Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Games Started to stutter Windows 10


  • This topic is locked This topic is locked
10 replies to this topic

#1 Nyjal-

Nyjal-

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 07 March 2017 - 08:40 AM

so recent days game started to stutter, like Microstutter FPS is fine averaging 60+FPS but occasionally some of the games have like Millisecond Stutter, 

Games like CS:GO, Overwatch , NBA 2k17 Seems Fine.

 

And by the way, My PC ain't bad 

 

i7 4790k

gtx 970

16 GB ram

 

can anyone guide me how to find out if there is a virus? would post scan logs asap thank you!


Edited by hamluis, 07 March 2017 - 09:31 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 07 March 2017 - 10:02 AM

aswMBR log

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-03-07 22:46:52
-----------------------------
22:46:52.553    OS Version: Windows x64 6.2.9200 
22:46:52.553    Number of processors: 8 586 0x3C03
22:46:52.553    ComputerName: DANIEL  UserName: Daniel
22:46:52.875    Initialize success
22:46:52.878    VM: initialized successfully
22:46:52.878    VM: Intel CPU supported virtualized 
22:46:54.006    VM: disk I/O iaStorA.sys
22:47:01.322    AVAST engine defs: 17030702
22:48:06.179    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000003c
22:48:06.180    Disk 0 Vendor: ST2000VX000-1ES164 CV26 Size: 1907729MB BusType: 11
22:48:06.181    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003d
22:48:06.183    Disk 1 Vendor: KINGSTON_SV300S37A120G 603ABBF0 Size: 114473MB BusType: 11
22:48:06.193    Disk 1 MBR read successfully
22:48:06.195    Disk 1 MBR scan
22:48:06.197    Disk 1 Windows 7 default MBR code
22:48:06.199    Disk 1 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
22:48:06.201    Disk 1 Partition 2 00     07      HPFS/NTFS NTFS       113921 MB offset 206848
22:48:06.204    Disk 1 Partition 3 00     27 Hidden NTFS WinRE NTFS          450 MB offset 233517056
22:48:06.210    Disk 1 scanning C:\WINDOWS\system32\drivers
22:48:07.227    Service scanning
22:48:10.720    Modules scanning
22:48:10.723    Disk 1 trace - called modules:
22:48:10.727    ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
22:48:10.732    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffff818b3d1a6060]
22:48:10.735    3 aswSP.sys[fffff8047838db8a] -> nt!IofCallDriver -> [0xffff818b3bbdcb80]
22:48:10.737    5 ACPI.sys[fffff804761e4571] -> nt!IofCallDriver -> [0xffff818b3bbd99a0]
22:48:10.740    7 ACPI.sys[fffff804761e4571] -> nt!IofCallDriver -> \Device\0000003d[0xffff818b3bbdb060]
22:48:10.896    AVAST engine scan C:\
22:57:34.310    Disk 1 statistics 9946619/0/0 @ 12.32 MB/s
22:57:34.314    Scan finished successfully
22:57:56.619    Disk 1 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
22:57:56.621    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

FRST LOG 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Daniel (administrator) on DANIEL (07-03-2017 22:58:13)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Corsair Components, Inc.) D:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [12348112 2016-10-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-01] (Microsoft Corporation)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-03] (Nota Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-23] (Spotify Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [26888912 2016-11-11] (Corsair Components, Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4005944 2017-03-01] (Tonec Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\RunOnce: [Uninstall C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {a3720b70-681e-11e5-be82-448a5b9ac8ba} - "I:\setup.exe" 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{3c7cbe33-4990-475c-8c19-5716b64cf2eb}: [DhcpNameServer] 10.111.172.1
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [DhcpNameServer] 114.108.195.1 114.108.193.201
 
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-15] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - D:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel\AppData\Roaming\IDM\idmmzcc5 [2017-03-07] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> D:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-08]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-08]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (uBlock Origin) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-11]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-08]
CHR Extension: (Authy) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2017-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-27] (AVAST Software)
R2 avast! Firewall; D:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-27] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2017-01-12] ()
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [85200 2016-11-11] (Corsair Components, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2017-01-11] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [39888 2016-05-19] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-05-16] (Micro-Star INT'L CO., LTD.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [54200 2016-07-22] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-24] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-24] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-03-10] (The OpenVPN Project)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-28] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-09-14] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-12-22] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-02-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-27] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-02-27] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [461640 2017-02-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-02-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-02-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-27] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-02-27] (AVAST Software)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-10-06] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-10-06] (Corsair)
R3 cpuz139; C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [43328 2017-03-07] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-01] (Disc Soft Ltd)
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2015-11-25] (Highresolution Enterprises [www.highrez.co.uk])
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-24] (NVIDIA Corporation)
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2016-05-31] ()
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\system32\DRIVERS\ssudobex.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 sthid; C:\WINDOWS\System32\drivers\sthid.sys [21216 2015-12-29] (Splashtop Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-02] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-07-23] (Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [19176 2016-07-14] ()
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 YSDrv; C:\WINDOWS\system32\DRIVERS\YSDrv.sys [270608 2017-03-04] (BigNox Corporation)
U3 aswMBR; D:\Temp\aswMBR.sys [62728 2017-03-07] () [File not signed]
S3 GGSAFERDriver; \??\D:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\D:\Temp\gkernel.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\WINDOWS\SysWOW64\Drivers\X6va063 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 22:58 - 2017-03-07 22:58 - 00025637 _____ C:\Users\Daniel\Desktop\FRST.txt
2017-03-07 22:58 - 2017-03-07 22:58 - 00000000 ____D C:\FRST
2017-03-07 22:57 - 2017-03-07 22:57 - 00002228 _____ C:\Users\Daniel\Desktop\aswMBR.txt
2017-03-07 22:57 - 2017-03-07 22:57 - 00000512 _____ C:\Users\Daniel\Desktop\MBR.dat
2017-03-07 22:47 - 2017-03-07 22:47 - 02423808 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2017-03-07 22:46 - 2017-03-07 22:46 - 05200384 _____ (AVAST Software) C:\Users\Daniel\Desktop\aswmbr.exe
2017-03-07 19:31 - 2017-03-07 19:31 - 00000000 ____D C:\Users\Daniel\Desktop\gta
2017-03-06 16:14 - 2017-03-06 16:14 - 00002108 _____ C:\Users\Public\Desktop\Action!.lnk
2017-03-05 10:44 - 2017-03-04 14:28 - 00270608 _____ (BigNox Corporation) C:\WINDOWS\system32\Drivers\YSDrv.sys
2017-03-04 21:10 - 2017-03-04 21:10 - 00000150 _____ C:\Users\Daniel\Desktop\code razer.txt
2017-03-04 17:43 - 2017-03-04 17:43 - 00000000 ____D C:\Users\Daniel\Nox_share
2017-03-04 15:15 - 2017-03-04 15:15 - 00000045 _____ C:\Users\Daniel\nuuid.ini
2017-03-04 14:29 - 2017-03-06 17:39 - 00000000 ____D C:\Users\Daniel\.android
2017-03-04 14:28 - 2017-03-06 17:38 - 00000000 ____D C:\Users\Daniel\vmlogs
2017-03-04 14:28 - 2017-03-06 17:38 - 00000000 ____D C:\Users\Daniel\.BigNox
2017-03-04 14:28 - 2017-03-04 14:28 - 00000735 _____ C:\Users\Daniel\Desktop\Nox.lnk
2017-03-04 14:28 - 2017-03-04 14:28 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-03-04 14:28 - 2017-03-04 14:28 - 00000000 ____D C:\Program Files (x86)\Bignox
2017-03-02 13:56 - 2017-03-02 13:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-02 13:56 - 2017-03-02 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-01 23:20 - 2017-03-02 11:19 - 00000951 _____ C:\Users\Public\Desktop\Just Cause 3.lnk
2017-03-01 19:29 - 2017-03-01 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair Link 4
2017-03-01 19:29 - 2017-03-01 19:29 - 00000000 ____D C:\Program Files (x86)\CorsairLink4
2017-03-01 19:28 - 2017-03-05 00:00 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IDM
2017-03-01 19:28 - 2017-03-01 20:03 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-03-01 19:28 - 2017-03-01 19:28 - 00000000 ____D C:\Users\Daniel\Downloads\Video
2017-03-01 19:28 - 2017-03-01 19:28 - 00000000 ____D C:\Users\Daniel\Downloads\Compressed
2017-03-01 19:28 - 2017-03-01 19:28 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-03-01 19:28 - 2017-03-01 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-28 12:08 - 2017-02-28 12:07 - 00002809 _____ C:\Users\Daniel\Desktop\Authy.lnk
2017-02-28 12:07 - 2017-02-28 12:07 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-27 23:49 - 2017-02-27 23:49 - 00461640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-02-27 23:49 - 2017-02-27 23:49 - 00001037 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-02-27 23:49 - 2017-02-27 23:49 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-02-27 23:49 - 2017-02-27 23:27 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-27 23:27 - 2017-03-01 19:36 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-27 23:27 - 2017-02-27 23:27 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-27 23:27 - 2017-02-27 23:27 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-27 23:27 - 2017-02-27 23:27 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-27 23:27 - 2017-02-27 23:27 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-25 14:58 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-02-25 14:58 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-02-25 14:58 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-02-25 14:58 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-02-25 14:58 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-02-25 14:58 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-02-14 23:32 - 2017-03-01 19:54 - 00000000 ____D C:\Users\Daniel\Desktop\Table
2017-02-14 01:14 - 2016-10-17 23:35 - 00223464 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2017-02-09 10:33 - 2017-02-23 19:23 - 00000000 ____D C:\ProgramData\Razer
2017-02-09 10:33 - 2017-02-23 19:23 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-07 10:14 - 2017-02-07 10:14 - 00000000 ____D C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-07 22:55 - 2015-11-02 15:51 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2017-03-07 21:05 - 2016-08-04 10:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 20:31 - 2017-01-27 14:33 - 00000000 ____D C:\ProgramData\CLink4
2017-03-07 19:57 - 2016-08-04 10:47 - 09892274 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-07 19:52 - 2016-08-04 10:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-07 19:51 - 2016-08-04 10:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-07 19:51 - 2016-07-26 20:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DMCache
2017-03-07 19:51 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-07 18:53 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-07 18:52 - 2017-01-11 22:33 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-11-08 00:34 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-07 18:52 - 2016-10-09 09:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-10-09 09:54 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-10-09 09:54 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-10-09 09:54 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-10-09 09:54 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-10-09 09:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-07 18:52 - 2016-08-04 10:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-07 18:52 - 2016-08-04 10:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-07 18:52 - 2016-08-04 10:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-07 11:21 - 2016-08-04 10:52 - 00005194 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel
2017-03-06 21:45 - 2015-10-11 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Origin
2017-03-06 18:30 - 2015-12-13 09:10 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-03-06 18:27 - 2015-12-13 09:10 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-03-06 18:25 - 2015-10-11 10:49 - 00000000 ____D C:\ProgramData\Origin
2017-03-06 16:14 - 2017-01-08 11:06 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-03-06 16:14 - 2016-02-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-03-05 22:36 - 2016-05-12 22:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TeamViewer
2017-03-05 13:46 - 2017-01-30 21:06 - 00000221 _____ C:\Users\Daniel\Desktop\recovered.txt
2017-03-05 10:44 - 2016-10-24 18:51 - 00000000 ____D C:\Program Files\DIFX
2017-03-04 23:56 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Registration
2017-03-04 21:45 - 2015-09-27 18:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2017-03-04 19:15 - 2016-12-29 02:44 - 00000145 _____ C:\Users\Daniel\Desktop\steam accs.txt
2017-03-04 17:43 - 2016-08-04 10:48 - 00000000 ____D C:\Users\Daniel
2017-03-04 15:39 - 2015-09-28 16:51 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-04 13:59 - 2016-07-22 00:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2017-03-04 12:11 - 2015-11-11 01:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2017-03-03 12:54 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-02 22:02 - 2015-10-20 13:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 15:10 - 2016-11-06 09:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Infinity
2017-03-02 13:56 - 2015-11-02 15:48 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 13:55 - 2015-09-27 12:35 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 11:06 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-01 23:45 - 2016-11-06 09:47 - 00002323 _____ C:\Users\Daniel\Desktop\Infinity.lnk
2017-03-01 23:45 - 2016-11-06 09:44 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daring Development Inc
2017-02-27 23:27 - 2017-01-07 00:55 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-27 23:27 - 2017-01-07 00:55 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-26 21:49 - 2015-12-26 10:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-26 15:05 - 2017-01-15 13:28 - 00000000 ____D C:\Users\Daniel\Desktop\Cracking Files
2017-02-25 13:39 - 2015-09-27 13:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 13:37 - 2015-09-27 13:23 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 02:35 - 2017-01-11 22:33 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-24 02:35 - 2015-11-20 21:50 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-24 02:35 - 2015-09-28 06:54 - 01880512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-24 02:35 - 2015-09-28 06:54 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-24 02:35 - 2015-09-28 06:54 - 01468864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-24 02:35 - 2015-09-28 06:54 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-23 22:32 - 2016-10-09 09:54 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-23 22:30 - 2017-01-11 22:33 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-22 15:45 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 00:31 - 2015-09-27 20:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2017-02-20 19:29 - 2017-02-04 18:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-20 19:28 - 2016-02-24 19:18 - 00000000 ____D C:\ProgramData\Adobe
2017-02-18 12:35 - 2017-01-17 19:02 - 00000000 ____D C:\Users\Daniel\Desktop\Files
2017-02-17 10:26 - 2016-08-04 10:46 - 05028856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-14 13:39 - 2016-09-24 11:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-14 13:38 - 2015-09-27 15:16 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-13 17:46 - 2016-08-04 10:52 - 00003512 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-13 17:46 - 2016-08-04 10:52 - 00003376 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-02-13 17:46 - 2015-10-23 20:26 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-10 19:47 - 2016-01-26 21:44 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HandBrake
2017-02-10 16:22 - 2017-02-02 22:19 - 00000000 ____D C:\Users\Daniel\Documents\FLiNGTrainer
2017-02-07 09:12 - 2015-11-23 14:34 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 09:12 - 2015-11-23 14:34 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 03:48 - 2016-07-16 19:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 03:48 - 2016-07-16 19:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 00:01 - 2016-03-28 00:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2016-04-14 17:52 - 2016-04-14 17:52 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-04-06 14:25 - 2016-11-20 00:40 - 0000500 _____ () C:\Users\Daniel\AppData\Local\pref.data
2017-01-03 21:12 - 2017-01-03 21:12 - 0000600 _____ () C:\Users\Daniel\AppData\Local\PUTTY.RND
2015-11-17 15:36 - 2017-02-20 00:55 - 0007596 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-03 11:01
 
==================== End of FRST.txt ============================

Edited by Nyjal-, 07 March 2017 - 10:05 AM.


#3 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 07 March 2017 - 10:03 AM

ADDITION LOG 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017

Ran by Daniel (07-03-2017 22:58:35)
Running from C:\Users\Daniel\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-04 02:54:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-903814144-441885261-1225124989-500 - Administrator - Disabled)
Daniel (S-1-5-21-903814144-441885261-1225124989-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-903814144-441885261-1225124989-503 - Limited - Disabled)
Guest (S-1-5-21-903814144-441885261-1225124989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-903814144-441885261-1225124989-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.2.1 - Mirillis)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Corsair Link 4 (HKLM-x32\...\{a9577fc0-b533-47c8-8cfc-0baa4b76d0a3}) (Version: 4.5.0.55 - Corsair Components, Inc.)
Corsair Link 4 (x32 Version: 4.5.0.55 - Corsair Components, Inc.) Hidden
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Corsair Utility Engine (HKLM-x32\...\{73CED964-AF50-43D1-B475-31175F5D8903}) (Version: 2.6.70 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HandBrake 0.10.3 (HKLM-x32\...\HandBrake) (Version: 0.10.3 - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Infinity (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Infinity) (Version: 2.3.4 - Daring Development Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\{513624C8-A6E3-44FA-A449-5C2BDAA72CC4}_is1) (Version:  - Avalanche Studios)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Mafia III Racing Update v20161221 (HKLM\...\bWFmaWFpaWk_is1) (Version: 1 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Menyoo (Version: 1.7.9 - Menyoo) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSI Afterburner 4.3.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 4 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.17 - MSI)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version:  - CyberConnect2 Co. Ltd.)
NBA 2K15 (HKLM\...\Steam App 282350) (Version:  - Visual Concepts)
NBA 2K17 (HKLM\...\Steam App 385760) (Version:  - Visual Concepts)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.5 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
OpenVPN 2.3.10-I603  (HKLM-x32\...\OpenVPN) (Version: 2.3.10-I603 - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
RivaTuner Statistics Server 6.5.1 (HKLM-x32\...\RTSS) (Version: 6.5.1 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Total War: WARHAMMER (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 1428) (Version:  - Ubisoft)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
Windows Driver Package - BigNox Corporation YSDrv System  (01/20/2017 4.3.12) (HKLM\...\1FF524CF3E58304F349D809470EC4A689914A4D5) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-170F5F5A3E94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19CC4637-277A-47A9-BEC5-DE32F7343296} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {1F0E9456-E728-490D-9E0B-1FA1600FD356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {25910875-9D6D-45CA-B60E-272F4658F3A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2A4E172E-266A-458B-BE57-DBA9E3C6AA09} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-27] (AVAST Software)
Task: {2D8A984E-7FBD-450D-BB5B-090A74022072} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {3D4AE539-E8BE-4684-9F64-9203CD4E4DE7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-24] (NVIDIA Corporation)
Task: {6939035B-C78C-4E32-AAF4-04B90E81E006} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-02-03] ()
Task: {745CEC91-A541-4D9F-B097-147D9CD45D6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {876FC22E-C719-47DA-9340-AE059CBDE780} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-24] (NVIDIA Corporation)
Task: {8CB59047-F571-4016-903D-F80E264F39C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => %windir%\system32\NotificationUI.exe 
Task: {9D4C7B59-40F6-4BB8-88CE-924B4F1FEC9F} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {9FFE3C48-5638-4B3C-A506-9A2D1798A499} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B1434ECD-1CBA-4837-8F0C-492978E7D51B} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {B21FBC4A-FCB6-4B5A-987E-0BC2550D763E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-24] (NVIDIA Corporation)
Task: {B22ACFEF-E418-4E99-8E1B-06D43CA60770} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B8C95E75-079A-4BDE-8B64-2E0CD130D784} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-24] (NVIDIA Corporation)
Task: {C2EF75D3-62A7-4D52-A185-D99F0FA58A31} - \{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} -> No File <==== ATTENTION
Task: {CB2F389F-8F4E-4EA4-939D-B39962287495} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CB6C544D-55B3-4A0F-8480-3533EBEEAE34} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {CF846CAD-AADA-431B-92EC-7EFAAADD2868} - System32\Tasks\CAM => D:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.exe 
Task: {D8E1F676-440C-4046-8A4A-2A20DEE9DDE8} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe 
Task: {E315787F-79C0-4F68-B6E3-FAB39561186A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-25] (Microsoft Corporation)
Task: {EE9B9144-F813-47BD-9272-4A8DC331A023} - \{73BD1564-94F3-4C5E-A2FB-846F09850071} -> No File <==== ATTENTION
Task: {EFCAC9AA-5668-48B3-8E14-28C6074CAF07} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-24] (NVIDIA Corporation)
Task: {F4DE4D91-985D-4658-8211-8848C29FF83A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-24] (NVIDIA Corporation)
Task: {F7A99D8C-605F-48CC-94DF-87F3A067A97E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-24] (NVIDIA Corporation)
Task: {FB6C5CAE-2C46-4549-9FD6-E10865B4EACE} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Daniel\Desktop\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb
ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb
ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 06:39 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-04 10:47 - 2017-01-20 23:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-13 09:10 - 2016-12-22 17:33 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-10-09 09:54 - 2017-02-24 02:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-09 09:54 - 2017-02-24 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-02 15:19 - 2016-12-08 01:15 - 00053352 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2016-08-24 17:54 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2016-12-14 06:39 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-24 19:04 - 2016-08-24 19:04 - 01864384 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-28 19:10 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-09-15 08:07 - 2016-09-07 12:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 06:07 - 2016-12-21 15:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-22 15:17 - 2017-02-22 15:18 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 15:17 - 2017-02-22 15:18 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 15:17 - 2017-02-22 15:18 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 09:12 - 2017-02-07 09:13 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-11 06:06 - 2016-12-21 14:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 06:06 - 2016-12-21 14:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 06:06 - 2016-12-21 14:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 06:06 - 2016-12-21 14:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 06:06 - 2016-12-21 14:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 06:06 - 2016-12-21 14:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-28 12:17 - 2017-02-28 12:17 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2015-09-28 06:57 - 2017-02-24 02:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-09 09:54 - 2017-02-24 02:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-09 09:54 - 2017-02-24 02:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-24 17:54 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2016-10-09 09:54 - 2017-02-24 02:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-12 16:45 - 2016-10-12 16:45 - 00211456 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-10-12 16:44 - 2016-10-12 16:44 - 00037376 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2016-10-12 16:44 - 2016-10-12 16:44 - 00093184 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-06-10 10:19 - 2016-06-10 10:19 - 00011264 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-06-10 10:19 - 2016-06-10 10:19 - 01990144 _____ () D:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2017-02-27 23:27 - 2017-02-27 23:27 - 00170216 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-07 00:55 - 2017-01-07 00:55 - 48936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-27 23:27 - 2017-02-27 23:27 - 00290352 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-27 23:27 - 2017-02-27 23:27 - 00655056 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-09 09:54 - 2017-02-23 22:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-09 09:54 - 2017-02-23 22:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-09 09:54 - 2017-02-23 22:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-09 09:54 - 2017-02-23 22:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-09 09:54 - 2017-02-23 22:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-09 09:54 - 2017-02-23 22:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-01-21 12:05 - 2016-12-24 02:28 - 00657184 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2016-10-14 10:39 - 2016-09-01 09:02 - 04969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2017-01-21 12:05 - 2017-01-19 09:30 - 02327840 _____ () D:\Program Files (x86)\Steam\video.dll
2016-10-14 10:39 - 2016-09-01 09:02 - 01563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2016-10-14 10:39 - 2016-09-01 09:02 - 01195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2016-10-14 10:39 - 2016-01-27 15:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-14 10:39 - 2016-01-27 15:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-14 10:39 - 2016-01-27 15:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-14 10:39 - 2016-01-27 15:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-14 10:39 - 2016-01-27 15:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2017-01-21 12:05 - 2017-01-19 09:30 - 00838432 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-14 10:39 - 2016-07-05 06:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-01-21 12:05 - 2017-01-05 11:12 - 68813088 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-01-21 12:05 - 2017-01-19 09:30 - 00383776 _____ () D:\Program Files (x86)\Steam\steam.dll
2016-10-14 10:39 - 2015-09-25 07:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2016-12-14 06:39 - 2016-12-09 18:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-02-07 09:12 - 2017-02-01 17:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:12 - 2017-02-01 17:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-24 19:30 - 2016-07-22 00:41 - 00000898 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\Desktop\2017_lexus_rc_f_gt3_race_car-2560x1440.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "GarenaPlus"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7B92ED9D-F5C3-4241-BAD5-E5C82EAC2FDD}] => (Allow) LPort=2333
FirewallRules: [{5F5B397C-C0AF-4441-B175-549CD7EDA8C4}] => (Allow) LPort=9143
FirewallRules: [UDP Query User{6995B8C9-063E-423C-A83B-BE06B2683FE3}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5283864A-9D3F-488D-A319-CFE1CFC7F34A}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D22B429D-97F1-4548-A953-6F8232F02321}] => (Allow) LPort=8370
FirewallRules: [{AF9BA81A-D89D-4CBE-A642-EB5A0C77163A}] => (Allow) LPort=8370
FirewallRules: [UDP Query User{DEE6FE04-DCA3-456A-96E1-23EBECF041DD}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Block) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [TCP Query User{573E5669-F7DF-4939-BC50-F25963FFDE37}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Block) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [UDP Query User{DFAF83F5-142E-4017-AC0E-8745872D4D7B}G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Block) G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [TCP Query User{ABFCADB4-E40E-49DA-A81D-640498A38A6E}G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Block) G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [{B4AA7285-786B-40BC-BC88-5002AB302461}] => (Block) %ProgramFiles% (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{79F71172-0C7F-4420-863B-B1C176571EB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D5282FF8-F17A-4CF2-A6A8-14B921F69F8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2A974BB9-6C54-417C-BFDD-F421C912784B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A3483AED-F984-4D2D-AE56-30F3373A1805}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{026A429C-18EE-4D07-BEB9-A3EACB31F71F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{107BC8FD-3340-409B-9374-1FD0D4FC9948}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB783713-A216-4130-8245-0E1120E69633}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{19D615C1-EF8F-4D4D-984E-173169E507DE}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FD23E41-D774-48D8-8F4B-2245E96564F3}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFBA4C1B-FE5D-4E64-B5AE-59688778CE94}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{914E95E8-2B73-4E64-A4B2-246B3B4B10EB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3395845D-F3D7-4057-B1EC-D35DD4A8BBE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6644DFE6-C123-4838-8CFC-2E3F7555639A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{90497EA6-7C75-48C0-B221-07E5CE95D6FB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90982748-EAFA-4965-8F7A-61FEC88CD5F0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1164E475-0760-4E90-BDE4-1F9CE89446C7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7FC25B50-C04E-4071-B09A-761986B437B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{031E7F25-7B21-48A7-A06D-A522ACA3A65D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6FF9B01-2821-47DC-B943-F55C5F2DFAA4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EE0B8ED6-6804-44E7-A0D5-EF352BF7F218}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2F7E28F-1E9A-4E6D-8EBA-221EB1C88D29}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{119358A0-DA99-4855-B5A2-AA4B326CCB17}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{50AC9067-13ED-4618-885A-77395478A87B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C2512797-7E8D-4D79-A47E-2383E182CBB4}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{2C0BDE5D-1914-4330-AC9C-243FBCFB7A70}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{51211198-22DE-4184-A70D-501CC921C189}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{A5EDF8C7-2312-4E2E-9779-BF18FCA17C76}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{6C158580-4922-4E2B-870A-C6D9C6A9627E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{AC843C56-A91A-4F8A-93CF-854D0CBA923A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{23EAB8E6-4C91-4F0C-A3D8-DB6F28F0C094}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{1D1A5E11-FD20-4903-B519-B0683949E180}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{9C9AF53E-EB69-4331-81C4-73A1DCDDE700}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NBA 2K17\NBA2K17.exe
FirewallRules: [{F6DEC09A-9234-4A45-8F6E-BA74E013BB9E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NBA 2K17\NBA2K17.exe
FirewallRules: [TCP Query User{8DCE9306-2BFF-4AA4-ABB7-932781EC66EB}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3F35D5BD-3EC0-41B6-ABFC-2DB34DBE7D82}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{5DA9CD05-B60C-4B2E-B91A-98365CA57098}E:\games\grand theft auto v - copy\gta5.exe] => (Block) E:\games\grand theft auto v - copy\gta5.exe
FirewallRules: [UDP Query User{1CE703B5-7E27-4A89-BA00-79EEC1693F79}E:\games\grand theft auto v - copy\gta5.exe] => (Block) E:\games\grand theft auto v - copy\gta5.exe
FirewallRules: [{D48B524A-F576-4805-ACA7-4481FEAC41F8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{077DCE4F-287D-45D1-B520-8BC28DD34F55}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [TCP Query User{A3E7E9BF-BEE1-4CA8-BCFD-DF02D0F37BE0}D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{E8B30B4D-0AC0-4504-85DC-3B8E382BA5C2}D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{4EDBC874-243F-479B-AE32-4B211034B459}E:\games\overwatch\overwatch.exe] => (Block) E:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{490C4976-DF08-4F67-A541-196F5593AD9A}E:\games\overwatch\overwatch.exe] => (Block) E:\games\overwatch\overwatch.exe
FirewallRules: [{BFE81EBE-2648-48D9-9C70-74C410A1F396}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NBA2K15\NBA2K15.exe
FirewallRules: [{EF23D422-8D62-477E-B478-FCA40B0436F1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NBA2K15\NBA2K15.exe
FirewallRules: [{28389DC2-1FF9-44BA-8C26-E068B3786DC1}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ADCB51AC-0906-47CB-96ED-C8E502E7561F}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CA60F632-C026-408B-8940-F045868822B8}] => (Allow) LPort=26789
FirewallRules: [{A86EB587-494B-40B2-9883-DC136E308FD8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1F4F0307-8B25-4A93-89E9-25BB016FF473}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A2ACDC8B-C782-445F-89E0-2AF3D0E08C74}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0E33384F-765F-42E6-9312-6C5217007D3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A6E1F979-75AD-4F27-8E4A-9C87F75E001B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{FBE823D3-8B42-430A-93B3-2E24724B4BD6}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{702AC4AE-DDB4-4B06-AF58-44BF78DB07AB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FFBFB559-6A53-4580-B759-283F1F7E2CAD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C80713A6-3C4F-4CC2-91B8-7AE980E710C2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{5329DC71-7B5E-4C21-A515-3A1D2329BB4F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{4B436155-00E1-476E-8E01-1082ECE336B9}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DCDAD7DD-8D74-45F6-ACEF-971674D06C70}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{B40E9046-581B-4E59-A759-BB20CC181952}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A97F6C27-C3A3-461A-9225-0A8488C084CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{1FEA05A4-2E9B-408B-B519-26BB284600D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EDE76BE4-94AE-4E6B-A8E7-0211252AC371}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{12FBD44D-842F-48BB-882C-C28A752121E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{38464D70-7CD2-4DD2-8FDF-9FABD4AC2DA1}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{C985CA37-DFCD-4F41-A974-F04CC9E643AE}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{5DB75D0F-8681-4FAA-87C1-3F12BCE4AD23}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{4836A5FD-591E-4B49-AE41-8ADADC93E67E}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D7F3DD09-A3D7-4A89-B778-9DF6B47A5E7C}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{227EFD16-7EA9-4402-A7EA-AE551062F3A2}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{49628BC8-4ADF-4E45-B539-188171FF8500}] => (Allow) E:\Daniel Files\TechTool Store64.exe
FirewallRules: [{BE3602DB-6EBE-4097-9A91-8F5272BD2C0D}] => (Allow) E:\Daniel Files\TechTool Store64.exe
FirewallRules: [{70AA3395-C768-404C-9FD1-1F96B07CAA87}] => (Allow) E:\Daniel Files\TechTool Store64.exe
FirewallRules: [{60AA7BB2-6FDB-41A8-98C7-C58988D940A1}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{C813727F-A476-4C6C-9699-9CA3C5743ECA}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe
FirewallRules: [{D14E4A06-F375-40D0-B1CB-9ADDE27998DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{38BCE859-1899-418B-A409-15F8A4327CC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2895C5F5-F8E8-408C-BD17-D3CEC37E0500}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FCB1C1BD-1650-4606-A02D-C2EDB2EBD70A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3BCA12DA-C73A-414E-BDC5-F64380B1AF29}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{AEAF7A00-5D78-4221-9BE7-D5A8245D34FD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe
FirewallRules: [{49ADF5BF-7DFD-4C52-BF8A-78BC418A36B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B8D86163-22C2-424C-A323-E4FB7C189D68}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{56DF6FB6-A33A-46B5-AAED-6206BA4B07BA}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{0634BA3E-F375-47C1-8482-5DFF9C7A8571}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{50B10658-F924-45C4-B394-E781F64CD6B4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{6FB3447D-2F2F-4C42-9B6B-A3E0C0A6287F}] => (Allow) D:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{A22AE5C6-9E2C-4B52-9C44-A2C6BF1DBB4E}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2017 07:25:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:25:36 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (03/07/2017 07:25:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:25:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:25:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:22:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:22:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (03/07/2017 07:22:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:22:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (03/07/2017 07:22:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (03/07/2017 07:53:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (03/07/2017 07:51:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/07/2017 04:25:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (03/07/2017 04:23:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/07/2017 03:58:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/07/2017 03:35:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/07/2017 02:55:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
 
Error: (03/07/2017 01:30:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/07/2017 01:28:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (03/07/2017 11:47:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
 
CodeIntegrity:
===================================
  Date: 2017-03-03 22:34:36.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-03-03 22:34:33.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-03-02 22:01:38.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-17 19:01:57.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-17 19:01:55.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-14 00:11:20.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-11 12:18:21.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-06 11:02:49.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-06 11:02:46.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-02-04 15:42:23.515
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 36%
Total physical RAM: 16332.68 MB
Available physical RAM: 10377.45 MB
Total Virtual: 18764.68 MB
Available Virtual: 12413.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.25 GB) (Free:77.96 GB) NTFS
Drive d: () (Fixed) (Total:976.56 GB) (Free:229.77 GB) NTFS
Drive e: (My Files) (Fixed) (Total:886.45 GB) (Free:101.81 GB) NTFS
Drive h: (USB) (Removable) (Total:29.82 GB) (Free:29.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1C4EA9A9)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 409DABD2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: FDC01076)
Partition 1: (Active) - (Size=29.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 08 March 2017 - 05:05 AM

please help! :) 



#5 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 March 2017 - 05:17 AM

Thanks! :) 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 09 March 2017 - 08:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
GroupPolicy\User: Restriction <======= ATTENTION
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 GGSAFERDriver; \??\D:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\D:\Temp\gkernel.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\WINDOWS\SysWOW64\Drivers\X6va063 [X]
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-170F5F5A3E94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {C2EF75D3-62A7-4D52-A185-D99F0FA58A31} - \{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} -> No File <==== ATTENTION
Task: {EE9B9144-F813-47BD-9272-4A8DC331A023} - \{73BD1564-94F3-4C5E-A2FB-846F09850071} -> No File <==== ATTENTION
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please let me know what problem persists with this computer.

If any issues please submit the file in bold to Virus Total
R1 YSDrv; C:\WINDOWS\system32\DRIVERS\YSDrv.sys [270608 2017-03-04] (BigNox Corporation)

Follow the instructions on this page.
https://www.virustotal.com/

Post the results for my review.

#7 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 March 2017 - 08:41 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Daniel (09-03-2017 21:28:20) Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
GroupPolicy\User: Restriction <======= ATTENTION
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 GGSAFERDriver; \??\D:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\D:\Temp\gkernel.sys [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\WINDOWS\SysWOW64\Drivers\X6va063 [X]
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-170F5F5A3E94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {C2EF75D3-62A7-4D52-A185-D99F0FA58A31} - \{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} -> No File <==== ATTENTION
Task: {EE9B9144-F813-47BD-9272-4A8DC331A023} - \{73BD1564-94F3-4C5E-A2FB-846F09850071} -> No File <==== ATTENTION
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => No running process found
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => No running process found
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk => key removed successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\GGSAFERDriver => key removed successfully
GGSAFERDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va062 => key removed successfully
X6va062 => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va063 => key removed successfully
X6va063 => service removed successfully
HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-170F5F5A3E94} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2EF75D3-62A7-4D52-A185-D99F0FA58A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2EF75D3-62A7-4D52-A185-D99F0FA58A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE9B9144-F813-47BD-9272-4A8DC331A023} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE9B9144-F813-47BD-9272-4A8DC331A023} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73BD1564-94F3-4C5E-A2FB-846F09850071} => key removed successfully
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1946805 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43034783 B
Java, Flash, Steam htmlcache => 356383327 B
Windows/system/drivers => 131505 B
Edge => 1216 B
Chrome => 1052377569 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 128 B
Daniel => 11790701 B
 
RecycleBin => 5577618 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:28:29 ====
 
 
Nox is android emulator for pc

Edited by Nyjal-, 09 March 2017 - 08:51 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 09 March 2017 - 09:05 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#9 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 March 2017 - 09:25 AM

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

 

do i need to install the Roguekiller? and the download zoek tool? , my pc seems fine now but i don't know what those 2 apps will still do, sorry just curious last time i have checked "the helper" didn't mention any Zoek and Rougekiller thing



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 AM

Posted 09 March 2017 - 10:17 AM

No need to run these tools if all is well.


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 March 2017 - 10:40 AM

No need to run these tools if all is well.


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

Thanks for the effort by the way! problem solved! :D






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users