Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wonderlandads


  • This topic is locked This topic is locked
18 replies to this topic

#1 Macattack4

Macattack4

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 03 March 2017 - 11:55 PM

I've been trying to remove this virus for around a week with no luck, I've tried around 8 different malware removal tools and nothing PLEASE HELP

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 04 March 2017 - 01:02 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 04 March 2017 - 03:00 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Jacob Macdonnell (03-03-2017 23:56:03)
Running from C:\Users\Jacob Macdonnell\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-02 21:45:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2012629126-2834295668-3335303728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2012629126-2834295668-3335303728-503 - Limited - Disabled)
Guest (S-1-5-21-2012629126-2834295668-3335303728-501 - Limited - Disabled)
Jacob Macdonnell (S-1-5-21-2012629126-2834295668-3335303728-1001 - Administrator - Enabled) => C:\Users\Jacob Macdonnell
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.4 (HKLM-x32\...\{2316BC3C-61AD-4289-8702-9DF0DFCA08ED}) (Version: 1.4 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version:  - Ensemble Studios)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
Blender (HKLM\...\{DEA73CCA-7EC9-41EA-8509-1041C1CABFD0}) (Version: 2.78.3 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.43.6254 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Chroma Sync (HKLM-x32\...\{BC8D681E-1F5D-4C68-8E3E-A9A614D66C14}) (Version: 1.1.1 - Ultrabox Entertainment Limited)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z MSI 1.74 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.74 - CPUID, Inc.)
Discord (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
Escape the Game: Intro (HKLM\...\Steam App 542310) (Version:  - Insanity Games)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Gaming Center(x64) (HKLM-x32\...\Installshield_{551A2B0B-32DC-4CDC-BCEF-1E2FCE0557E7}) (Version: 0.0.1.14 - MICRO-STAR INT'L,.LTD.)
Gaming Center(x64) (Version: 0.0.1.14 - MSI) Hidden
Geeks3D FurMark 1.18.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.0.2 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel Extreme Tuning Utility (HKLM-x32\...\{fde8aa07-3912-4bdf-ad35-ff1231bfd00d}) (Version: 6.2.0.17 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.17 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel® Online Connect Software Asset Manager (x32 Version: 3.4.2072 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.3.1 - G17 Media)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.5 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.1.0.18 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.08 - MSI)
MSI M-Cloud (HKLM-x32\...\{C2CA9595-A17F-4D28-BD6E-0E30447AF60B}}_is1) (Version: 1.0.0.21 - MSI)
MSI RAMDisk (HKLM-x32\...\{F29CF050-7278-4CDB-9EF8-2DC6DAA87453}}_is1) (Version: 1.0.0.22 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.12 - MSI)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.0 - OBS Project)
OpenIV (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.11 - Portforward, LLC)
PS4 Remote Play (HKLM-x32\...\{342B7132-283D-40BE-ADB8-FA7E8EF94F9B}) (Version: 1.5.0.08251 - Sony Interactive Entertainment Inc.)
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.2 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.116 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Snake for Chroma 1.4 (HKLM-x32\...\{E3BDE6E6-1846-42E6-B2BB-015C1520ABD0}_is1) (Version: 1.4.0 - Razer)
Snaz version 1.12.5.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.5.0 - JimsApps)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spotify (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Stranded Deep (HKLM\...\Steam App 313120) (Version:  - Beam Team Games)
TeamSpeak 3 Client (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity Web Player (HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Youtubers Life (HKLM\...\Steam App 428690) (Version:  - U-Play online)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2012629126-2834295668-3335303728-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5893443AC2BA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2012629126-2834295668-3335303728-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02024561-3158-4800-8AED-AD4F07EF189D} - System32\Tasks\{31D63067-BBFB-4D2B-9241-B711B12FA6D8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {10A6D8DA-818E-4D46-BF8B-EA1901FA0EEF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {28182C4E-C676-418E-9E61-ECA9557602DF} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper)
Task: {3291A642-B922-4125-8AC8-0861D95055E1} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {3A0BCA26-B055-47B6-8094-2BAEC52DAADF} - System32\Tasks\{FB81B219-B77F-49C3-9A37-ECF1DA72B5C5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {4F523DBB-E127-433A-A274-4654258E1FB0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-01-19] (Micro-Star INT'L CO., LTD.)
Task: {4F9E7211-5F22-415C-8458-99A146455071} - System32\Tasks\{1651594F-C80D-415F-B151-71067A7609FB} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {5100132E-F165-4A64-8A44-5EBA33BFA024} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {5BB435D5-2740-4965-B3CC-CB03DA464294} - System32\Tasks\AdobeAAMUpdater-1.0-JAKES-GAMING-PC-Jacob Macdonnell => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {5E5561CE-30CE-4854-BD10-35F2EC0FA6C4} - System32\Tasks\{AF8591A6-F42A-477F-B3DC-B9E3B8E30945} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.80.101/en/abandoninstall?page=tsProgressBar
Task: {6D92CC5B-C727-4DF9-BC6D-18230628DB3D} - System32\Tasks\topnewsonlinenetfitzismd => Chrome.exe topnewsonline.net/fitzismd
Task: {6E7C35DE-C01F-428E-80F3-684CA232FA79} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {6EA1CD53-093D-4FD3-ADC3-1448B1DEE317} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {72617711-1283-4B43-BA7F-27F97B305246} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {75DBE049-ED30-4069-9424-24140D87933E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {793DC5F4-5090-46ED-A978-EF3D379C2897} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7A299D0A-DF3D-4649-BD1F-2F2738FC07AB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe 
Task: {7A393B62-48FC-4D5A-B500-23F8BC75601F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {8AB94C2D-B105-467B-B765-B0BCA2B7DA31} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {9020621C-7158-42E7-9BC7-A987C255D205} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe 
Task: {9465CFA6-F920-4FE9-A200-87AFA1C76AB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {A4A23697-3CA4-44EE-A9BB-4B45C8E63463} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {A6162EFA-598C-4202-9915-72E86350ABE8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {A90E42E4-8526-435A-98E1-764E06C71C33} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
Task: {D5D91EA4-E8FF-4CEA-A05B-86F4E49F854A} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {D9D8A65C-8D05-4E85-AEC9-8C8334EF564C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {DEE3D3A4-C668-4618-BAC9-2D0A7AF8B56B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {E79C193B-2ED1-4213-A40D-A28981F0AC9A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {EEFA1783-18F3-47CE-8D3C-EDAB7BEE1866} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {F4151152-E409-42A2-B7EA-997C17B27C66} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {F6E36B22-2647-4455-B2FC-2F48DFF17D4F} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch\Scratch Website.lnk -> hxxp://scratch.mit.edu
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 16:29 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 00107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-05 12:15 - 2016-10-05 12:15 - 00412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2016-09-10 21:59 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 21:59 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 15:20 - 2016-09-24 15:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-01 18:41 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 18:41 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-01 16:36 - 2017-02-09 14:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-18 10:53 - 2016-06-03 12:15 - 00278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-02-18 20:29 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2016-12-13 16:29 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-15 14:48 - 2016-09-06 20:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 15:52 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-04 17:09 - 2016-10-04 17:09 - 00253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2017-01-10 15:52 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-22 15:57 - 2017-02-22 15:57 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 15:57 - 2017-02-22 15:57 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 15:57 - 2017-02-22 15:57 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 16:00 - 2017-02-06 16:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-03 22:03 - 2017-02-27 13:50 - 26044488 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2017-01-10 15:52 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 15:52 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 15:52 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 15:52 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 15:52 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-02 20:25 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-03-02 20:25 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-12-18 10:53 - 2016-06-03 12:13 - 00056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-12-18 10:53 - 2016-06-03 12:13 - 00085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-12-18 10:53 - 2016-06-03 12:13 - 00114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-12-18 10:53 - 2016-06-03 12:12 - 00021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-12-18 10:53 - 2016-04-13 16:49 - 00432320 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2017-02-18 20:31 - 2016-04-20 14:12 - 00772608 _____ () C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2017-02-24 20:13 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2016-12-18 10:53 - 2015-12-10 06:04 - 00224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-09-10 22:00 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-10 21:59 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 21:59 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-18 20:29 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2016-11-01 17:10 - 2016-12-23 10:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-11-01 17:10 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-11-01 17:10 - 2017-01-18 17:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-11-01 17:10 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-11-01 17:10 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-11-01 17:09 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-11-01 17:09 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-11-01 17:09 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-11-01 17:09 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-11-01 17:09 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-11-01 17:10 - 2017-01-18 17:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-11-01 17:09 - 2016-07-04 14:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-02 20:29 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-12 17:32 - 2017-01-12 17:32 - 01082880 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-12 17:32 - 2017-01-12 17:32 - 03750400 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-12 17:32 - 2017-01-12 17:32 - 00914432 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-12 17:32 - 2017-01-12 17:32 - 01127424 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-08-24 07:45 - 2016-08-24 07:45 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-02-20 00:10 - 2017-02-20 00:10 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-03-02 20:29 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-03-02 20:29 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-12-12 13:58 - 2017-01-04 19:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-11-01 17:10 - 2017-01-18 17:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-03-03 21:23 - 2017-03-03 21:23 - 00148992 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Local\Temp\28E1.tmp.node
2017-01-12 17:32 - 2017-01-12 17:35 - 02658304 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-12 17:33 - 2017-01-12 17:33 - 02130432 _____ () \\?\C:\Users\Jacob Macdonnell\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-03-03 16:51 - 2017-03-03 16:51 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 07:24 - 2016-08-24 07:24 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-09-10 22:00 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-10 22:00 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-10 22:00 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-10 22:00 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-10 22:00 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-10 22:00 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-10 22:00 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-15 15:04 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-10-20 01:28 - 2016-10-20 01:28 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-29 23:24 - 2017-01-02 13:26 - 00000822 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacob Macdonnell\Desktop\Wallpaper\wallpapers_29.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MSI_ActiveX_Service => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "CAM"
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\StartupApproved\Run: => "iFunBox"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{A9C9F36C-61D2-48D7-BDDE-058FA6B5B195}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{1A0434A1-69BC-4822-B72C-78AC49FD337C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{66101C02-FD09-4F66-ACDE-404D8788DA87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{D92FC4A3-231D-4034-B0FE-80E5D1DC68B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{9984E391-76CE-4478-9102-0622A3AAF7C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D91D86E7-E44E-4809-B3FB-96F75A6ECE30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{3675C284-D24E-4044-B999-9B3995921ED5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{C04496DC-6903-424F-8165-ECAE10690492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [UDP Query User{D45EB57A-E615-458E-8F2A-565BC796F2E9}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{2AD830DF-9DC6-4E0C-A7CB-C2084C760AFF}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{9DB9932C-1B30-48B2-9207-7F9A2EA20706}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [UDP Query User{CC4F9158-936F-40BB-A9D8-FBE8000AFACF}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [TCP Query User{AAD4E885-E78F-4FFC-80B4-516D2B01AF24}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [{1D365365-FA64-4C12-88A2-4E5F10056C77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7050AF6-559D-48BF-B4DE-61297AED4459}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DEF09E0-557A-41C8-9F10-50A395C0BB0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42CE1487-F8D7-451F-93A6-CD76BA762481}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A975734C-9D0F-44EA-99EA-D7FAEDEC3AE3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D98647D-BB61-407A-9E53-FA9620C6E51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{EF821E8A-18A9-4389-98E0-9E5448889FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{AF5BE023-A2D3-4BA5-803C-7C4CA9C74EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{AC4A0608-D3F9-49B5-8804-480A0849C6D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{1E0E5C2F-2D3E-49A8-825D-D91F06BB553A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20EF93D9-D839-4854-BD2C-E6D1E4673722}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{6CFACB39-0E8B-4422-B7AE-85FBCF7CF228}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{B9305E16-64BC-4635-BC2D-8C7E1C1CEB40}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [{177F6C85-7E20-440D-8898-8B0F62F67162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7AFED04E-EC78-42CF-92D8-808F930F614A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{13064B11-3298-4388-8051-ED95EC7B89A3}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{5D138A94-5DDD-4F9B-BDCD-3B214690E9F1}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{88691434-77FC-4D38-8196-0B31CFD74D59}C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe] => (Allow) C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe
FirewallRules: [UDP Query User{68B42D6E-9170-47B1-83B0-DB6C22EAFA1A}C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe] => (Allow) C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe
FirewallRules: [{99F8D487-1A87-4465-98C2-169F9456AAE8}] => (Block) C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe
FirewallRules: [{858DBCF0-8920-4132-BC2B-DA0859CB7074}] => (Block) C:\users\jacob macdonnell\desktop\x-plane 10\x-plane.exe
FirewallRules: [{1A9B35E2-42A0-48F6-856E-800F3C395D8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5887085C-417E-4FF0-B218-7CB1228D2864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{99527750-FDCC-4283-ABDD-24C078C8A543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{C28E4236-A19C-4A24-A0E9-6DF2B2C3004F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{26C9CD1B-0520-4D91-AEB3-DADC68E823C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{2A2B4EA6-5E6F-4E6E-B0D5-FA7E0E6573BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YoutubersLife\YoutubersLife.exe
FirewallRules: [{0C64D4F8-3511-4675-A2CD-EB9A8DA74E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{3F5D77A9-5F26-44A2-94C1-A096E48C5A86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{BA46BC0E-DB44-4764-9278-E0052BCD113F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{8BBCE379-F703-4F41-B2A9-8E9B248C82D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{4BB8897D-B87F-4245-ACF6-33F4A1C20561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{B4ED83F9-43A8-425B-A42A-26AE0EB425E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [TCP Query User{1EC9BA46-E17C-478A-A576-481545F31E49}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{AABEA836-0CC1-4BAF-97F2-A74247096D1E}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{2E775316-9AFB-4FD5-B805-4A50A77E689A}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{9381A95F-5E2B-48D5-94FE-DAE1FFF627E6}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{A754C98C-E394-422F-B985-2FA424537388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{123EDB4F-D8B2-43A7-AFE7-D7D16DEBE699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{EE65CD5D-A02A-4652-B4C8-4E1C23733AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe
FirewallRules: [{4A5E8993-5C25-41A3-A590-3B0C4692443F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape the Game\EscapeTheGame.exe
FirewallRules: [TCP Query User{48861E2C-87B4-461D-A55D-86DC1E6706CB}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{DE32767D-6DAD-4938-B609-E87F2D8438B2}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{9D878E1D-B4E6-4D22-B86B-6B382DF8D6AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{53A39764-FDDD-4E47-9981-1099DDBBAEBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{8A8CB5A4-6288-4C45-8D56-77DAD7903F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{73F17B19-71D3-4D9A-9623-5F221560728F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{AD09EE7A-4622-4A2B-8CAF-E6559E858568}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{BB5099CF-ADA8-45B7-BC25-BD8A583B2616}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{D95B0BF0-A989-430F-90AA-F309F9AEA377}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{A76F5DF4-8478-4C6C-BED4-04A592668BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{51D07444-CDC8-434D-B1FF-AAF3E20535DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{8D83CA55-1ADC-4526-B0B8-18A005BC2353}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{6A1C5A0B-7E35-443F-8110-29241FEB3E8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{944D49E4-B59D-4F58-B0BC-F9E2C27C8D9D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FB4A76B8-A8EB-423F-BDE2-6E5F5C5106C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{052B469F-EBE4-4826-86F1-ADF3B1AD342B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C61FD3E4-D0E6-4AEA-AA19-6E2222288964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5E31AB14-97EB-4186-9449-52B8E29BC7F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{87F013BC-4A54-461D-8FB7-1C527B8A8A93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{169DA7E6-30A3-41B2-9C83-A0A39832B71A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{69746754-6EEA-4482-9951-C94D7AFB7972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{DBFB1D70-DABD-4B42-9BAB-11BA23A8A241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [TCP Query User{32F7A17A-97E6-498F-B5E8-50407AE3001C}C:\rustserver\rustdedicated.exe] => (Allow) C:\rustserver\rustdedicated.exe
FirewallRules: [UDP Query User{6C4D5837-99D8-44A7-8A89-34D10452943B}C:\rustserver\rustdedicated.exe] => (Allow) C:\rustserver\rustdedicated.exe
FirewallRules: [{ECFB8DEA-2E34-456A-BE59-E42B3C8BD160}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{B67E7A71-49D3-494E-827A-25293B2B14B7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{ED8E1562-C08D-44D6-BC10-BF1B76B36226}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{320CB41B-B38C-448E-B422-62C05FF8A8E1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F8C2616B-1DCD-493E-9420-3512CA4B05F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{F445DFC1-66B1-404A-9FFF-B5E56EE30ADD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{928EFA1A-34FB-4BD1-86FC-8328C057805A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FCA0550E-BE26-4612-9CCF-EDAE4CB04A34}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{5E56B6EC-E0E7-4A45-ADB3-4CE0569C6711}C:\users\jacob macdonnell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jacob macdonnell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75763CAC-4793-432B-9F92-A8552FC00D93}C:\users\jacob macdonnell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jacob macdonnell\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D797EFD7-7A72-4319-804D-426B5ACB41B4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6236556B-F7B2-43FF-B1E8-C59CBB03CC23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{AC967238-84A7-46C7-9083-3C9E4F189A74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3736235F-B281-4019-8BC5-EAB23D8997A1}] => (Allow) LPort=27018
FirewallRules: [{2DC61308-4F47-4D12-A898-1824F2CDA982}] => (Allow) LPort=27018
FirewallRules: [TCP Query User{CC78BBF1-8983-4C80-A205-08F1203F8C26}C:\users\jacob macdonnell\desktop\fivereborn\fivereborn.exe] => (Allow) C:\users\jacob macdonnell\desktop\fivereborn\fivereborn.exe
FirewallRules: [UDP Query User{7BD4E276-9D97-4F8F-9ADC-5F97AA6863B7}C:\users\jacob macdonnell\desktop\fivereborn\fivereborn.exe] => (Allow) C:\users\jacob macdonnell\desktop\fivereborn\fivereborn.exe
FirewallRules: [{8A1CA409-0BA0-4CFB-8C29-D046196AE3DA}] => (Allow) C:\Users\Jacob Macdonnell\Desktop\ArkServer\Servers\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{E11A1EE7-1529-4769-8E0D-8A5A4CC030F9}] => (Allow) C:\Users\Jacob Macdonnell\Desktop\ArkServer\Servers\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{2209726B-5CCF-46BB-82B4-8AB3E984FE4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{A76AEC78-1F61-4111-93DB-90D1117899B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{75708CC6-E888-4F27-91AC-E8C688618D90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{70837417-C4B3-4680-B41E-99AE8A318F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{65A8A27E-41AD-47F9-896E-2200C2575685}] => (Allow) LPort=26789
FirewallRules: [{BFDD66D9-4E24-4CEF-A627-21300AFC3D55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4F0F5902-2F9C-4120-903A-2D5C35DFBB8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{5FDC5883-9E12-4B91-860E-E1651EA921E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{2C336771-CBD8-459D-A0A5-896785CD6F1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{C9F27A72-3E49-490A-B386-8A1AE48F6E5D}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{596AD44F-4D27-44E0-88FA-5D099B671D21}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{7C387092-664A-47B2-A220-599089AA106D}C:\program files (x86)\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\java.exe
FirewallRules: [UDP Query User{C4153B6B-3377-470B-965D-225547A60258}C:\program files (x86)\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\java.exe
FirewallRules: [{E1C597F7-B8DF-4EF6-B8CF-38E3E272203F}] => (Allow) LPort=9143
FirewallRules: [{E88761AF-A143-467D-A116-6AF23E635514}] => (Allow) LPort=2333
FirewallRules: [{00E7919E-3AC0-4A08-85AD-1C4778882364}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{B2F5E365-5D94-4D32-AF99-3881B09E6681}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [TCP Query User{7EE3831B-507A-4CC9-ABE5-E1D2D8145CB7}S:\applications\google\chrome\application\chrome.exe] => (Allow) S:\applications\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E12EE0F4-AA84-44A9-8DD3-DF7898049783}S:\applications\google\chrome\application\chrome.exe] => (Allow) S:\applications\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D3E91AA6-1D5C-436D-8B8B-161563B9C92E}C:\users\jacob macdonnell\desktop\google\chrome\application\chrome.exe] => (Allow) C:\users\jacob macdonnell\desktop\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{69CF2BC6-0776-4F09-89C8-9A40813BDE7E}C:\users\jacob macdonnell\desktop\google\chrome\application\chrome.exe] => (Allow) C:\users\jacob macdonnell\desktop\google\chrome\application\chrome.exe
FirewallRules: [{FDD200CA-15A1-406F-8A5B-E2988EF65D91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1215F205-8665-422F-B618-C4E70C797963}] => (Allow) S:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{68E1ACC9-A549-4C6A-9AC4-1132776C87D4}] => (Allow) S:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{C871C3B7-31DB-4B37-82B8-847204BCEE69}] => (Allow) S:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5FFA1709-5671-427E-97C5-AE175BEDF64B}] => (Allow) S:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F488166F-875C-45EC-876A-67659BE1DFB8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8F84DC51-3F49-43C8-8D24-61B6B4A08B81}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{432C48C2-D8A3-4546-A27A-42B1E84FB49A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9A003B5A-BD56-4BE6-AE98-FF78D32678E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{25CF7D02-8546-46BC-8141-12995733DCA4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6B7D5410-714B-4D74-8FE9-4D55D21572DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E29F1FD-3520-4612-8CE3-47278C92E245}] => (Allow) LPort=24680
 
==================== Restore Points =========================
 
01-03-2017 17:01:51 Removed Blender
02-03-2017 19:42:56 Removed CAM
03-03-2017 17:12:31 JRT Pre-Junkware Removal
03-03-2017 17:28:35 JRT Pre-Junkware Removal
03-03-2017 21:12:23 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2017 11:35:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (03/03/2017 11:35:08 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (03/03/2017 11:34:52 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (03/03/2017 11:34:52 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (03/03/2017 10:05:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/03/2017 09:22:28 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
 
Error: (03/03/2017 09:21:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/03/2017 09:20:38 PM) (Source: Service1) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.ArgumentNullException: Value cannot be null.
Parameter name: path
   at System.IO.Directory.GetParent(String path)
   at GamingApp_Service.Service1.WriteErrLog(String Content)
   at GamingApp_Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
 
Error: (03/03/2017 09:17:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine %1.  hr = %2.
%3
 
Error: (03/03/2017 09:17:26 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID %1 and name %2 cannot be started. [%3]
%4
 
 
System errors:
=============
Error: (03/03/2017 09:24:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (03/03/2017 09:22:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the Intel® Online Connect Helper service.
 
Error: (03/03/2017 09:22:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 09:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/03/2017 09:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/03/2017 09:21:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Hamachi2Svc service to connect.
 
Error: (03/03/2017 09:21:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (03/03/2017 09:19:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:18:43 PM on ‎3/‎3/‎2017 was unexpected.
 
Error: (03/03/2017 09:15:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2017 09:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeUpdateService service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-03-03 21:20:44.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:44.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:44.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:42.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:40.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:40.989
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:20:37.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:13:58.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:13:58.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-03 21:12:21.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 68%
Total physical RAM: 8152.12 MB
Available physical RAM: 2565.27 MB
Total Virtual: 13272.12 MB
Available Virtual: 8397.42 MB
 
==================== Drives ================================
 
Drive b: (RAMDisk) (Fixed) (Total:0.25 GB) (Free:0.25 GB) FAT
Drive c: (Storage/Windows) (Fixed) (Total:930.96 GB) (Free:286.32 GB) NTFS
Drive j: (Seagate 1TB Backup ) (Fixed) (Total:931.32 GB) (Free:350.18 GB) NTFS
Drive s: (SSD) (Fixed) (Total:238.35 GB) (Free:161.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Jacob Macdonnell (administrator) on JAKES-GAMING-PC (03-03-2017 23:52:53)
Running from C:\Users\Jacob Macdonnell\Desktop
Loaded Profiles: Jacob Macdonnell (Available Profiles: Jacob Macdonnell)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\M-Cloud\MSI_Cloud_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Spotify Ltd) C:\Users\Jacob Macdonnell\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Hammer & Chisel, Inc.) C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\Discord.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hammer & Chisel, Inc.) C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\Discord.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\Discord.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [LEDBarController] => C:\Program Files\WMIHook\WMIHookBtnFn\LEDBarController.exe [43056 2015-09-18] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [SilentFanControl] => C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe [243248 2015-09-16] (MICRO-STAR INT'L,.LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [13396944 2017-02-07] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1022928 2017-01-05] (MSI)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [Spotify Web Helper] => C:\Users\Jacob Macdonnell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-14] (Spotify Ltd)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [Spotify] => C:\Users\Jacob Macdonnell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-14] (Spotify Ltd)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [mailruhomesearch] => [X]
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [Discord] => C:\Users\Jacob Macdonnell\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\RunOnce: [Uninstall C:\Users\Jacob Macdonnell\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jacob Macdonnell\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\RunOnce: [Uninstall C:\Users\Jacob Macdonnell\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jacob Macdonnell\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1"
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
Startup: C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2016-07-27]
ShortcutTarget: DS4Windows.lnk -> C:\Users\Jacob Macdonnell\Desktop\PC Apps\DS4Windows.exe ()
BootExecute: autocheck autochk /r \??\B:autocheck autochk * bootdelete
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{471d0d8b-9379-475c-b6c4-808e63e4d3b1}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\S-1-5-21-2012629126-2834295668-3335303728-1001 -> {A02646E7-2854-464E-8D1D-447D645B07FB} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2012629126-2834295668-3335303728-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacob Macdonnell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Docs) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-03]
CHR Extension: (YouTube) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-03]
CHR Extension: (Gmail) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2017-02-18] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-02] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-02] (BlueStack Systems, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [47056 2017-01-12] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-10-13] (Micro-Star INT'L CO., LTD.)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-23] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel® Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [68024 2017-01-18] (Micro-Star INT'L CO., LTD.)
R2 MSI_Cloud_Service; C:\Program Files (x86)\MSI\M-Cloud\MSI_Cloud_Service.exe [97232 2016-02-19] (Micro-Star Int'l Co., Ltd.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286544 2017-02-07] (Micro-Star INT'L CO., LTD.)
R2 MSI_RAMDisk_Service; C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe [70608 2016-12-02] (Micro-Star Int'l Co., Ltd.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [164304 2017-01-05] (MSI)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-24] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-24] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-02-14] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [163688 2016-08-02] (Sophos Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WMI_Hook_Service; C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe [155696 2015-09-21] (MICRO-STAR INT'L,.LTD.)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18232 2016-10-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [282424 2016-08-29] (Intel Corporation)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2016-09-06] (Highresolution Enterprises [www.highrez.co.uk])
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MSI)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-03] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NTIOLib_MB; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14800 2017-02-02] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-03-02] (Greatis Software)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-08-15] ()
R2 RAMDriv; C:\WINDOWS\system32\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R2 RAMDriv; C:\Windows\SysWOW64\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-08] ()
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-08-31] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-03] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [43472 2016-09-24] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 cpuz141; \??\C:\Users\JACOBM~1\AppData\Local\Temp\cpuz141\cpuz141_x64.sys [X] <==== ATTENTION
S3 NTIOLib_OCKit_MB; \??\C:\Program Files (x86)\MSI\MSI OC Kit\Driver_Service\NTIOLib_X64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 23:52 - 2017-03-03 23:55 - 00031396 _____ C:\Users\Jacob Macdonnell\Desktop\FRST.txt
2017-03-03 23:52 - 2017-03-03 23:52 - 00000000 ____D C:\FRST
2017-03-03 23:51 - 2017-03-03 23:52 - 02423808 _____ (Farbar) C:\Users\Jacob Macdonnell\Desktop\FRST64.exe
2017-03-03 22:04 - 2017-03-03 22:04 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-03 22:03 - 2017-03-03 22:03 - 00000914 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-03 22:03 - 2017-03-03 22:03 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-03 22:03 - 2017-03-03 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-03 22:03 - 2017-03-03 22:03 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-03 21:26 - 2017-03-03 21:26 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-03 21:26 - 2017-03-03 21:26 - 00000000 ____D C:\ProgramData\Sophos
2017-03-03 21:26 - 2017-03-03 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-03 21:25 - 2017-03-03 21:25 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-03 21:06 - 2017-03-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-03 19:18 - 2017-03-03 19:18 - 00000000 ___HD C:\OneDriveTemp
2017-03-03 19:01 - 2017-03-03 19:59 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Google
2017-03-03 18:56 - 2017-03-03 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-03-03 17:17 - 2017-03-03 17:17 - 00002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-03-03 17:17 - 2017-03-03 17:17 - 00002587 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2017-03-03 17:17 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-03-03 17:09 - 2017-03-03 17:10 - 01663736 _____ (Malwarebytes) C:\Users\Jacob Macdonnell\Desktop\JRT.exe
2017-03-03 16:54 - 2017-03-03 22:24 - 00000000 ___HD C:\$AVG
2017-03-03 16:53 - 2017-03-03 22:25 - 00000000 ____D C:\ProgramData\MFAData
2017-03-03 16:51 - 2017-03-03 17:16 - 00000000 ____D C:\ProgramData\Avg
2017-03-03 16:51 - 2017-03-03 17:16 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-03 16:51 - 2017-03-03 17:13 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-03-03 16:25 - 2017-03-03 20:13 - 00000000 ____D C:\ProgramData\STOPzilla!
2017-03-03 16:25 - 2017-03-03 16:25 - 00000000 ____D C:\Program Files\iS3
2017-03-02 20:52 - 2017-03-02 20:52 - 00001143 _____ C:\Users\Jacob Macdonnell\Desktop\FiveReborn.exe - Shortcut.lnk
2017-03-02 20:29 - 2017-03-02 20:29 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Discord
2017-03-02 20:04 - 2017-03-02 20:29 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-03-02 20:00 - 2017-03-02 20:29 - 00002307 _____ C:\Users\Jacob Macdonnell\Desktop\Discord.lnk
2017-03-02 19:53 - 2017-03-03 21:22 - 00002363 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 19:53 - 2017-03-03 21:22 - 00002351 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-02 18:43 - 2017-03-03 22:22 - 00482016 _____ C:\WINDOWS\ntbtlog.txt
2017-03-02 17:19 - 2017-03-02 17:19 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-03-02 17:18 - 2017-03-02 17:24 - 00000000 ____D C:\Users\Public\Documents\RegRunInfo
2017-03-02 16:38 - 2017-03-02 17:27 - 00000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2017-03-02 16:37 - 2017-03-02 19:01 - 00000000 ____D C:\Program Files (x86)\Stronghold AntiMalware
2017-03-02 16:27 - 2017-03-02 16:27 - 00001981 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-02 16:27 - 2017-03-02 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-02 16:27 - 2017-03-02 16:27 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-02 16:12 - 2017-03-02 16:12 - 00000000 _____ C:\autoexec.bat
2017-03-02 15:32 - 2017-03-02 17:03 - 00000248 _____ C:\WINDOWS\SysWOW64\PARTIZLO.EXE
2017-03-01 21:49 - 2017-03-01 21:49 - 00000000 ____D C:\ProgramData\RegRun
2017-03-01 21:44 - 2017-03-01 21:44 - 00002152 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2017-03-01 21:26 - 2017-03-02 17:21 - 00000000 ____D C:\Users\Jacob Macdonnell\Documents\RegRun2
2017-03-01 21:26 - 2017-03-02 17:18 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-03-01 21:26 - 2017-03-02 17:18 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-03-01 21:26 - 2017-03-02 17:18 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-03-01 21:26 - 2017-03-02 17:18 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-03-01 21:19 - 2017-03-03 19:04 - 00000000 ____D C:\AdwCleaner
2017-03-01 19:29 - 2017-03-03 21:21 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-01 18:41 - 2017-03-03 22:22 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-01 18:41 - 2017-03-03 21:21 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 18:41 - 2017-03-03 21:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-01 18:41 - 2017-03-03 19:14 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-01 18:41 - 2017-03-01 18:41 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-01 18:41 - 2017-03-01 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 18:41 - 2017-03-01 18:41 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-01 18:41 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-01 17:21 - 2017-03-02 18:25 - 00003268 _____ C:\WINDOWS\System32\Tasks\CAM
2017-03-01 17:20 - 2017-03-01 17:20 - 00000000 ____D C:\Program Files (x86)\NZXT
2017-03-01 17:05 - 2017-03-01 17:05 - 00001168 _____ C:\Users\Jacob Macdonnell\Desktop\blender.lnk
2017-03-01 17:05 - 2017-03-01 17:05 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-01 17:05 - 2017-03-01 17:05 - 00000000 ____D C:\Program Files\Blender Foundation
2017-03-01 16:54 - 2017-03-01 16:54 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\LocalLow\Unity
2017-03-01 16:54 - 2017-03-01 16:54 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Unity
2017-03-01 16:52 - 2017-03-01 16:54 - 00003794 _____ C:\WINDOWS\System32\Tasks\topnewsonlinenetfitzismd
2017-02-28 21:28 - 2017-02-28 21:28 - 05196761 _____ C:\Users\Jacob Macdonnell\Desktop\The_Prismarine_Lab_v1.2.zip
2017-02-28 21:27 - 2017-02-28 21:27 - 00928856 _____ C:\Users\Jacob Macdonnell\Desktop\Make_It_Break_It_Double.zip
2017-02-28 18:25 - 2017-02-28 18:35 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-28 18:25 - 2017-02-28 18:25 - 00000000 ____D C:\Program Files\Realtek
2017-02-28 18:25 - 2017-01-11 11:38 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-02-28 18:25 - 2017-01-11 11:38 - 09124224 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-02-28 18:25 - 2017-01-11 11:38 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-02-28 18:25 - 2017-01-11 11:38 - 05545472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-02-28 18:25 - 2017-01-11 11:38 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03203424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-02-28 18:25 - 2017-01-11 11:38 - 02830480 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 02201600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 02190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 02110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 01920870 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-02-28 18:25 - 2017-01-11 11:38 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 01353824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 01003512 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00873464 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00866096 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00859912 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00854208 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00726112 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00514872 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-02-28 18:25 - 2017-01-11 11:38 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 14057248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 13122576 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 12988344 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 10536160 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 06244200 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 05922376 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 05593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 02291304 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 02050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01422920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01334376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01213656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01186840 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01166152 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 01003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00999848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00931616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00923736 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00678176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00677672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00618184 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00588032 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00426568 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00366120 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00330560 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-02-28 18:24 - 2017-01-11 11:38 - 00179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 06264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 05347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 03302272 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 02444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01516896 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01363096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 01133584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00785608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00514520 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00500552 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00428224 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-02-28 18:24 - 2017-01-11 11:37 - 00105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-02-28 18:14 - 2017-02-28 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2017-02-28 18:04 - 2017-02-28 18:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-28 16:55 - 2017-02-28 17:00 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\Intro
2017-02-28 16:54 - 2017-02-28 16:54 - 89856017 _____ C:\Users\Jacob Macdonnell\Desktop\Intro.zip
2017-02-27 21:36 - 2017-02-27 21:34 - 03561425 ____T C:\Users\Jacob Macdonnell\Downloads\salvia PROJECT.pptx
2017-02-27 19:16 - 2017-02-27 19:16 - 00000205 _____ C:\Users\Jacob Macdonnell\Desktop\Minecraft.url
2017-02-27 19:08 - 2017-02-27 19:16 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\Minecraft Server 1.10.2
2017-02-27 18:57 - 2017-02-27 18:57 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\TunkDesign
2017-02-27 18:56 - 2017-02-27 18:56 - 02104440 _____ C:\Users\Jacob Macdonnell\Desktop\Assisted.zip
2017-02-26 15:48 - 2017-02-26 15:48 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.TXT
2017-02-26 15:48 - 2017-02-26 15:48 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.EXIT
2017-02-26 15:02 - 2017-02-26 15:02 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-26 15:02 - 2017-02-26 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-26 15:01 - 2017-03-01 15:10 - 00000000 ____D C:\Program Files\WinRAR
2017-02-26 14:59 - 2017-02-26 14:59 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\7LibraryV7
2017-02-25 20:20 - 2017-03-03 20:40 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\Minecraft Server
2017-02-25 13:53 - 2017-02-25 13:53 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign9ba5584fbb70d1f7
2017-02-25 13:53 - 2017-02-25 13:53 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign5e17ed3fcebc3660
2017-02-25 13:25 - 2017-02-25 13:25 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsigne634aa694b22fd9b
2017-02-25 13:25 - 2017-02-25 13:25 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign52cd53f48566bb9f
2017-02-25 13:21 - 2017-02-25 13:21 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign8dc0016cd1f0bc8d
2017-02-25 13:18 - 2017-02-25 13:18 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign9ec31266937607d7
2017-02-25 13:18 - 2017-02-25 13:18 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign5878439e6aade7f7
2017-02-24 21:02 - 2016-03-10 00:26 - 00343448 _____ (Micro-Star Int'l Co., Ltd.) C:\WINDOWS\SysWOW64\RAMDiskImage.exe
2017-02-24 21:02 - 2016-03-10 00:19 - 00089600 _____ (Micro-Star Int'l Co., Ltd.) C:\WINDOWS\SysWOW64\RAMDriv.dll
2017-02-24 21:02 - 2016-03-10 00:02 - 00086936 _____ (Micro-Star Int'l Co., Ltd.) C:\WINDOWS\SysWOW64\Drivers\RAMDriv.sys
2017-02-24 20:32 - 2017-02-28 18:25 - 00000000 ____D C:\WINDOWS\system32\DAX3
2017-02-23 18:17 - 2017-02-23 18:17 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\EasyAntiCheat
2017-02-23 18:17 - 2017-02-23 18:17 - 00000000 ____D C:\Users\Jacob Macdonnell\ansel
2017-02-22 18:52 - 2017-02-22 18:52 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\HirezLauncherUI
2017-02-22 18:51 - 2017-03-03 21:20 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-22 18:51 - 2017-02-22 18:55 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-02-22 18:51 - 2017-02-22 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-02-19 21:09 - 2017-02-19 21:09 - 00000043 _____ C:\Users\Jacob Macdonnell\AppData\Roaming\TheHunterSettings_steam_live.cfg
2017-02-19 21:08 - 2017-02-19 21:22 - 00000098 _____ C:\Users\Jacob Macdonnell\AppData\Roaming\LauncherSettings_live.cfg
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\Users\Jacob Macdonnell\Documents\theHunter
2017-02-19 21:07 - 2017-02-19 21:07 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\theHunter
2017-02-19 21:04 - 2017-02-19 21:04 - 00000000 ____D C:\ProgramData\Hunter
2017-02-18 20:31 - 2017-02-18 20:31 - 00003190 _____ C:\WINDOWS\System32\Tasks\MSIGH_Host
2017-02-18 20:31 - 2017-02-18 20:31 - 00003132 _____ C:\WINDOWS\System32\Tasks\MSIOSDx86_Host
2017-02-18 20:31 - 2017-02-18 20:31 - 00003132 _____ C:\WINDOWS\System32\Tasks\MSIOSDx64_Host
2017-02-18 20:31 - 2017-02-18 20:31 - 00003058 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2017-02-18 20:29 - 2017-02-18 20:29 - 00001137 _____ C:\Users\Public\Desktop\MSI Gaming APP.lnk
2017-02-18 20:29 - 2015-08-18 09:51 - 01692840 _____ (MSI) C:\WINDOWS\SysWOW64\muachost.exe
2017-02-18 19:03 - 2017-02-18 19:03 - 00001923 _____ C:\Users\Jacob Macdonnell\Desktop\Unturned.exe - SERVER START.lnk
2017-02-17 19:29 - 2017-02-24 22:04 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\EnhancedReborn
2017-02-17 16:33 - 2017-02-17 16:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:33 - 2017-02-09 14:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:33 - 2017-01-25 16:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:33 - 2017-01-25 16:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:33 - 2017-01-25 16:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:33 - 2017-01-25 16:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:30 - 2017-02-09 18:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00719856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00618416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-17 16:30 - 2017-02-09 18:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-15 20:23 - 2017-02-15 20:23 - 05592528 _____ C:\Users\Jacob Macdonnell\Desktop\vicz_sign_3.dds
2017-02-15 16:06 - 2017-02-15 16:11 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\CHARGER
2017-02-14 19:18 - 2017-02-14 19:18 - 00000000 ____D C:\ProgramData\Brother
2017-02-14 19:18 - 2017-02-14 19:18 - 00000000 _____ C:\WINDOWS\BRPARAM.INI
2017-02-14 18:31 - 2017-02-14 18:31 - 22369744 _____ C:\Users\Jacob Macdonnell\Desktop\chgr_sign_2.dds
2017-02-14 18:29 - 2017-02-14 18:29 - 16777344 _____ C:\Users\Jacob Macdonnell\Desktop\exp_sign_3.dds
2017-02-14 18:26 - 2017-02-14 18:26 - 23775802 _____ C:\Users\Jacob Macdonnell\Desktop\2011_CVPI_V1.9L_ELS.zip
2017-02-14 18:21 - 2017-02-14 18:22 - 10221660 _____ C:\Users\Jacob Macdonnell\Desktop\LSPD SKIN PACK Feb 2017 _1.3_.rar
2017-02-14 17:58 - 2017-02-14 17:58 - 00114816 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2017-02-14 17:58 - 2017-02-14 17:58 - 00104576 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2017-02-14 17:58 - 2017-02-14 17:58 - 00048776 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll
2017-02-14 16:50 - 2017-02-14 16:50 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-14 16:50 - 2017-02-14 16:50 - 00001050 _____ C:\WINDOWS\system32\bootdelete.lst
2017-02-14 16:28 - 2017-02-14 16:50 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-13 18:59 - 2017-02-13 18:59 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\CitizenFX
2017-02-13 18:59 - 2017-02-13 18:59 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\DigitalEntitlements
2017-02-13 09:18 - 2017-02-24 20:13 - 00002047 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2017-02-13 09:00 - 2017-02-13 09:00 - 00000619 _____ C:\Users\Jacob Macdonnell\Desktop\Windows 10 key.vbs
2017-02-12 13:48 - 2017-02-25 15:57 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\DOJ FILES
2017-02-11 14:37 - 2017-02-11 14:37 - 00000044 _____ C:\Users\Jacob Macdonnell\Documents\Teamspeak Backup code.txt
2017-02-11 14:35 - 2017-02-11 14:35 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\TeamSpeak 3
2017-02-11 14:35 - 2017-02-11 14:35 - 00000000 ____D C:\Users\Jacob Macdonnell\.TeamSpeak 3
2017-02-11 10:38 - 2017-02-28 18:14 - 00001027 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2017-02-11 10:06 - 2017-02-11 10:08 - 74556786 _____ C:\Users\Jacob Macdonnell\Desktop\All Blue LSSD Pack.rar
2017-02-10 23:30 - 2017-02-10 23:30 - 17604382 _____ C:\Users\Jacob Macdonnell\Desktop\FPIS Liberty.rar
2017-02-09 21:20 - 2017-02-09 21:20 - 00000000 ____D C:\ProgramData\For Honor
2017-02-05 11:44 - 2017-02-05 11:45 - 46874075 _____ C:\Users\Jacob Macdonnell\Desktop\2016 Unmarked SRT PotatoCat.rar
2017-02-05 11:44 - 2017-02-05 11:44 - 11102362 _____ C:\Users\Jacob Macdonnell\Desktop\Pierce LAFD Firetruck By PimDSLR.zip
2017-02-04 22:19 - 2017-03-01 21:44 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-02-04 22:19 - 2017-03-01 21:41 - 00000059 _____ C:\Users\Jacob Macdonnell\AppData\Local\UserProducts.xml
2017-02-04 22:19 - 2017-02-04 22:19 - 00000000 ____D C:\Users\Jacob Macdonnell\Documents\Lightshot
2017-02-04 17:10 - 2017-02-04 17:10 - 14108022 _____ C:\Users\Jacob Macdonnell\Desktop\038219-Weapon Sounds Overhaul.rar
2017-02-04 17:10 - 2017-02-04 17:10 - 05547550 _____ C:\Users\Jacob Macdonnell\Desktop\1a7d7f-Glock.rar
2017-02-04 14:26 - 2017-02-04 14:27 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\SymbolSourceSymbols
2017-02-04 14:26 - 2017-02-04 14:26 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\NuGet
2017-02-04 14:26 - 2017-02-04 14:26 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\RefSrcSymbols
2017-02-04 14:25 - 2017-02-04 14:25 - 57128632 _____ (JetBrains) C:\Users\Jacob Macdonnell\Desktop\dotPeek64.2016.3.2.exe
2017-02-04 14:25 - 2017-02-04 14:25 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-02-04 14:24 - 2017-02-04 14:26 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\JetBrains
2017-02-04 14:24 - 2017-02-04 14:26 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\JetBrains
2017-02-04 14:22 - 2017-02-04 14:22 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Mael
2017-02-04 12:40 - 2017-02-18 20:31 - 00001852 _____ C:\Users\Public\Desktop\Dragon Eye.lnk
2017-02-03 21:31 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-02-02 19:39 - 2017-02-02 19:39 - 00002872 _____ C:\Users\Jacob Macdonnell\Desktop\Alfredo Helper 0.0.4.rar
2017-02-02 19:38 - 2017-02-02 19:38 - 00043277 _____ C:\Users\Jacob Macdonnell\Desktop\14719f-A.I police pursuit disabler 1.0.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 23:52 - 2016-08-16 12:37 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-03-03 22:24 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-03 22:21 - 2016-09-01 16:28 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\AvgSetupLog
2017-03-03 21:42 - 2016-08-02 13:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-03 21:35 - 2016-07-26 22:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-03 21:35 - 2016-07-26 22:40 - 00000000 ____D C:\ProgramData\Skype
2017-03-03 21:29 - 2016-07-27 12:55 - 00000000 ___RD C:\Users\Jacob Macdonnell\Desktop\PC Apps
2017-03-03 21:28 - 2016-08-02 13:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 21:28 - 2016-07-26 22:22 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-03 21:24 - 2017-01-14 14:04 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Spotify
2017-03-03 21:24 - 2017-01-14 14:03 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Spotify
2017-03-03 21:24 - 2016-07-27 11:24 - 00000000 ___RD C:\Users\Jacob Macdonnell\OneDrive
2017-03-03 21:23 - 2016-09-24 09:54 - 00000000 ___RD C:\Users\Jacob Macdonnell\iCloudDrive
2017-03-03 21:20 - 2016-08-02 13:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 21:18 - 2016-07-15 22:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 21:06 - 2016-08-16 22:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-03 20:35 - 2016-07-27 12:32 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\.minecraft
2017-03-03 19:18 - 2017-01-26 15:42 - 00003312 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-03 19:17 - 2016-07-27 11:24 - 00002415 _____ C:\Users\Jacob Macdonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-03 18:29 - 2016-07-27 13:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-03 17:41 - 2016-12-19 14:22 - 00002534 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-03-03 16:59 - 2016-08-02 13:41 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{018F5AF6-D075-4ADE-863C-5F53ACE41AA2}
2017-03-03 16:57 - 2016-07-15 22:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-03 16:55 - 2016-09-01 16:28 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Avg
2017-03-03 16:45 - 2016-09-02 14:28 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\CrashDumps
2017-03-03 16:32 - 2016-09-10 18:43 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\TS3Client
2017-03-03 16:17 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-03 16:17 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-03 07:54 - 2016-08-26 12:33 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Adobe
2017-03-02 21:46 - 2016-08-19 13:51 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Deployment
2017-03-02 21:36 - 2016-08-22 11:03 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-03-02 20:29 - 2016-09-27 17:01 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\SquirrelTemp
2017-03-02 20:25 - 2016-07-26 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 20:24 - 2016-08-02 13:41 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-02 20:24 - 2016-08-02 13:41 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-02 19:01 - 2016-07-27 19:26 - 00000000 ____D C:\Program Files (x86)\Belarc
2017-03-02 18:43 - 2016-07-28 22:58 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-02 18:25 - 2016-08-02 13:33 - 00000000 ____D C:\Users\Jacob Macdonnell
2017-03-02 16:35 - 2016-07-26 22:40 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Skype
2017-03-02 11:34 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 21:06 - 2016-09-02 09:41 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\Ubisoft Game Launcher
2017-03-01 17:06 - 2016-08-28 10:26 - 00000000 ____D C:\Users\Jacob Macdonnell\.thumbnails
2017-03-01 16:52 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-01 16:52 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-28 18:35 - 2017-01-28 17:07 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2017-02-28 18:26 - 2016-08-14 16:01 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-02-28 18:25 - 2016-08-02 13:30 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-02-28 18:24 - 2016-07-26 21:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 18:11 - 2015-10-29 23:24 - 00000155 _____ C:\WINDOWS\win.ini
2017-02-28 17:53 - 2016-07-27 11:24 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\ElevatedDiagnostics
2017-02-28 17:22 - 2016-09-04 14:54 - 00000000 ____D C:\ProgramData\Origin
2017-02-28 17:20 - 2016-09-04 14:56 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\Origin
2017-02-27 21:43 - 2016-08-17 15:56 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-27 21:40 - 2016-09-22 19:09 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\vlc
2017-02-27 20:04 - 2016-07-27 12:31 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-26 14:56 - 2016-11-01 19:22 - 00000000 ____D C:\Users\Jacob Macdonnell\Desktop\Wallpaper
2017-02-25 20:02 - 2016-07-26 21:04 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-25 17:54 - 2016-12-17 18:48 - 00560168 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-24 21:02 - 2016-07-26 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-02-24 21:02 - 2016-07-26 21:28 - 00000000 ____D C:\Program Files (x86)\MSI
2017-02-24 21:01 - 2016-07-26 21:28 - 00000000 ____D C:\MSI
2017-02-24 20:34 - 2016-09-04 14:54 - 00000000 ____D C:\Program Files (x86)\Origin
2017-02-24 20:24 - 2016-07-27 10:28 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\LogMeIn Hamachi
2017-02-22 18:54 - 2016-07-31 20:17 - 00000000 ____D C:\Users\Jacob Macdonnell\Documents\My Games
2017-02-22 16:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-22 16:08 - 2016-07-26 22:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 16:05 - 2016-07-26 22:23 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 17:29 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 14:54 - 2016-08-14 16:09 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\MSI
2017-02-21 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-21 14:26 - 2016-09-10 18:43 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Local\TeamSpeak 3 Client
2017-02-19 11:23 - 2016-08-02 13:28 - 00215024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-18 18:45 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-18 16:54 - 2016-07-27 11:03 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\LocalLow\Smartly Dressed Games
2017-02-18 11:49 - 2016-09-27 17:02 - 00000000 ____D C:\Users\Jacob Macdonnell\AppData\Roaming\discord
2017-02-17 16:33 - 2016-08-02 13:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:33 - 2016-08-02 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-17 16:22 - 2016-10-12 18:28 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2017-02-17 16:19 - 2016-12-17 19:45 - 00000878 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-13 09:03 - 2016-08-02 14:27 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-13 09:03 - 2016-08-02 13:43 - 00011999 _____ C:\WINDOWS\diagwrn.xml
2017-02-13 09:03 - 2016-08-02 13:43 - 00010127 _____ C:\WINDOWS\diagerr.xml
2017-02-12 13:33 - 2017-01-28 17:09 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-02-11 12:59 - 2016-07-27 12:00 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-02-11 10:42 - 2016-08-27 09:19 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-11 10:26 - 2017-01-31 16:47 - 01681908 _____ C:\Users\Jacob Macdonnell\Desktop\vehicles.meta
2017-02-10 15:32 - 2016-07-27 22:14 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-10 15:31 - 2016-07-27 22:14 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-09 18:33 - 2017-01-08 20:32 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-09 18:33 - 2017-01-08 20:32 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-09 18:33 - 2017-01-08 20:32 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-09 18:33 - 2016-09-01 16:32 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-09 18:33 - 2016-09-01 16:32 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-09 18:33 - 2016-09-01 16:32 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-09 15:13 - 2016-09-10 21:59 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 14:57 - 2016-09-01 16:36 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-09 14:57 - 2016-09-01 16:36 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 14:57 - 2016-09-01 16:36 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-06 11:48 - 2016-09-02 14:27 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-09-02 14:27 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-02-19 21:08 - 2017-02-19 21:22 - 0000098 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\LauncherSettings_live.cfg
2017-02-19 21:09 - 2017-02-19 21:09 - 0000043 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\TheHunterSettings_steam_live.cfg
2016-09-24 13:09 - 2016-09-24 15:13 - 0000841 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\trace_FilterInstaller.1.txt
2016-09-24 13:09 - 2016-09-24 13:09 - 0001167 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\trace_FilterInstaller.2.txt
2016-09-24 13:09 - 2016-09-24 15:36 - 0000905 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\trace_FilterInstaller.txt
2016-09-24 13:09 - 2016-09-24 15:36 - 0000000 _____ () C:\Users\Jacob Macdonnell\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-10-14 14:46 - 2016-11-27 14:43 - 0007599 _____ () C:\Users\Jacob Macdonnell\AppData\Local\Resmon.ResmonCfg
2017-02-04 22:19 - 2017-02-04 22:19 - 0000003 _____ () C:\Users\Jacob Macdonnell\AppData\Local\updater.log
2017-02-04 22:19 - 2017-03-01 21:41 - 0000059 _____ () C:\Users\Jacob Macdonnell\AppData\Local\UserProducts.xml
2016-08-20 20:15 - 2016-08-20 21:11 - 0000028 _____ () C:\Users\Jacob Macdonnell\AppData\Local\X-Plane Installer.prf
2016-08-20 21:12 - 2016-08-20 21:16 - 0000015 _____ () C:\Users\Jacob Macdonnell\AppData\Local\X-Plane_drm.prf
2016-08-20 20:30 - 2016-08-20 20:30 - 0000047 _____ () C:\Users\Jacob Macdonnell\AppData\Local\x-plane_install_10.txt
2016-08-02 13:30 - 2016-08-02 13:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 15:06 - 2017-01-21 18:20 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 15:06 - 2017-01-17 20:41 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-03-03 22:03 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Jacob Macdonnell\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-24 20:51
 
==================== End of FRST.txt ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 04 March 2017 - 04:57 AM

Hello,

 

Please download the following file => Attached File  fixlist.txt   935bytes   5 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things going after the fix.

 

If the problem still persists after the fix you probably need to reset the router settings and to clear the DNS cache. Then reboot the computer and check if the problem is still there.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#5 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 04 March 2017 - 12:49 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Jacob Macdonnell (04-03-2017 09:32:13) Run:1
Running from C:\Users\Jacob Macdonnell\Desktop
Loaded Profiles: Jacob Macdonnell (Available Profiles: Jacob Macdonnell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2012629126-2834295668-3335303728-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5893443AC2BA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {6D92CC5B-C727-4DF9-BC6D-18230628DB3D} - System32\Tasks\topnewsonlinenetfitzismd => Chrome.exe topnewsonline.net/fitzismd
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\...\Run: [mailruhomesearch] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
Folder: C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign9ba5584fbb70d1f7
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5893443AC2BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D92CC5B-C727-4DF9-BC6D-18230628DB3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D92CC5B-C727-4DF9-BC6D-18230628DB3D} => key removed successfully
C:\WINDOWS\System32\Tasks\topnewsonlinenetfitzismd => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\topnewsonlinenetfitzismd => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mailruhomesearch => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\Users\Jacob Macdonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
 
========================= Folder: C:\Users\Jacob Macdonnell\AppData\Local\Tempzxpsign9ba5584fbb70d1f7 ========================
 
 
====== End of Folder: ======
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {7977A124-BDAB-4FF7-8FA2-978A698D6052}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2012629126-2834295668-3335303728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1657908 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 134392877 B
Java, Flash, Steam htmlcache => 381834908 B
Windows/system/drivers => 49137792 B
Edge => 31301328 B
Chrome => 32671389 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 777104010 B
LocalService => 14000 B
NetworkService => 13012 B
Jacob Macdonnell => 8695334 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:33:29 ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 04 March 2017 - 01:07 PM

Hi,

 

Thank you for the log.

 

Please verify if the problem still persist and let me know.

 

 

Thanks!

 

Regards,

Georgi


cXfZ4wS.png


#7 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 04 March 2017 - 02:37 PM

How do i verify

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 04 March 2017 - 03:02 PM

Use the computer the way you always do and watch for strange behaviour, browsers redirects (to Wonderlandads) etc.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 04 March 2017 - 07:08 PM

I just had an alert from windows defender about a trojan virus 

 

Screenshot: http://imgur.com/vKhT1Fx



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 05 March 2017 - 03:12 AM

Hi,

 

 

This is probably a false positive but I really don't recommend you to use cracking tools like this to make Windows appear as though it's a legitimate/genuine copy.

 

So this is not related to the problem you were having.

 

Do you still have problems with Wonderlandads then?

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 05 March 2017 - 04:46 AM

No sign of wonderlandads so far, what do you mean a cracking tool to make windows appear real? I bought windows 10 pro

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 05 March 2017 - 05:38 AM

Hi,

 

 

I am glad we nailed it down. :)

What I meant is that the detected file by Windows Defender is a Windows activator called Microsoft Toolkit and it is not malicious but illegal...

 

 

Here are the last set of steps just to make sure nothing is lurking in the dark corners.


STEP 1
 
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-consumer-3.0.6.1469.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

STEP 2

 
1.Please download HitmanPro.

2.Launch the program by double clicking on the HitmanPro icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
96QH4u9.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.
 

 

STEP 3
 

 

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please attach the content of the report in your next reply.

 

 

STEP 4
 

Also let's check for outdated and vulnerable software on your pc
 
 
Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

and then if there aren't any issues left I'll give you my final recommendations. ;)
 
 
Regards,
Georgi


cXfZ4wS.png


#13 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 05 March 2017 - 04:42 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 111  
 Java version 32-bit out of Date! 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
 Windows Defender MpCmdRun.exe   
 Intel Intel® Online Connect Access IntelTechnologyAccessService.exe  
 Intel Intel® Online Connect Access LegacyCsLoaderService.exe  
 Intel Intel® Online Connect ioc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

Edited by Macattack4, 05 March 2017 - 04:43 PM.


#14 Macattack4

Macattack4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 05 March 2017 - 06:37 PM

Emsisoft Emergency Kit - Version 2017.2
Last update: 3/5/2017 10:35:11 AM
User account: JAKES-GAMING-PC\Jacob Macdonnell
Computer name: JAKES-GAMING-PC
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 3/5/2017 10:37:29 AM
 
Scanned 634646
Found 0
 
Scan end: 3/5/2017 3:36:24 PM
Scan time: 4:58:55


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:14 AM

Posted 06 March 2017 - 02:58 AM

So far, so good. I am waiting for the other 2 logs. :)

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users