64B2-9555-43F2-8BC8-08E6231E3EC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {9F0FE122-7641-4545-8146-89D16CC5D4E4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {B25DB6D7-0C97-4F6E-85C8-D17C50B99B87} - System32\Tasks\{5C73714A-E708-41A8-B97B-46EB085DA9E5} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe
Task: {B9019520-FBAC-434C-8265-C118191AE878} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BF6BFDAD-9447-4EA9-AC81-E2B3BECA3C0F} - System32\Tasks\{AF35BDFF-4B9A-4D78-A010-44259A366973} => pcalua.exe -a C:\Users\DD\Desktop\ESETUninstaller.exe -d C:\Users\DD\Desktop
Task: {C2A4BC8D-7CBD-4AD2-A12E-A80C2F799F4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C6955145-9E63-4C3D-8D0A-551C276A79BA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {CA52A7C9-1564-4EA5-A738-995D44FF9144} - System32\Tasks\{B9B97057-9B27-431B-964B-A6BB25F1E077} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {CD58AF5D-877E-4BF7-9AAA-08BFE4F13310} - System32\Tasks\{C01D5F8F-007F-46B4-876C-26BBC136878E} => pcalua.exe -a C:\Users\DD\Desktop\Audio.exe -d C:\Users\DD\Desktop
Task: {DB876364-EFBE-48D6-9F1B-9F3479243790} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DDA11CB3-ADF6-4599-AF27-71EF8570CB67} - System32\Tasks\{D5B63CDB-8C14-41AE-933E-4ED271891E05} => pcalua.exe -a D:\Setup\rsrc\Autorun.exe -d D:\
Task: {EADC365D-FCFD-4709-B691-42755D30B444} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {ED9A1351-1737-4CC3-B2E9-55400BE8ED60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F24ED2F7-183B-4B0D-B0E9-277696031FCF} - System32\Tasks\{7ABE38F0-7692-4D89-BC89-05816D6D4837} => pcalua.exe -a C:\Users\DD\Desktop\wlsetup-web.exe -d C:\Users\DD\Desktop
Task: {FAD3725F-28E9-40DD-B33C-D55169FE8C50} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-07 20:54 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-08-28 11:30 - 2017-02-09 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2017-02-23 19:25 - 2017-02-23 19:25 - 01457128 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-08-28 17:26 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 20:54 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2014-12-26 18:29 - 2014-12-26 18:29 - 02895943 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2015-02-10 12:51 - 2015-02-10 12:51 - 00663619 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2014-05-27 14:24 - 2014-05-27 14:24 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2015-02-10 15:14 - 2015-02-10 15:14 - 01503300 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2015-01-07 15:55 - 2015-01-07 15:55 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2015-02-09 19:42 - 2015-02-09 19:42 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2016-10-07 20:54 - 2017-01-20 10:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-07 20:54 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-07 20:54 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-07 20:54 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-24 18:53 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-23 19:25 - 2017-02-23 19:25 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ortp.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libcef.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libEGL.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libGLESv2.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libglesv2.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libegl.dll
2017-02-23 19:25 - 2017-02-23 19:25 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avasdmft => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avas_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avss_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpsec => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7780 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\...\123simsen.com -> www.123simsen.com

There are 7777 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-10-22 01:22 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.160.13 - 64.59.161.68
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: AVKService => 2
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: CSIScanner => 2
MSCONFIG\Services: fshoster => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HitmanPro35Crusader => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: PDAgent => 2
MSCONFIG\Services: PDEngine => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Argus Monitor => "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe"
MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
MSCONFIG\startupreg: Kaspersky Software Updater => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VIAxHCUtl => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B3CDC5D-8603-404B-93AA-8764ED5AC9C3}] => (Allow) svchost.exe
FirewallRules: [{6D320AE6-E627-4DCA-9B3B-B454F9A1C6DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{DBE8DBC1-0A02-4DF2-87E2-45E754FD3E3A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{83D10DFF-F660-480B-A4DB-2564E9BB892E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{44EAB302-F1B8-43F2-A67B-A7C9E3620D87}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [UDP Query User{93EA40DD-4A57-47EC-B877-8BB1FF88D044}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [{7FF8E154-189F-40D3-9068-610E1CED45BD}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{01103AD7-46B8-49AD-B1F8-443B58393BCA}] => (Allow) C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWAGENT.EXE
FirewallRules: [{600522BB-FF44-4B74-B251-22F255A4D19E}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A7EF6DA4-BF0A-4C9E-9A3A-5BBFE871B2DE}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{7214E08F-066D-4495-97ED-039BB5B127A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F5783D21-5A92-44E7-A36D-FA88CCF0F6E9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{F8E2756A-B0A1-4B13-BEBD-55CABFCCD0A0}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{9C5FB8F3-25C5-4EF0-8AB0-8E0F3115A0F9}] => (Allow) C:\ProgramData\HappyCloud\Cache\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{1816DAFC-C604-4AA2-A71A-AD6D096CBEAE}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{D19BE041-FDC9-4D73-9788-82F9A334D4D0}] => (Allow) C:\Users\DD\AppData\Local\Apps\2.0\2RLRPNX2.Q8Z\OMOZVBBA.D2M\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{B723C3A0-0925-4D80-8391-015B07C63E43}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{3CD327F3-F21C-4845-8111-D8AE36D9D461}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{E991B7A5-D15A-4F7E-8324-BAA7385E81C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{875D33CD-BD12-4770-8C36-88A6243B6F46}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BDEA8D8D-0DE6-4B9C-8402-2705587A20E8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{D8B5146C-0CAA-4A86-84E8-D6915A86D99D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{DB3549EE-3113-4D21-BD6B-18EAF3C85066}] => (Allow) C:\Users\DD\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{19CB3872-96A8-4518-AC3F-DD65F2F70B51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98FB41C4-F665-4E94-851D-D5997A316A22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{DFFF9073-27F7-4CCB-AE59-E3E82793CEEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{51BBB2EA-B46D-4E87-9997-657A251D05F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{390DA61B-230B-47C4-A9BD-66F4228C9AD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{80641D2D-6D7B-4AD8-B988-8DCDDD5666AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47FB3F3B-4985-4CC4-8529-CF4B5FA44175}] => (Allow) LPort=2869
FirewallRules: [{A0C1B516-BD34-409D-8713-E3771913222E}] => (Allow) LPort=1900
FirewallRules: [{13C5846F-D709-4D22-96F4-DC2077DF9174}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{9CAFC448-2D40-42B2-8A9E-E541FF2EBECC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3092163A-68F0-42CE-8A95-0101CA3CFEBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{8ECE94C9-11AF-45F3-A369-1FA1CBBAF21D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B01EEC42-B309-4DDE-8C7B-ECEB71FFEBD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{7C0E6DDB-25B3-486C-A0D2-3EB8D2B9DBBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{E3E282AE-0DE0-489A-90CD-7F449CD64A5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{F7837662-1D3C-458B-AE87-8E3A87072F71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{2200A122-CCD2-481C-831F-8FCB6C88AB40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{BD46F62F-8031-480C-8583-EF11B4941CEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{E75CB423-2657-4159-A217-FE48138BF2C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{464D9D5B-2687-4857-BE05-42164BB194BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{D0C63D1B-CB3A-46AC-97D9-4AD7CF83388C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{D66898F8-9166-4B8F-BFBE-D92BA85A9BFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{2D7A391F-D793-4E0E-B23E-1772BB2814DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4CD07BCF-420C-44E1-8C03-759FAACC3540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{877DB920-8CC1-4263-871E-E6B732AEC451}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{24897253-0524-4D8D-87F8-FB56DF315D9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8953C8DE-49C2-49B8-906B-0BD50C09AA3A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC08CE1D-48B4-4140-93EE-16B542F6B680}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{BC961CC6-5C62-4955-98FF-2A541C557622}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8C213B41-B795-46F8-BC14-95C384FC22D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{8F3F9F60-4F78-4DFA-8DC9-5AAF5840D64B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D88755C4-7827-43D9-B8A0-F3A4089804FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D72CBBC5-118C-499F-A69F-BA9CB7A885B9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B34C2D43-6874-4922-95D8-D8179C93BBD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{4087770E-6CE0-440C-8EAD-40264597B494}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0E8474D3-A8FF-4643-9E33-4D169144D34A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{6FBC18F8-D3BA-4E7F-B2A2-E3CD82EA6DB3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{5792377D-896A-4C9D-9CD7-7F6C77DBC1CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{7F0E3051-BF20-45D8-BA45-D8A38A4AE154}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ECCEA396-21FF-439D-AE8D-C290A2B0CF0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{4616CF22-3D9A-42AA-8757-62824EAF1926}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{79670772-FFFA-4AB1-95B9-E867BC2E5CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DE2329C-D757-4BC1-8358-B34B21451F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1671A18-FF20-4B47-A2AD-735DA7DA07D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{324D0CE7-97F1-4E04-A4D5-56A3B4614F19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F1866E55-81A9-4921-A32B-DAABC6A1EC36}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{656D33AF-431F-4C50-B0CD-DFAA27C866DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{3BA5537F-AA60-4F3A-9D65-65CA76A54C97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{42C75B6D-12DF-471B-BDBE-3F3733684EFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{6A9CDC3B-6A96-4907-94E0-7C32705B3266}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{68770589-0360-45C9-A105-713D7873FFBD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{19657FBC-DCF2-45F5-9A66-B29B4D1F30F7}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{F09480F4-9E0B-484A-B8C1-CE9EC4E752D4}] => (Allow) C:\Users\DD\AppData\Local\Temp\nsw7CC0.tmp\Installer-10776287.exe
FirewallRules: [{9C211D39-4783-4DBB-98AB-344A875957D5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CD75C091-F45D-4059-BCDD-C792A8E7FB56}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B497432D-2744-49C6-B862-F259C1827A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9FE4A190-6FBB-4997-985B-8CEBF1B01A74}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0B35F06C-8B93-49E9-95A3-D23DBBCF46F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{351A3B41-419E-486D-9EF3-17A883D52745}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04264010-E756-4802-AECC-7D24630494C2}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{B3DDD109-9F82-4451-9695-01140562AAF0}] => (Allow) C:\Users\DD\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{2A1C9763-48BF-4C18-8675-060017D15619}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{EB6F02A0-6F9A-4FFC-9424-5D1ADD3FDA58}C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [TCP Query User{6CDB5985-6F4C-4008-914A-43504ACC8C5B}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{14F273DD-09F3-4156-87AE-F15047D1A57A}C:\users\dd\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dd\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{BFFAC72D-12D1-474A-A94D-71BB0614FDAB}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{1B8CE42D-46DA-4598-BA23-CEA2B0122356}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{DC77C00E-2375-41CD-A7AD-0D8ABE25E305}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1ED3F967-F7A1-486C-9D40-0D00E51E6949}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{D6946A8E-1420-4461-88EB-0B4A506C0486}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{20FBBB53-B4F8-4009-9F52-4892F832AAE5}] => (Allow) C:\Users\DD\AppData\Local\Temp\Rar$EXa0.981\WGCheck.exe
FirewallRules: [{AC850EF3-EB27-4F7F-BEAF-5505705DEB33}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{163D07A8-B19F-4898-82FD-2676EC8557FA}] => (Allow) C:\Games\World_of_Tanks\WorldOfTanks.exe
FirewallRules: [{C05C70CD-2101-423E-BC4E-B4C88689E1E2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{79E545FE-71B3-462A-AC4D-A1787B99C9CD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{69C45118-83F4-4E41-8004-DAE8128930E0}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{07B5E7D9-75BF-420A-A618-0F1CE5641148}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{7E34ADA1-1E4F-499E-A29A-3BD9078D5A58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B4BAFD4-D185-459E-8E5A-F5E6315A7EE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DB1C2D20-CD0D-43EB-9784-2AB8985AEB2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{ADAE11A7-FDB0-4250-AD93-98C1AE7C26E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDF1E74-DC16-496F-8160-B157C9688D2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84805EA5-FC29-4F84-86D7-C14684335B12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2017 00:00:01 Scheduled Checkpoint
26-02-2017 19:14:10 Windows Update
28-02-2017 15:45:19 JRT Pre-Junkware Removal
02-03-2017 16:14:31 Windows Update
04-03-2017 16:32:54 Restore Point Created by FRST
05-03-2017 20:27:07 Restore Point Created by FRST
05-03-2017 20:39:57 Windows Update
05-03-2017 23:04:13 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 08:27:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9b4993a5-acee-4b4a-a3fc-d93318f697fa}

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/05/2017 04:11:07 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (03/05/2017 11:08:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (03/05/2017 11:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/05/2017 11:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.01 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/05/2017 11:05:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/05/2017 11:05:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/05/2017 11:04:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/05/2017 11:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-08-28 12:34:16.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 12:34:16.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-28 11:46:17.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:42.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:38:41.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:35:53.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:42.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-27 17:10:41.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 75%
Total physical RAM: 8173.55 MB
Available physical RAM: 1963.73 MB
Total Virtual: 28171.74 MB
Available Virtual: 21072.64 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:208.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5DA22AB3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by DD (administrator) on DD-PC (06-03-2017 00:55:50)
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5450\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{6A6749DD-6616-4DC1-934D-046B85D9E893}: [DhcpNameServer] 64.59.160.13 64.59.161.68
Tcpip\..\Interfaces\{AF680BDF-F279-4EC0-805C-669D3BFE205D}: [DhcpNameServer] 64.59.160.13 64.59.161.68

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3081963628-3576801843-3607325219-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 [2017-03-06]
FF Homepage: Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464 -> hxxps://www.google.ca/webhp?hl=en&sa=X&ved=0ahUKEwiUjMGqrcHSAhVO1mMKHSanB4QQPAgD
FF Extension: (Adblock Plus) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-27]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\w5skx0y3.default-1488194173464\features\{4df61802-bda7-4101-bfe9-6c16f82ae4ce}\disableSHA1rollout@mozilla.org.xpi [2017-03-02]
FF Extension: (G Data BankGuard) - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2016-11-17] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: @my.com/Games -> C:\Users\DD\AppData\Local\MyComGames\NPMyComDetector.dll [2016-10-08] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3081963628-3576801843-3607325219-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (YouTube) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (Adobe Acrobat) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (AdBlock) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28]
CHR Extension: (Skype) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-22] (SUPERAntiSpyware.com)
S4 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-27] (SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S4 MWAgent; C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE [858632 2010-10-19] (MicroWorld Technologies Inc.)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-03-05] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-10-25] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] () [File not signed]
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [59256 2012-02-18] (G Data Software AG)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-03-05] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U4 bdselfpr; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U0 SR; no ImagePath
U2 SRService; no ImagePath
U4 vsserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 23:22 - 2017-03-05 23:23 - 00063930 _____ C:\Users\DD\Desktop\Addition.txt
2017-03-05 23:20 - 2017-03-06 00:56 - 00019650 _____ C:\Users\DD\Desktop\FRST.txt
2017-03-05 23:04 - 2017-03-05 23:04 - 00003489 _____ C:\Users\DD\Desktop\Fixlog.txt
2017-03-04 16:32 - 2017-03-05 20:27 - 00003494 _____ C:\Users\DD\Downloads\Fixlog.txt
2017-03-04 16:32 - 2017-03-05 20:26 - 00000000 ____D C:\Users\DD\Downloads\FRST-OlderVersion
2017-03-02 16:12 - 2017-03-02 16:14 - 00064860 _____ C:\Users\DD\Downloads\Addition.txt
2017-03-02 16:11 - 2017-03-02 16:14 - 00040288 _____ C:\Users\DD\Downloads\FRST.txt
2017-03-02 16:10 - 2017-03-05 20:26 - 02423808 ____C (Farbar) C:\Users\DD\Desktop\FRST64.exe
2017-03-01 16:29 - 2017-03-01 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-01 16:29 - 2017-03-01 16:29 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-01 16:27 - 2017-03-01 16:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-01 16:23 - 2017-03-01 16:23 - 02622304 _____ (Kaspersky Lab) C:\Users\DD\Downloads\kss16.0.0.1344en_9702.exe
2017-03-01 16:02 - 2017-03-01 16:02 - 04031440 _____ C:\Users\DD\Downloads\AdwCleaner(3).exe
2017-02-28 20:06 - 2017-02-28 20:06 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(2).exe
2017-02-28 15:48 - 2017-02-28 15:48 - 02870984 _____ (ESET) C:\Users\DD\Downloads\esetsmartinstaller_enu.exe
2017-02-28 15:43 - 2017-02-28 15:43 - 01663040 _____ (Malwarebytes) C:\Users\DD\Downloads\JRT.exe
2017-02-28 15:34 - 2017-02-28 15:34 - 04015056 _____ C:\Users\DD\Downloads\AdwCleaner(1).exe
2017-02-28 15:30 - 2017-02-28 15:33 - 00042454 _____ C:\Users\DD\Downloads\MTB.txt
2017-02-28 15:29 - 2017-02-28 15:29 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(2).exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox.exe
2017-02-28 15:28 - 2017-02-28 15:28 - 00892416 _____ (Farbar) C:\Users\DD\Downloads\MiniToolBox(1).exe
2017-02-28 02:20 - 2017-02-28 02:20 - 04015056 _____ C:\Users\DD\Downloads\adwcleaner_6.043.exe
2017-02-28 01:32 - 2017-02-28 01:32 - 09261616 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup527.exe
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-27 19:12 - 2017-02-27 19:12 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-27 19:06 - 2017-02-27 19:06 - 11581544 _____ (SurfRight B.V.) C:\Users\DD\Downloads\hitmanpro_x64.exe
2017-02-27 19:02 - 2017-02-27 19:02 - 48750920 _____ C:\Users\DD\Downloads\BDPUARLauncher.exe
2017-02-27 19:01 - 2017-02-27 19:02 - 00000000 ____D C:\Users\DD\AppData\Local\NPE
2017-02-27 19:01 - 2017-02-27 19:01 - 03423928 _____ (Symantec Corporation) C:\Users\DD\Downloads\NPE.exe
2017-02-27 19:01 - 2017-02-27 19:01 - 00000000 ____D C:\ProgramData\Norton
2017-02-27 16:00 - 2016-08-22 11:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-02-23 14:33 - 2017-03-05 23:09 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-02-20 00:22 - 2017-02-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-02-20 00:05 - 2017-02-28 23:10 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-20 00:05 - 2017-02-20 01:00 - 00000000 ____D C:\Users\DD\Documents\Heroes of the Storm
2017-02-15 15:21 - 2017-02-15 15:21 - 00000000 ____D C:\Users\DD\ansel
2017-02-14 19:11 - 2017-02-09 14:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 19:06 - 2017-02-09 16:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-14 19:06 - 2017-02-09 16:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-14 19:06 - 2017-02-09 16:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-04 17:04 - 2017-01-20 10:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-06 00:56 - 2013-11-26 14:52 - 00000000 ____D C:\Users\DD\AppData\Local\Battle.net
2017-03-06 00:55 - 2013-11-02 11:48 - 00000000 ___DC C:\FRST
2017-03-06 00:29 - 2011-02-18 12:20 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E46314-3DC2-4210-B488-0F78D666A3BA}
2017-03-06 00:19 - 2012-04-03 09:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-05 23:39 - 2010-08-08 11:41 - 00000000 ____D C:\Users\DD\AppData\Local\ElevatedDiagnostics
2017-03-05 23:36 - 2013-11-26 14:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-05 23:31 - 2016-11-18 15:24 - 00000000 ____D C:\Users\DD\AppData\LocalLow\Mozilla
2017-03-05 23:16 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-05 23:16 - 2009-07-13 20:45 - 00022608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-05 23:09 - 2016-06-24 13:48 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-03-05 23:09 - 2016-06-24 13:48 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-03-05 23:09 - 2015-08-27 15:55 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 23:09 - 2011-04-30 02:20 - 05598208 ___SH C:\Users\DD\Desktop\Thumbs.db
2017-03-05 23:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-05 23:04 - 2016-06-24 13:29 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-05 20:50 - 2013-07-10 07:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-03-04 16:36 - 2012-03-19 11:43 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-04 16:34 - 2011-12-11 12:05 - 00000000 ____D C:\Users\DD\AppData\LocalLow\Temp
2017-03-04 16:33 - 2016-11-17 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-04 16:33 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-04 03:15 - 2012-06-23 19:40 - 00000000 ____D C:\Users\DD\AppData\Roaming\Skype
2017-03-02 20:38 - 2012-05-23 10:56 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-03-02 20:37 - 2013-11-26 14:53 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-01 16:09 - 2013-08-20 13:56 - 00000000 ___DC C:\AdwCleaner
2017-03-01 16:05 - 2015-03-10 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-02-28 02:28 - 2010-08-12 13:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-27 16:18 - 2012-07-13 08:43 - 02229885 _____ C:\Users\DD\AppData\Local\census.cache
2017-02-27 16:18 - 2012-07-13 08:43 - 00107222 _____ C:\Users\DD\AppData\Local\ars.cache
2017-02-27 16:10 - 2014-03-05 14:31 - 00000010 _____ C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2017-02-27 01:26 - 2014-12-25 00:08 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-27 01:26 - 2010-06-05 12:49 - 00001633 _____ C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-24 02:34 - 2013-11-07 00:04 - 00000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2017-02-23 18:15 - 2015-07-10 23:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 15:31 - 2013-08-14 23:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-22 15:27 - 2010-06-05 13:23 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 14:50 - 2011-11-12 09:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-21 19:39 - 2014-08-22 17:01 - 00000000 ____D C:\Users\DD\AppData\Local\Adobe
2017-02-21 19:39 - 2012-04-03 09:13 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 19:39 - 2012-04-03 09:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-21 19:39 - 2011-11-21 10:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 19:39 - 2011-05-18 14:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 19:39 - 2010-02-11 06:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 00:57 - 2011-12-07 14:40 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-02-15 15:21 - 2010-06-05 12:48 - 00000000 ____D C:\Users\DD
2017-02-14 19:12 - 2015-08-28 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 19:12 - 2015-08-27 15:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 19:12 - 2012-03-19 11:53 - 00000000 ___DC C:\temp
2017-02-14 19:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-14 19:11 - 2016-03-11 01:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 16:52 - 2016-12-14 18:09 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 16:52 - 2016-12-05 16:52 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-09 16:52 - 2016-11-26 23:57 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 16:52 - 2016-11-18 21:53 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 16:52 - 2016-09-01 21:54 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-09 16:52 - 2015-08-11 00:08 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 15:13 - 2016-10-07 20:54 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-09 14:57 - 2015-12-24 02:22 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 14:57 - 2015-12-24 02:22 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 14:57 - 2015-08-28 16:04 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 14:57 - 2015-08-28 11:30 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 14:57 - 2015-08-28 11:30 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-04 17:09 - 2009-07-13 21:13 - 00818406 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 17:06 - 2016-10-07 20:54 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:05 - 2015-08-27 15:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-04 17:05 - 2015-08-27 15:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-04 17:04 - 2016-10-07 20:54 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

==================== Files in the root of some directories =======

2016-11-05 01:39 - 2016-11-05 01:39 - 0000048 ____H () C:\Program Files (x86)\pkid37rhrq.dat
2012-07-13 08:43 - 2017-02-27 16:18 - 0107222 _____ () C:\Users\DD\AppData\Local\ars.cache
2012-07-13 08:43 - 2017-02-27 16:18 - 2229885 _____ () C:\Users\DD\AppData\Local\census.cache
2011-12-13 12:24 - 2011-12-13 12:24 - 0000090 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\Users\DD\AppData\Local\hm574rin7weu6s02i
2011-02-06 12:58 - 2011-02-06 12:58 - 0000036 _____ () C:\Users\DD\AppData\Local\housecall.guid.cache
2012-04-10 07:58 - 2012-10-09 10:38 - 0007610 _____ () C:\Users\DD\AppData\Local\Resmon.ResmonCfg
2014-03-05 14:31 - 2017-02-27 16:10 - 0000010 _____ () C:\Users\DD\AppData\Local\sponge.last.runtime.cache
2011-10-12 14:45 - 2011-10-12 14:45 - 0017408 _____ () C:\Users\DD\AppData\Local\WebpageIcons.db
2010-11-07 13:06 - 2010-11-11 01:21 - 0079990 _____ () C:\ProgramData\bdinstall.bin
2016-06-24 13:39 - 2016-06-24 13:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2011-03-31 23:04 - 2011-04-01 02:27 - 0010478 ___SH () C:\ProgramData\hm574rin7weu6s02i

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\atieclxx.exe
C:\Windows\SysWOW64\atiesrxx.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\regsvr.exe
C:\Windows\SysWOW64\runouce.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 17:23

==================== End of FRST.txt ============================

 


Edited by jackwill, 06 March 2017 - 04:18 AM.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 06 March 2017 - 06:20 AM

Hi jackwill.

 

Looks like I find other problem in your log. Please wait a bit while I find you a solution.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 06 March 2017 - 09:39 AM

Hi jackwill.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   2.07KB   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

Next, please open your Kaspersky Security Scan program, update it and run a full system scan. Does it found something?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 06 March 2017 - 07:14 PM

Good day Sirawit

Kaspersky found 8 problems

 

1) MIcrosoft Internet Explorer: Caching of data received via encrypted channels is enabled

 

2) MIcrosoft Internet Explorer: Sending of error reports is enabled

 

3) Microsoft Internet Explorer: Some websites saved cookies on your computer

 

4) I thought I should write this one out fully- Microsoft Internet Explorer: Home Page Reset Used to replace the user's home page with a site that contains malicious code. The user can not replace the page which causes it to be loaded every time Internet Explorer is started and which enables an attacker to gain control over the system and user data

 

5) Microsoft Internet Explorer: Some websites are added to the list of trusted websites

 

6) Autorun from hard drives is enabled

 

7) Removable media autorun is enabled

 

8) CD/DVD autorun is enabled

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by DD (06-03-2017 15:55:25) Run:5
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6 (Safe Mode).lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
ShortcutWithArgument: C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk -> C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe (Lunascape Corporation) -> hxxps://launchpage.org/?uid=qTlCBKjchx0cXu%2FWPOyVSo9wb3o6Kvo2D22l6eNH53G2cuOKA4dM%2F76LuW%2FJ0uaK1w%3D%3D
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6 (Safe Mode).lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6\Lunascape6.lnk => Shortcut argument removed successfully.
C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\DD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lunascape6.lnk => Shortcut argument removed successfully.

==== End of Fixlog 15:55:25 ====


Edited by jackwill, 06 March 2017 - 08:19 PM.


#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:20 PM

Posted 07 March 2017 - 10:13 AM

Hi jackwill.

 

If Kaspersky scan didn't detect any malware then it's fine. Now please do this next, you will need a flash drive.

 

--------------------------

Please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Then, download this Fixlist.txt file to your flash drive. Make sure this file is in the same folder as the FRST64.exe file.

Attached File  fixlist.txt   639bytes   4 downloads

  • Plug the flash drive into the infected PC.
    • If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and browse to FRST64.exe file you had downloaded on your flash drive.
  • Right click on FRST64.exe and select Run as Administrator.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Click the Fix button.
  • Wait for the tool to run, when the fix has been completed, restart your computer into normal mode, then copy and paste the content of Fixlog.txt in your flash drive to your next reply.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 07 March 2017 - 10:11 PM

Hi SIrawit

 

Can I use a CD/DVD instead of a flash drive?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users