Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Requested Resource is in use. HELP


  • This topic is locked This topic is locked
14 replies to this topic

#1 Doubble

Doubble

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 07:53 PM

An old buddy who backstabbed me back in the day sent me a link on steam. Me being the idiot i am, clicked onit and it downloaded winvmx? now i its slowing my computer down, and i can get access to malwarebytes to clean it up. Please help.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 09 March 2017 - 08:30 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Additional.txt is checked.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 08:53 PM

additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017

Ran by Brendan (09-03-2017 19:44:16)
Running from C:\Users\Brendan\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-21 10:00:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1494083471-945360072-1875676824-500 - Administrator - Disabled)
Brendan (S-1-5-21-1494083471-945360072-1875676824-1001 - Administrator - Enabled) => C:\Users\Brendan
DefaultAccount (S-1-5-21-1494083471-945360072-1875676824-503 - Limited - Disabled)
Guest (S-1-5-21-1494083471-945360072-1875676824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1494083471-945360072-1875676824-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Apowersoft Android Recorder V1.0.8 (HKLM-x32\...\{0f489e77-a48a-4260-8866-030136010aec}_is1) (Version: 1.0.8 - APOWERSOFT LIMITED)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version:  - Ubisoft)
ASTRONEER (HKLM\...\Steam App 361420) (Version:  - System Era Softworks)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.62791 - Electronic Arts)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.60.197 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.60.197 - NC Interactive, LLC) Hidden
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Core Temp 1.0 RC8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DOOM II: Hell on Earth (HKLM\...\Steam App 2300) (Version:  - id Software)
Epic Games Launcher (HKLM-x32\...\{4755FB10-B694-4B0F-BCDE-F390B957CD96}) (Version: 1.1.90.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1334 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1334 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1334 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{7335EB04-8B27-4CA9-AF83-A3851E894770}) (Version: 1.1.54.1334 - Rivet Networks)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.16 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
My.com Game Center (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\MyComGames) (Version: 3.166 - My.com B.V.)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.12.3 - OBS Project)
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skyforge MyCom (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Skyforge MyCom) (Version: 1.59 - My.com B.V.)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.06 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1494083471-945360072-1875676824-1001_Classes\CLSID\{e97d6161-7efa-42ca-8727-5fc3daddde2c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {039E63BB-9D6C-4B90-8EE4-A60A75766823} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {0D253C93-FBF1-41E7-9FC5-F5229AB13FF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {236F09CF-307C-4363-9A74-44349AC4A30E} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {9A3F8612-0CEA-4502-9E68-20917E714A65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {D5C09094-02AB-43CC-9F54-E931F151EBA7} - \DriverAssist.Autostart -> No File <==== ATTENTION
Task: {D81FB9EA-4AAB-425D-844F-F1F5A04D4A3E} - \DriverAssist.Scanning -> No File <==== ATTENTION
Task: {F0264DB8-40E8-4CD3-A96D-4CD58D792C77} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-02-25] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Brendan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\Brendan\AppData\Local\Google\Chrome\User Data"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 00:48 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2016-03-06 16:56 - 2016-06-14 14:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-20 04:09 - 2016-06-14 14:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-06 16:56 - 2016-06-14 14:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-06 16:56 - 2016-06-14 14:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-12 14:15 - 2016-02-12 14:26 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2015-11-04 18:11 - 2015-11-04 18:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-06 16:56 - 2016-06-14 14:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-06 16:56 - 2016-06-14 14:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-06 16:56 - 2016-06-14 14:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2015-12-20 11:07 - 2016-06-14 14:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-17 17:39 - 2016-06-14 14:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-17 17:39 - 2016-06-14 14:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 00:48 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-21 12:34 - 2016-09-21 12:34 - 00959168 _____ () C:\Users\Brendan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-13 00:01 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2017-01-10 13:46 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 13:46 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 13:46 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 13:46 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 13:46 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 13:46 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 09:42 - 2017-02-22 09:43 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 09:42 - 2017-02-22 09:43 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 09:42 - 2017-02-22 09:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:46 - 2017-02-06 21:47 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-13 20:09 - 2017-01-13 20:09 - 00896512 ____N () C:\Program Files (x86)\svcvmx\svcvmx.exe
2016-09-21 06:53 - 2016-09-21 06:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 13:46 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-20 20:18 - 2017-01-20 20:18 - 01087488 ____N () C:\Program Files (x86)\svcvmx\vmxclient.exe
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Program Files (x86)\dataup\help_dll.dll
2016-09-23 08:20 - 2016-09-17 12:13 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-12-14 00:48 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 ____N () C:\Program Files (x86)\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 ____N () C:\Program Files (x86)\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 ____N () C:\Program Files (x86)\svcvmx\libegl.dll
2017-02-06 17:25 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 17:25 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 ____N () C:\Program Files (x86)\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 01:24 - 2015-10-30 01:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brendan\Downloads\jK571FZ.jpg
DNS Servers: 172.16.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\StartupApproved\Run: => "CyberGhost"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5971D552-74A8-4D6E-9F27-9869DFAB1A4E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{0179226A-C5FF-4C56-BC18-AD29AA5A0AC2}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [UDP Query User{DEBF8084-D383-4C09-BB60-51A6C578DF47}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe
FirewallRules: [TCP Query User{E7D38BB7-85FF-48CD-8962-48211EDE5CB4}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe
FirewallRules: [{46E434F1-5E0B-459F-B646-49247EDB3BAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{EAF14992-ABC1-44F2-8646-B71C7A51D85E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{55C9E6E9-BD8B-4DC3-9584-7F9E7995127E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0B7F57C3-420B-49C7-B7EE-F96985C900F0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{1ECE4BBC-C65C-4720-B904-77B333CD1A4F}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{48915C1B-0B3F-4F35-B3A7-B7E7B3292D1D}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{4AF1B303-F1D8-464C-ACD7-BF34D711E2B8}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D6AE1CF7-E6B8-4044-848C-7E16C291F1BD}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{65F8C0C2-F032-4EB8-B70F-9242889B8514}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{F7234172-1DD9-411C-82A8-1A8685E36E74}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{ABEFAB3B-6EC2-4006-BDAE-0883F24810AD}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{F5434DB5-49FA-4CFE-A969-C22E38F198E2}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{64B90316-FD0C-480C-8A40-7F8B7D31D06A}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{A7BAF375-7C74-4CF4-9172-B7F9C8BA5671}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{D1880173-D29D-44BD-ABA2-FE86C9CA4BBA}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [TCP Query User{AE7A1CC9-19F4-4E29-82BC-946EA6218417}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{3DE35D20-2ADD-45CF-A385-2F95A5883A5C}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5BF9CE5F-4625-419E-85EA-C3A89B116729}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8AE737CD-8CD3-464C-AC79-966B0616D18D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{26F34BE4-326A-4D09-90D6-3BBE2C3DC84D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{EC4FC062-749F-4183-AD2D-FBDE83500E64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{E6CB4C7D-01B3-4648-B665-BA915EA60FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{31BD3261-FB7A-4F80-AF44-FDE03796DE09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5FB8FE7D-3FD0-4B42-9E2B-08977F36CEA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{FFFB5159-4147-4864-8DAD-60349A70C08C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{C3DF62E7-3835-4D14-BDA6-73690585C20C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [UDP Query User{85A6BC6E-9EDE-4B12-9925-832F21A02ED7}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{894FDCBF-1DE9-416B-81AA-FB50394ED3CB}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{512FC806-0CAD-4231-8CD9-C4A29D35BD6F}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{72AA24BC-0F98-490F-917F-87A049FCB9B8}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{FA745C20-215C-4956-B96B-3C2EEB7F0A42}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{23D97AEC-CE4E-466B-88B5-A838275E8CBA}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{DE96ACD5-DDF8-4B16-ADCD-DDB91BD985D1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{45BEC43B-4BCF-4B40-89AE-1D25A704314E}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{58D4E13D-A0BD-4CE8-9878-4CAD1DBB9033}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{2C6AEEB0-654E-4435-A38C-6B4D7DC0CDFE}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [UDP Query User{6A30ADA4-7EC4-46AC-980C-A5C67BE69454}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{BDA5279F-1E06-4006-8354-17EF8BDA11F2}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{A8DFC29D-A394-4AFA-8273-B081651A5E0C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7D05A6F8-F2FC-49F0-BBF9-08DBE897CB3B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8A50FD51-AF9A-41E1-AA24-F1FD64342198}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6426BDFC-0434-4A57-B73E-377D73B74EE8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CC2D617F-6514-46A0-B21B-13C40CBA84E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{E4077756-9E0B-4931-860D-43DE49C263F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [UDP Query User{9C268622-D4B9-4298-A859-D9FE0F66E205}C:\users\brendan\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\brendan\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{C100A5BF-ED98-46E0-B475-B81F7E6B3FF2}C:\users\brendan\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\brendan\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{617D22D1-693E-41BD-AAB9-48F83316BF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{12935779-994A-416A-A20A-714F4519103D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{62DFD77A-425E-426F-863A-4B60DB8D9B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E5381A0E-3311-4CD9-A80F-A2544FDADBAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B655F33A-7030-410A-BF27-C649ADF07397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{AB365E28-A946-424D-8C29-8FC9BFB374F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{D5B9D6DD-C2B8-4AD7-9DC2-B3D8CFFA267F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E26B5D8-FDBC-4ACE-9965-7472F807056E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5A365F33-3F09-4333-B1F0-81787ADF5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{346A573C-9FA1-4D64-9BA7-4926E2FC5491}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{98EA8503-D991-4CE7-9A04-2B5FAD38DC9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6BB7FD2E-BA0C-4F9A-977A-D86AA460C583}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F273EAC2-7BFD-46DC-AD04-565075C6B593}] => (Block) C:\users\brendan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0F8B62AD-7188-4926-980A-8FCCE27249D0}] => (Block) C:\users\brendan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A954E4C9-4FD0-4006-85A7-E21280BC0C79}C:\users\brendan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brendan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{065EF27E-2A4D-44B7-A4BF-4C34108D56C4}C:\users\brendan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brendan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{505BECFC-2614-4435-8AE0-A61713A29879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1D9DF5A2-CA90-4AD2-BA12-748D791BDCDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{893F142F-DFE2-4F8C-A63E-66D84E4300B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ED7D4B31-D74E-4FB4-88D8-337D65F7C520}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{77F3C69F-8875-4B42-8E43-BE9C10A60865}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F75157E-4DFF-4EAD-81BB-55A86CA60AD3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{35ECC7E5-6478-4B48-A9F9-430180AE40D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16820485-0965-4E99-8DF8-A420E9FD27EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F78E02FC-D7CE-4465-BBA0-8FC0D11BEBBD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Android Recorder\Apowersoft Android Recorder.exe
FirewallRules: [{6FA9AB2E-F2FA-402C-9AE5-64834CE68A67}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Android Recorder\Apowersoft Android Recorder.exe
FirewallRules: [TCP Query User{02AA851F-88B9-49F0-B4EA-BF99F0A940EB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{A51373B8-1114-4055-8C3C-26EEE90015F9}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{8CDC85C6-4D03-447E-A257-D4DD7BEA7908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F9B9051A-E4CC-4D47-B47B-474B2DE0BA0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{48ADF2CC-8BA9-49D5-AA87-3FD362781D5C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{275D0D83-D777-4DDF-B044-0F2A49904A7D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{60D25052-C8D1-4F67-9E5B-51CD54B71D94}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{5DE4A384-61C3-4CE1-9E0E-FACEB4D799FC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{977F2124-8E74-45BF-8BEB-83396106B926}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{76EE1D44-67EA-4433-8DEF-44637FB04F16}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{813C8B57-7732-446E-A304-2489498C569A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DBBC667F-8DBC-4391-89B6-59A2EAC4F9CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{39B59352-3B03-426E-8191-5BBAAB025935}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A44B8510-0BCF-4F74-B632-1A359272F476}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{872667BC-FE48-4B1C-865A-1B0E62C4D094}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DDED6194-A92F-42B9-916A-B2012D4B8D54}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm_x64.exe
FirewallRules: [{C84A2B51-BC43-438F-8236-F1841B9C76D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{F21ED8DB-A2E1-428A-8442-85B076409754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [TCP Query User{3D77B0CA-AFFC-44BE-A777-9896180C4977}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{1310FEEF-7AB1-4333-BCD4-BFD6E64D5E0E}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{A5335813-5850-432C-8515-C878C5E26998}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{CA326B71-48D0-487D-A8BC-3F17E876422E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{39EC1C79-B30E-4A55-9CE3-F767E1196C85}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{7692AE79-FAA2-454D-9441-0475867A80B1}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{71BAB717-5198-4C54-B72A-861A7071EF2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{F15CB536-F490-4A35-92C8-E4C3BCCD390F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{B44BFACD-F4FA-4ACC-B96B-B753AF96FAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{7797F88D-6BC8-4728-920D-D638161D2AFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{93D47FDF-14D5-44FF-8E6E-F3F9665DB524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{9DCAA010-4E64-48E0-9A00-AB295FEAF346}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{3F1090F6-202C-4973-A0E0-EE1861F496D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{78D3E235-A717-4298-AAD1-D5DAE4A2A995}C:\program files\epic games\arkdevkit\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\arkdevkit\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{74193207-0EA3-4C0F-B5C7-DA90EEA4EA89}C:\program files\epic games\arkdevkit\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\arkdevkit\engine\binaries\win64\ue4editor.exe
FirewallRules: [{2BEE9BBC-0A24-49E2-8198-F64CB03C48F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C0BDB283-B0CA-4EA8-BEA4-4956596B6605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
10-02-2017 02:42:06 Windows Update
24-02-2017 15:59:09 Windows Update
01-03-2017 20:47:02 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
09-03-2017 18:55:03 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: TAP-Windows Adapter V9 #2
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: TAP-Windows Adapter V9 #3
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: TAP-Windows Adapter V9 #4
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2017 06:55:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/09/2017 06:45:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BRENDANGAMING)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/09/2017 06:45:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BRENDANGAMING)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (03/09/2017 06:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ctfmon.exe, version: 10.0.14393.0, time stamp: 0x57899148
Faulting module name: InputService.dll, version: 10.0.14393.576, time stamp: 0x584a76ec
Exception code: 0xc0000005
Fault offset: 0x00057f66
Faulting process id: 0x2b08
Faulting application start time: 0x01d2993086fecfa8
Faulting application path: C:\WINDOWS\SysWOW64\ctfmon.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report Id: 145bc1fc-310f-4749-b31a-ac687115910f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/09/2017 06:05:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x5882001c
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x4914
Faulting application start time: 0x01d2993153d1ebb9
Faulting application path: C:\Program Files (x86)\svcvmx\vmxclient.exe
Faulting module path: C:\Program Files (x86)\svcvmx\pepflashplayer.dll
Report Id: 8afe91c2-fcf6-42b2-8cc9-bd3c2c521a2d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/09/2017 05:38:52 PM) (Source: MsiInstaller) (EventID: 1002) (User: BRENDANGAMING)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
 
Error: (03/09/2017 05:38:49 PM) (Source: MsiInstaller) (EventID: 1002) (User: BRENDANGAMING)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
 
Error: (03/09/2017 05:38:49 PM) (Source: MsiInstaller) (EventID: 1002) (User: BRENDANGAMING)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
 
Error: (03/09/2017 05:38:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: refreshwindowstool.exe, version: 10.0.16217.1, time stamp: 0x57a396f7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0869d4f8
Faulting process id: 0x594
Faulting application start time: 0x01d2992e487c5bef
Faulting application path: c:\80f4c1b859a4455969\refreshwindowstool.exe
Faulting module path: unknown
Report Id: 10e9c35b-ff4a-44de-bd04-03ad120ea84d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/09/2017 05:38:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: refreshwindowstool.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at RefreshWindowsTool.MainWindow.NavigateToEulaPage(System.String)
   at RefreshWindowsTool.MainWindow.Eula_DownloadFileCompleted(System.Object, System.ComponentModel.AsyncCompletedEventArgs)
   at System.Net.WebClient.OnDownloadFileCompleted(System.ComponentModel.AsyncCompletedEventArgs)
   at System.Net.WebClient.DownloadFileOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
System errors:
=============
Error: (03/09/2017 06:45:49 PM) (Source: DCOM) (EventID: 10010) (User: BRENDANGAMING)
Description: The server microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (03/09/2017 06:37:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The realtek_amd64 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2017 06:32:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/09/2017 06:31:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 06:30:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (03/09/2017 06:30:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
The requested resource is in use.
 
Error: (03/09/2017 06:30:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/09/2017 06:29:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 06:27:53 PM) (Source: DCOM) (EventID: 10016) (User: BRENDANGAMING)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user BRENDANGAMING\Brendan SID (S-1-5-21-1494083471-945360072-1875676824-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2017 06:27:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-08 02:34:22.777
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-08 02:34:22.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-08 02:34:22.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-08 02:34:22.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 20:10:26.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 20:10:26.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 19:56:55.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 19:56:55.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 20:47:31.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-19 20:47:31.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 39%
Total physical RAM: 16235.18 MB
Available physical RAM: 9867.16 MB
Total Virtual: 29547.18 MB
Available Virtual: 22520.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.02 GB) (Free:236.18 GB) NTFS
Drive e: (LEXAR) (Removable) (Total:29.23 GB) (Free:29.23 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5368F66B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29.2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Brendan (administrator) on BRENDANGAMING (09-03-2017 19:33:28)
Running from C:\Users\Brendan\Downloads
Loaded Profiles: Brendan (Available Profiles: Brendan)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files (x86)\dataup\dataup.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\Brendan\AppData\Local\Temp\20170309\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Bruh\Dude\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [Spotify] => C:\Users\Brendan\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [BingSvc] => C:\Users\Brendan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-19] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [Spotify Web Helper] => C:\Users\Brendan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [MyComGames] => C:\Users\Brendan\AppData\Local\MyComGames\MyComGames.exe [4769136 2016-01-30] (MY.COM B.V.)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [Discord] => C:\Users\Brendan\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3503088 2016-09-17] (Electronic Arts)
HKU\S-1-5-21-1494083471-945360072-1875676824-1001\...\RunOnce: [Uninstall C:\Users\Brendan\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Brendan\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-18]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-12-18]
ShortcutTarget: Curse.lnk -> C:\Users\Brendan\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-18] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.8.1
Tcpip\..\Interfaces\{5a58bcf2-e4ed-427e-8763-d4866163f00a}: [DhcpNameServer] 172.16.8.1
 
Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-12] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-12] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-01-13] [not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-04-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-12] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1494083471-945360072-1875676824-1001: @my.com/Games -> C:\Users\Brendan\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-27] (MY.COM B.V.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "chrome://newtab/"
CHR DefaultSearchURL: Default -> hxxp://feed.combo-search.com?st=ds&q={searchTerms}&publisher=combosearch&barcodeid=516940000000000
CHR DefaultSearchKeyword: Default -> Combo Search
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Profile: C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Slinky Elegant) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Search) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddiphlafnadkihgakloeahofhhmecefg [2017-03-09]
CHR Extension: (Listen To The Radio Now) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1494083471-945360072-1875676824-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-12-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-12-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [22184 2015-07-29] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365024 2016-11-18] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2130440 2016-09-17] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2195472 2016-09-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-02-12] ()
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755712 2017-02-23] (qdcomsvc Inc.) [File not signed] <==== ATTENTION
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S2 realtek_amd64; C:\Users\Brendan\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-06] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Brendan\AppData\Local\Temp\20170309\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
S3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [120832 2015-10-30] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed] <==== ATTENTION
R3 KillerEth; C:\WINDOWS\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NTIOLib_MB; C:\Program Files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [13808 2014-03-13] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-09] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 19:33 - 2017-03-09 19:33 - 00000000 ___DC C:\FRST
2017-03-09 19:32 - 2017-03-09 19:32 - 02423808 _____ (Farbar) C:\Users\Brendan\Downloads\FRST64.exe
2017-03-09 19:32 - 2017-03-09 19:32 - 00000000 ____D C:\Program Files (x86)\regtool
2017-03-09 19:31 - 2017-03-09 19:32 - 01765888 _____ (Farbar) C:\Users\Brendan\Downloads\FRST.exe
2017-03-09 18:54 - 2017-03-09 18:54 - 01663736 _____ (Malwarebytes) C:\Users\Brendan\Downloads\JRT.exe
2017-03-09 18:49 - 2017-03-09 19:33 - 00021826 _____ C:\Users\Brendan\Downloads\FRST.txt
2017-03-09 18:49 - 2017-03-09 18:49 - 00015228 _____ C:\Users\Brendan\Downloads\fixlist.txt
2017-03-09 18:49 - 2017-03-09 18:49 - 00015228 _____ C:\Users\Brendan\Desktop\fixlist.txt
2017-03-09 18:46 - 2017-03-09 18:46 - 05660168 _____ (Swearware) C:\Users\Brendan\Downloads\ComboFix.exe
2017-03-09 18:39 - 2017-03-09 18:39 - 09096848 _____ (SurfRight B.V.) C:\Users\Brendan\Downloads\HitmanPro.exe
2017-03-09 18:29 - 2017-03-09 18:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-09 18:29 - 2017-03-09 18:29 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-03-09 18:29 - 2017-03-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-03-09 18:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-09 18:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-09 18:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-09 18:27 - 2017-03-09 18:27 - 06705178 _____ C:\Users\Brendan\Downloads\mbam-chameleon-3.1.33.0.zip
2017-03-09 18:27 - 2017-03-09 18:27 - 00000000 ____D C:\Program Files (x86)\dataup
2017-03-09 18:18 - 2017-03-09 18:24 - 00000000 ___DC C:\AdwCleaner
2017-03-09 18:18 - 2017-03-09 18:18 - 04031440 _____ C:\Users\Brendan\Downloads\AdwCleaner.exe
2017-03-09 18:14 - 2017-03-09 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ded
2017-03-09 18:13 - 2017-03-09 18:13 - 00000000 ____D C:\Program Files\Bruh
2017-03-09 18:03 - 2017-03-09 19:34 - 00145651 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-09 18:03 - 2017-03-09 19:34 - 00118650 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-09 18:03 - 2017-03-09 18:03 - 14449600 _____ (Copyright 2017.) C:\Users\Brendan\Downloads\iexplore.exe
2017-03-09 18:03 - 2017-03-09 18:03 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-09 18:03 - 2017-03-09 18:03 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-09 18:03 - 2017-03-09 18:03 - 00000000 ____D C:\Users\Brendan\AppData\Local\Zemana
2017-03-09 18:00 - 2017-03-09 18:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Brendan\Downloads\rkill (1).exe
2017-03-09 17:54 - 2017-03-09 17:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-09 17:45 - 2017-03-09 17:45 - 00000000 __HDC C:\$Windows.~WS
2017-03-09 17:45 - 2017-03-09 17:45 - 00000000 ___DC C:\ESD
2017-03-09 17:45 - 2017-03-09 17:45 - 00000000 ___DC C:\$WINDOWS.~BT
2017-03-09 17:38 - 2017-03-09 17:38 - 00376528 _____ (Microsoft Corporation) C:\Users\Brendan\Downloads\RefreshWindowsTool.exe
2017-03-09 17:22 - 2017-03-09 17:45 - 00000000 ____D C:\WINDOWS\Panther
2017-03-09 17:05 - 2017-03-09 18:38 - 00003492 _____ C:\Users\Brendan\Desktop\Rkill.txt
2017-03-09 17:05 - 2017-03-09 17:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Brendan\Downloads\rkill.exe
2017-03-09 16:35 - 2017-03-09 16:35 - 04759456 _____ (LionSea Software co., ltd ) C:\Users\Brendan\Downloads\setup (1).exe
2017-03-09 16:35 - 2017-03-09 16:35 - 00001124 _____ C:\Users\Public\Desktop\SmartPCFixer.lnk
2017-03-09 16:35 - 2017-03-09 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
2017-03-09 16:35 - 2017-03-09 16:35 - 00000000 ____D C:\Program Files (x86)\SmartPCFixer
2017-03-09 16:04 - 2017-03-09 17:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-09 16:00 - 2017-03-09 16:00 - 00000000 ____D C:\WINDOWS\pss
2017-03-09 15:50 - 2017-03-09 18:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-09 15:50 - 2017-03-09 18:14 - 00001760 ____H C:\Users\Public\Desktop\redsdgas.lnk
2017-03-09 15:50 - 2017-03-09 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-09 15:50 - 2017-03-09 15:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-09 15:50 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-09 15:49 - 2017-03-09 15:50 - 51969976 _____ (Malwarebytes ) C:\Users\Brendan\Downloads\didlo.exe
2017-03-09 15:33 - 2017-03-09 18:02 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\SpyHunter-Installer (4).exe
2017-03-09 15:33 - 2017-03-09 15:33 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\SpyHunter-Installer (3).exe
2017-03-09 15:32 - 2017-03-09 15:32 - 03518640 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\RegHunter-Installer.exe
2017-03-09 15:32 - 2017-03-09 15:32 - 03518640 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\RegHunter-Installer (1).exe
2017-03-09 15:26 - 2017-03-09 15:26 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\SpyHunter-Installer (2).exe
2017-03-09 15:17 - 2017-03-09 15:17 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\SpyHunter-Installer (1).exe
2017-03-09 15:15 - 2017-03-09 15:15 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Brendan\Downloads\SpyHunter-Installer.exe
2017-03-09 15:00 - 2017-03-09 18:26 - 00000000 ____D C:\Users\Brendan\AppData\Local\llssoft
2017-03-09 14:59 - 2017-03-09 19:09 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-03-09 14:32 - 2017-03-09 18:24 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-03-09 14:32 - 2017-03-09 14:32 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-03-09 14:32 - 2017-03-09 14:32 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-09 14:32 - 2017-03-09 14:32 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-09 14:32 - 2017-03-09 14:32 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\c
2017-03-09 14:32 - 2017-03-09 14:32 - 00000000 ____D C:\ProgramData\1489091524
2017-03-09 14:30 - 2017-03-09 14:30 - 01767424 _____ C:\Users\Brendan\Downloads\ARK Hack Ark Survival Evolved Cheat CheatAutomationcom.iso
2017-03-02 21:06 - 2017-03-02 21:06 - 20960806 _____ C:\Users\Brendan\Downloads\20161230_101432_001.mp4
2017-02-28 15:47 - 2017-02-28 15:49 - 00413032 _____ C:\Users\Brendan\Downloads\ARK.Smart.Breeding_0.21.4.zip
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-21 17:19 - 2017-02-21 17:19 - 00000222 _____ C:\Users\Brendan\Desktop\Tom Clancy's Rainbow Six Siege.url
2017-02-10 02:43 - 2016-12-29 06:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-10 02:42 - 2016-12-29 07:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 01:21 - 2017-02-09 01:21 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Unreal Engine
2017-02-07 23:07 - 2017-02-07 23:07 - 00878592 _____ C:\Users\Brendan\Downloads\Jenny_9yo.iso
2017-02-07 01:15 - 2017-02-07 01:15 - 00001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-02-07 01:15 - 2017-02-07 01:15 - 00001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-02-07 01:13 - 2017-02-07 01:14 - 40411136 _____ C:\Users\Brendan\Downloads\EpicGamesLauncherInstaller-2.12.18-3265969.msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 18:51 - 2015-12-18 15:15 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Curse Client
2017-03-09 18:36 - 2015-12-18 14:43 - 02326362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 18:32 - 2015-12-18 18:39 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Spotify
2017-03-09 18:32 - 2015-12-18 18:39 - 00000000 ____D C:\Users\Brendan\AppData\Local\Spotify
2017-03-09 18:31 - 2016-09-21 03:55 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-09 18:31 - 2015-12-18 15:05 - 00000000 __SHD C:\Users\Brendan\IntelGraphicsProfiles
2017-03-09 18:30 - 2016-09-21 03:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 18:30 - 2016-09-21 03:55 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-09 18:29 - 2016-09-21 03:59 - 00003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2017-03-09 18:29 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 18:28 - 2016-08-31 12:06 - 00000000 ____D C:\ProgramData\Origin
2017-03-09 18:25 - 2016-09-21 03:56 - 00000000 ____D C:\Users\Brendan
2017-03-09 18:22 - 2015-12-20 12:41 - 00000000 ____D C:\Users\Brendan\AppData\Local\CrashDumps
2017-03-09 17:59 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 17:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 17:59 - 2016-01-02 12:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-09 17:54 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-09 17:45 - 2016-09-21 03:59 - 00011999 _____ C:\WINDOWS\diagwrn.xml
2017-03-09 17:45 - 2016-09-21 03:59 - 00010127 _____ C:\WINDOWS\diagerr.xml
2017-03-09 17:19 - 2016-05-01 20:04 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2017-03-09 17:03 - 2016-09-21 03:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 16:39 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 16:27 - 2016-01-26 06:56 - 00000000 ____D C:\Users\Brendan\AppData\Local\ElevatedDiagnostics
2017-03-09 14:34 - 2015-12-18 14:55 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-03 14:34 - 2016-01-15 19:06 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\TS3Client
2017-03-01 20:47 - 2015-12-18 14:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-28 15:49 - 2017-01-31 05:04 - 00000000 ____D C:\Users\Brendan\AppData\Local\ARKBreedingStats
2017-02-28 03:00 - 2015-12-19 01:48 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-25 14:43 - 2015-12-18 17:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 14:42 - 2015-12-18 17:59 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 15:59 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-16 17:21 - 2016-01-15 19:06 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-14 15:01 - 2015-12-18 16:04 - 00000000 ____D C:\Users\Brendan\AppData\Local\Battle.net
2017-02-14 14:01 - 2015-12-18 16:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-10 23:39 - 2016-05-06 12:12 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-10 16:31 - 2016-11-20 20:21 - 00000000 ____D C:\Users\Brendan\AppData\Local\EpicGamesLauncher
2017-02-10 16:31 - 2015-12-19 04:06 - 00000000 ____D C:\Users\Brendan\AppData\Local\UnrealEngine
2017-02-10 02:43 - 2016-09-21 03:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 02:43 - 2016-03-07 20:56 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 02:43 - 2015-12-20 04:09 - 00000000 ____D C:\Users\Brendan\AppData\Local\NVIDIA Corporation
2017-02-10 02:43 - 2015-12-18 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 02:42 - 2016-09-21 03:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 02:42 - 2016-09-21 03:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 17:30 - 2016-02-13 16:25 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-07 01:16 - 2016-11-20 21:34 - 00000000 ____D C:\Program Files\Epic Games
2017-02-07 01:15 - 2016-11-20 20:21 - 00000000 ____D C:\Program Files (x86)\Epic Games
 
==================== Files in the root of some directories =======
 
2016-03-12 17:57 - 2016-03-12 17:57 - 0000017 _____ () C:\Users\Brendan\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2017-03-09 17:43 - 2017-03-09 17:45 - 18309328 _____ (Microsoft Corporation) C:\Users\Brendan\AppData\Local\Temp\MediaCreationTool.exe
2017-03-09 15:12 - 2017-03-09 14:57 - 7114352 _____ (Spotify Ltd) C:\Users\Brendan\AppData\Local\Temp\SpotifyUninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-04 11:49
 
==================== End of FRST.txt ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 09 March 2017 - 09:27 PM

Hello,

 

 

Please delete the fixlist.txt you created (downloaded) on your own:

 

2017-03-09 18:49 - 2017-03-09 18:49 - 00015228 _____ C:\Users\Brendan\Downloads\fixlist.txt
2017-03-09 18:49 - 2017-03-09 18:49 - 00015228 _____ C:\Users\Brendan\Desktop\fixlist.txt

 

 

Next please download the following file => Attached File  fixlist.txt   3.14KB   13 downloads and save it to the Desktop.

Copy FRST64.exe to your Desktop from C:\Users\Brendan\Downloads as well.

NOTE. It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

 

Restart the computer in Safe Mode. See here how to do this

Run FRST64.exe and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please restart your computer in Normal Mode and post back the log file in your next reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things after the fix above.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 09:42 PM

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5C09094-02AB-43CC-9F54-E931F151EBA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5C09094-02AB-43CC-9F54-E931F151EBA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverAssist.Autostart => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D81FB9EA-4AAB-425D-844F-F1F5A04D4A3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D81FB9EA-4AAB-425D-844F-F1F5A04D4A3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverAssist.Scanning => key not found. 
"C:\Program Files (x86)\dataup" => was unlocked
C:\Program Files (x86)\dataup => moved successfully
"C:\Program Files (x86)\svcvmx" => was unlocked
C:\Program Files (x86)\svcvmx => moved successfully
"C:\Program Files (x86)\qdcomsvc" => was unlocked
C:\Program Files (x86)\qdcomsvc => moved successfully
"C:\Users\Brendan\AppData\Local\Temp\20170309" => was unlocked
C:\Users\Brendan\AppData\Local\Temp\20170309 => moved successfully
"C:\Windows\SysWOW64\splsrv.exe" => was unlocked
C:\Windows\SysWOW64\splsrv.exe => moved successfully
"C:\Program Files (x86)\cpx" => not found.
"C:\Program Files (x86)\cpx" => not found.
"C:\Users\Brendan\AppData\Local\Temp\WS" => was unlocked
C:\Users\Brendan\AppData\Local\Temp\WS => moved successfully
"C:\WINDOWS\System32\drivers\drmkpro64.sys" => was unlocked
C:\WINDOWS\System32\drivers\drmkpro64.sys => moved successfully
"C:\Users\Brendan\AppData\Local\llssoft" => was unlocked
C:\Users\Brendan\AppData\Local\llssoft => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dataup" => key was unlocked
HKLM\System\CurrentControlSet\Services\Dataup => key removed successfully
Dataup => service removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qdcomsvc" => key was unlocked
HKLM\System\CurrentControlSet\Services\qdcomsvc => key removed successfully
qdcomsvc => service removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\realtek_amd64" => key was unlocked
HKLM\System\CurrentControlSet\Services\realtek_amd64 => key removed successfully
realtek_amd64 => service removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windowsmanagementservice" => key was unlocked
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully
windowsmanagementservice => service removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkpro64" => key was unlocked
HKLM\System\CurrentControlSet\Services\drmkpro64 => key removed successfully
drmkpro64 => service removed successfully
C:\Program Files (x86)\regtool => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\Users\Brendan\AppData\Roaming\c => moved successfully
C:\ProgramData\1489091524 => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007043c
This service cannot be started in Safe Mode
 
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 161238481 B
Java, Flash, Steam htmlcache => 705988443 B
Windows/system/drivers => 15301696 B
Edge => 9806881 B
Chrome => 622098789 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 31592 B
NetworkService => 534172 B
Brendan => 433431332 B
 
RecycleBin => 2571091 B
EmptyTemp: => 1.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:36:17 ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 09 March 2017 - 09:48 PM

Hi,

 

 

Next do the following:

 

 

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-consumer-3.0.6.1469.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 09:59 PM

I accidentally deleted the quarantined files. but it worked! Its not longer on the computer! 



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 09 March 2017 - 10:22 PM

Hi,

 

Please post the MBAM log file. We are not done yet!

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 10 March 2017 - 01:36 AM

how would i find the mbam log file



#10 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 10 March 2017 - 01:55 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/9/2017
Scan Time: 8:44 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.03.10.01
Rootkit Database: v2017.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Brendan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313796
Time Elapsed: 4 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, Quarantined, [3227eddbdeca46f0c1538ee9c33d44bc], 
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}, Quarantined, [68f105c37335f0464711e831fc04f10f], 
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup, Quarantined, [abae5078921639fde91ffb8144bdc13f], 
 
Registry Values: 4
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|Contact, contact@online.io, Quarantined, [8fcac0081c8c81b5ee8b80e044bcc937]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|URLInfoAbout, http://traffic.io/, Quarantined, [3227eddbdeca46f0c1538ee9c33d44bc]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|Contact, contact@online.io, Quarantined, [3f1a9a2e98101521cdac75eb9a66af51]
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|URLInfoAbout, http://online.io/, Quarantined, [68f105c37335f0464711e831fc04f10f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 28
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\FullBackup, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\regbackup, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\update, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer, Quarantined, [3227aa1e0f99290df4ffdf67926e837d], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\css, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\html, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\html\popup, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\js, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\js\popup, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\newtab, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_locales, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_locales\en, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_metadata, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
 
Files: 140
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\SpyHunter-Installer (1).exe, Quarantined, [e475b414832589adc4f418a96898e818], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\SpyHunter-Installer (2).exe, Quarantined, [62f7c20693154aec3a7e08b945bb04fc], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\SpyHunter-Installer (3).exe, Quarantined, [3a1f03c5872185b1843405bc0ff115eb], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\SpyHunter-Installer (4).exe, Quarantined, [4712d0f8b7f1b482f1c719a8be42f20e], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\SpyHunter-Installer.exe, Quarantined, [64f57850198fa0965266f1d037c9c63a], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\RegHunter-Installer (1).exe, Quarantined, [b2a723a5dfc90c2a8f29457cc53b04fc], 
PUP.Optional.SpyHunter, C:\Users\Brendan\Downloads\RegHunter-Installer.exe, Quarantined, [64f54286901889ad0eaa9a27db2508f8], 
PUP.Optional.SmartPCFixer, C:\Users\Brendan\Downloads\setup (1).exe, Quarantined, [3623f6d2a404b086efc44bb86c951ee2], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\LionSea Software.url, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\Calc.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\Common.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\DiskDefrag.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\EvidenceMan.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\IEMan.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\license.txt, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\mfc100u.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\msvcp100.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\msvcr100.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\RegisterCleanDll.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\RegisterLib.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\RegisterManager.exe, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\RegMan.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\SmartPCFixer.exe, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\sysback.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\sysFix.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\sysTool.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\unins000.dat, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\unins000.exe, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\WindowsUpdateDll.dll, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\ar\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\cn\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\de\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\en\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\es\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\fr\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\hk\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\it\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\jp\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\nl\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\backup.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\Evident.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\frame.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\IETools.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\ScanClean.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\SysOp.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\systemfix.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\dic\pt\systemtool.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\regbackup\regbackup.db, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\update\update.EXE, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\update\update.URS, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Program Files (x86)\SmartPCFixer\update\UpdateLang.ini, Quarantined, [b9a004c496120a2c48e97dc439c72ad6], 
PUP.Optional.SmartPCFixer, C:\Users\Public\Desktop\SmartPCFixer.lnk, Quarantined, [b9a03791d3d52610e38fc47e08f88080], 
PUP.Optional.SmartPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer\SmartPCFixer on the Web.url, Quarantined, [3227aa1e0f99290df4ffdf67926e837d], 
PUP.Optional.SmartPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer\SmartPCFixer.lnk, Quarantined, [3227aa1e0f99290df4ffdf67926e837d], 
PUP.Optional.SmartPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer\Uninstall SmartPCFixer.lnk, Quarantined, [3227aa1e0f99290df4ffdf67926e837d], 
PUP.Optional.SmartPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer\update.lnk, Quarantined, [3227aa1e0f99290df4ffdf67926e837d], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\background.js, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\contentscript.js, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\icon.png, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\manifest.json, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\css\description.css, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\css\popup.css, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\html\popup\description.html, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\html\popup\popup.html, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\js\userNewTab.js, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\js\popup\popup.js, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\newtab\newtab.html, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_locales\en\messages.json, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_metadata\computed_hashes.json, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
PUP.Optional.Spigot.Generic, C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffoahahbaeeihcaogognjojhnipfbphb\3.0_0\_metadata\verified_contents.json, Quarantined, [d980775178306bcbc05f0daab64aa55b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 10 March 2017 - 03:49 PM

Hi,

 
Here are the last set of steps just to make sure nothing is lurking in the dark corners.
 

 

STEP 1

 
1.Please download HitmanPro.

2.Launch the program by double clicking on the HitmanPro icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
96QH4u9.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.
 

 

STEP 2
 

 

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please attach the content of the report in your next reply.

 
 

STEP 3

 

 

And finally I'd like us to scan your machine with ESET OnlineScan

 

  • Please download and run ESET Online Scanner
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:

 

  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth Technology

 

  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.

yKulboi.jpg

 

  • Push the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push save to text file and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the do not clean button.
  • Push a3dBJq5.jpg and the close the application.

 

 

and then if there aren't any issues left I'll give you my final recommendations. ;)
 
 
Regards,
Georgi


cXfZ4wS.png


#12 Doubble

Doubble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 11 March 2017 - 02:59 AM

Sorry for the delay, just got off work. Hope this helps. (i have noticed that my Battleye wont load when playing certain games, which prevents me from actually playing them) 

Attached Files



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 11 March 2017 - 06:18 AM

Hello,
 
No worries about the delay. We all have a personal life. :)
 
I didn't delete anything related to Batteye. I went through the logs again and didn't see any errors in the EventViewer related to it. Are you sure the problem occurred after the cleaning process?
 
I didn't use Battleye so far and I am not sure if it need to be set to automatic but you can give it a try.
 
Go to Start => Run => type in services.msc and click Enter.

Scroll the alphabetical list until you find the BEService entry.

Make sure the Service is set to "Automatic" and the status is "started".
 
Or try reinstall the games that won't work.
 
Also you can check the FAQ here => https://www.battleye.com/support/faq/
 
The logs are clean but I suggest you to delete the following folders and the startup entry as they are created by BitCoinMiner
 
C:\ProgramData\System32
C:\ProgramData\WindowsTask
C:\ProgramData\SysData
C:\ProgramData\Killer
C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Service.exe.lnk
 
If you installed it by purpose then you can leave them but if not then remove them.
 
You should delete the following as well (unless you are certain they are trustworthy and do not possess any security risks):
 
C:\Program Files (x86)\ExtremeInjector
C:\Users\Brendan\Downloads\ARK Hack Ark Survival Evolved Cheat CheatAutomationcom.iso
C:\Users\Brendan\Downloads\Extreme Injector v3.6.exe
C:\Users\Brendan\Downloads\RedEye Windows Setup.iso

 

 

Let me know of any remaining issues.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 11 March 2017 - 06:20 AM.

cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 13 March 2017 - 10:03 AM

Hi,

 

 

It's been several days. Do you still need help on this? :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:14 PM

Posted 16 March 2017 - 12:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users