Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got a nasty virus that I really just can't remove


  • This topic is locked This topic is locked
18 replies to this topic

#1 hyenapack

hyenapack

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 14 May 2017 - 06:36 PM

I need some urgent help here, I've tried everything i could find. I'm running on windows 8.1.

 

I got a virus today that nothing will remove. I've tried RKill, Zemana,HitmanPro, ESET, and it doesn't allow me to start MBAM or TDSSKiller.

It's also blocking other applications from accessing the internet, like gaming chat systems (discord) or my antiviruses and also has disabled my recovery for windows so i can't recover to an earlier recovery point.

(got Malwarebytes to work using MBAM Chameleon but it failed to fix the problem.)

Here are my logs from ADW and RogueKiller, I also ran a scan on FRST and attached the logs it gave me below.

it also says ntuserlitelist was removed at reboot but if I scan again all the "threats" are still there that were detected before the reboots.

 

UPDATE: MBAL Removed some of them and now i can connect to the gaming chatt application but still some other apps are there through scans. I'll update the FRST Files and do a new scan.

 

 

ADW: 

# AdwCleaner v6.046 - Logfile created 14/05/2017 at 18:39:55
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-14.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Dee - DANTE
# Running from : C:\Users\Dee\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found:  Dataup
Service Found:  windowsmanagementservice
Service Found:  drmkpro64
Service Found:  dataup


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpx]


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3270 Bytes] - [14/05/2017 17:24:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [3040 Bytes] - [14/05/2017 17:23:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1812 Bytes] - [14/05/2017 17:28:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1639 Bytes] - [14/05/2017 18:39:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1712 Bytes] ##########


RogueKiller: 

RogueKiller V12.10.8.0 (x64) [May  8 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Dee [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/14/2017 18:00:51 (Duration : 00:32:26)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[Adw.Yelloader|Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cpx : "C:\Users\Dee\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup

  • -> ERROR [5]

[Adw.Yelloader|Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | svcvmx : "C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup

  • -> ERROR [5]

[PUP.Gen0|Adw.Yelloader|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dataup (C:\Users\Dee\AppData\Local\ntuserlitelist\dataup\dataup.exe) -> ERROR [5]
[PUP.BetterAds] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srcsrv (C:\Windows\src_srv\winsrcsrv.exe) -> Deleted
[PUP.Gen0|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\windowsmanagementservice (C:\Users\Dee\AppData\Local\gvvcoovf\ct.exe) -> ERROR [5]
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8003  -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3449829512-4136246939-2097004572-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3449829512-4136246939-2097004572-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.OnlineIO][File] C:\Windows\SysWOW64\splsrv.exe -> Deleted
[Adw.Yelloader][Folder] C:\Users\Dee\AppData\Local\ntuserlitelist -> Removed at reboot [91]
[Adw.Yelloader][Folder] C:\Users\Dee\AppData\Local\ntuserlitelist\dataup -> Removed at reboot [5]
[Adw.Yelloader][Folder] C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx\locales -> Removed at reboot [5]
[Adw.Yelloader][Folder] C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx -> Removed at reboot [5]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SHSS37A120G +++++
--- User ---
[MBR] 48378fa5e95500ad47092173ba34b1eb
[BSP] 018f41e5de38c296417a82b1e7e378f3 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 113944 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: TOSHIBA DT01ACA100 SCSI Disk Device +++++
--- User ---
[MBR] a9f1c4e643a2095827a7dc39cbccb5b8
[BSP] b3c6e248b3df8214aa3de5bf383ab0da : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

 

i ran mbar and it said it found malware. I have attached my FRST and the Addition txt logs that FRST made.

Attached Files


Edited by hyenapack, 14 May 2017 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 14 May 2017 - 07:21 PM

Hi hyenapack :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Do you have the MBAR log? It should be in the MBAR folder and called "mbar-log-TODAY'S-DATE.txt". If so, please copy/paste its content here.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 14 May 2017 - 07:24 PM

Here is the MBAR Log.

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.05.14.05
  rootkit: v2017.04.02.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18666
Dee :: DANTE [administrator]
 
5/14/2017 7:25:22 PM
mbar-log-2017-05-14 (19-25-22).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 283799
Time elapsed: 15 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 4
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [42cb98804b5ed95dea13182fca379d63]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [719c75a3cfda48eebfd43fd969988878]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [b05d8f895a4f142221bb51c6e21f34cc]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [8c81fa1e06a394a203c372488c75fc04]
 
Registry Values Detected: 4
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\Dee\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [df2ee92f8029f442fcdd07b4c53cea16]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [13fad93f69408fa78fd2cfce3ac631cf]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Dee\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [719c75a3cfda48eebfd43fd969988878]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Dee\AppData\Local\gvvcoovf\ct.exe -> Delete on reboot. [8c81fa1e06a394a203c372488c75fc04]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 6
C:\Users\Dee\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
C:\Users\Dee\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
C:\Users\Dee\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
C:\Users\Dee\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
C:\Users\Dee\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [5fae63b5c5e4bc7a8291dccf0af745bb]
 
Files Detected: 2
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\Dee\AppData\Local\Temp\1494794646\s5m_install_325.exe (Trojan.Clicker) -> Delete on reboot. [24e904141c8d64d2c1030cb5b9480000]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 14 May 2017 - 08:31 PM

Good. MBAR crippled the main infection components, so you should be able to install and run a scan with Malwarebytes now.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 14 May 2017 - 10:10 PM

I can only use the "Chameleon" version of mbam since the virus won't allow me to open it, mbam will just crash. so instead i'll just manually export the protection logs for you and the scan logs.



#6 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 14 May 2017 - 10:13 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/14/2017
Scan Time: 10:51 PM
Logfile: results of mbamscan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.05.14.05
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dee
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284082
Time Elapsed: 11 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 8
PUP.Optional.GameHack, C:\Program Files (x86)\Cheat Engine 6.6\standalonephase1.dat, , [16f7ed2b37721b1b0d7b95bd629f7b85], 
Trojan.Clicker, C:\Users\Dee\AppData\Local\Temp\1494794646\s5m_install_325.zip, , [0eff8791b5f456e0ba0ab50cf30e6b95], 
CheatTool.CETTrainer, C:\Users\Dee\Downloads\Dark Souls 3 V1.09 Trainer +17 MrAntiFun.zip, , [db3255c35e4bad891cb93083e81933cd], 
PUP.Optional.Smeazymo, C:\Users\Dee\AppData\Local\Donquotex.dat, , [9a7304142e7b8ea829de70cfdf23b050], 
PUP.Optional.Linkury, C:\Users\Dee\AppData\Roaming\ApplicationHosting.dat, , [d7368b8d19907fb7563f8e63887aa15f], 
PUP.Optional.Linkury.Gen, C:\Users\Dee\AppData\Roaming\Re-Dex.tst, , [020bc553fdac3ff7f02c91a30ff450b0], 
PUP.Optional.Linkury.Gen, C:\Users\Dee\AppData\Roaming\Y-kix.tst, , [be4f8e8a4960c07626f681b3d03312ee], 
PUP.Optional.Linkury, C:\Users\Dee\AppData\Roaming\lobby.dat, , [1bf2958309a059ddfb930d2a12f1c838], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/14/2017 7:08 PM, SYSTEM, DANTE, Manual, Failed, Unable to access update server, 
Update, 5/14/2017 7:08 PM, SYSTEM, DANTE, Scheduler, Failed, Unable to access update server, 
Update, 5/14/2017 7:08 PM, SYSTEM, DANTE, Manual, Failed, Unable to access update server, 
Update, 5/14/2017 7:11 PM, SYSTEM, DANTE, Scheduler, Failed, Unable to access update server, 
Scan, 5/14/2017 7:18 PM, SYSTEM, DANTE, Manual, Start:5/14/2017 7:08 PM, Duration:9 min 44 sec, Threat Scan, Completed, 0 Malware Detections, 6 Non-Malware Detections, 
Update, 5/14/2017 10:47 PM, SYSTEM, DANTE, Scheduler, Remediation Database, 2016.2.12.1, 2017.5.11.1, 
Update, 5/14/2017 10:47 PM, SYSTEM, DANTE, Scheduler, Rootkit Database, 2016.2.8.1, 2017.4.2.1, 
Update, 5/14/2017 10:47 PM, SYSTEM, DANTE, Scheduler, IP Database, 2016.2.8.1, 2017.5.11.1, 
Update, 5/14/2017 10:47 PM, SYSTEM, DANTE, Scheduler, Domain Database, 2016.2.16.8, 2017.5.12.3, 
Update, 5/14/2017 10:47 PM, SYSTEM, DANTE, Scheduler, Malware Database, 2016.2.16.6, 2017.5.14.5, 
Scan, 5/14/2017 10:51 PM, SYSTEM, DANTE, Context, Start:5/14/2017 10:48 PM, Duration:2 min 42 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection, 
Scan, 5/14/2017 11:04 PM, SYSTEM, DANTE, Manual, Start:5/14/2017 10:51 PM, Duration:11 min 54 sec, Threat Scan, Completed, 4 Malware Detections, 12 Non-Malware Detections, 
 
(end)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 15 May 2017 - 07:48 AM

There's less than I expected, but you had run scans beforehand. When you ran AdwCleaner, did you delete the threats it detected? Because the log you provided for it is a Scan log, not a Clean log.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 15 May 2017 - 08:54 AM

Yeah I ran the scan and Cleaned the threats multiple times, it couldn't get rid of them.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 15 May 2017 - 11:33 AM

This time it should though. Follow the instructions below.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 16 May 2017 - 09:55 AM

JRT Log
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by Dee (Administrator) on Tue 05/16/2017 at 10:52:50.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/16/2017 at 10:55:24.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 16 May 2017 - 10:01 AM

ADW Logs

 

# AdwCleaner v6.046 - Logfile created 16/05/2017 at 10:59:48
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-15.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Dee - DANTE
# Running from : C:\Users\Dee\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3270 Bytes] - [14/05/2017 17:24:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [1028 Bytes] - [16/05/2017 10:59:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [3040 Bytes] - [14/05/2017 17:23:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1812 Bytes] - [14/05/2017 17:28:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1799 Bytes] - [14/05/2017 18:39:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [1571 Bytes] - [16/05/2017 10:58:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1393 Bytes] ##########


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 16 May 2017 - 10:27 AM

Good :) Now please run a new scan with FRST, and provide me a fresh set of logs (FRST.txt and Addition.txt) so I can see what's left to remove.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 16 May 2017 - 01:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Dee (administrator) on DANTE (16-05-2017 14:03:47)
Running from C:\Users\Dee\Desktop
Loaded Profiles: Dee (Available Profiles: Dee)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Hi-Rez Studios) D:\Hi-Rez\HiPatchService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Spotify Ltd) C:\Users\Dee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.104.19.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.19.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.104.19.0\OverwolfHelper64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14516464 2017-03-28] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8654456 2017-03-06] (Sand Studio)
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-04-27] ()
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Run: [Spotify Web Helper] => C:\Users\Dee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-23] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7035117F-E4E2-440A-B709-75B98E73B60E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C07D8914-C218-4F20-9927-79AFBB448A9E}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-03] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-03] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\ytr26nm4.default-1474983034706 [2017-05-16]
FF Extension: (Adblock Plus) - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\ytr26nm4.default-1474983034706\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-03] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default [2017-05-16]
CHR Extension: (Google Slides) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-04]
CHR Extension: (BetterTTV) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Google Docs) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-04]
CHR Extension: (Google Drive) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-04]
CHR Extension: (Turn Off the Lights) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-05-16]
CHR Extension: (YouTube) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-05-09]
CHR Extension: (Google Sheets) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (AdBlock) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Grammarly for Chrome) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-05-01] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-11] (ESET)
U2 HiPatchService; D:\Hi-Rez\HiPatchService.exe [9728 2017-02-23] (Hi-Rez Studios) [File not signed]
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\service.exe [77528 2015-12-15] (Visicom Media Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-04-26] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-11] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-11] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-04-27] (Overwolf LTD)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-03-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14516464 2017-03-28] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [595456 2014-09-19] (C-MEDIA)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-11] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197248 2016-11-11] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181384 2016-11-11] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-05-14] ()
S3 LifeCamTrueColor; C:\Windows\system32\DRIVERS\LifeCamTrueColor.sys [37936 2016-07-27] (Microsoft Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2017-05-14] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-14] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-26] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52248 2016-10-30] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48152 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-05-14] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-08] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-14] (Zemana Ltd.)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-16 14:02 - 2017-05-16 14:03 - 00020889 _____ C:\Users\Dee\Desktop\FRST.txt
2017-05-16 11:01 - 2017-05-16 11:02 - 00000562 _____ C:\TDSSKiller.3.1.0.15_16.05.2017_11.01.58_log.txt
2017-05-16 10:55 - 2017-05-16 10:55 - 00000549 _____ C:\Users\Dee\Desktop\JRT.txt
2017-05-16 10:52 - 2017-05-16 10:52 - 01663672 _____ (Malwarebytes) C:\Users\Dee\Desktop\JRT.exe
2017-05-14 23:12 - 2017-05-14 23:12 - 00002010 _____ C:\Scan Log.txt
2017-05-14 23:12 - 2017-05-14 23:12 - 00001445 _____ C:\Protection Log.txt
2017-05-14 23:04 - 2017-05-14 23:04 - 00001933 _____ C:\results of mbamscan.txt
2017-05-14 22:48 - 2017-05-14 22:48 - 00001099 _____ C:\Users\Dee\Desktop\old protection log.txt
2017-05-14 22:47 - 2017-05-14 22:47 - 00001925 _____ C:\Users\Dee\Desktop\old scan log.txt
2017-05-14 19:25 - 2017-05-14 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-14 19:24 - 2017-05-14 19:41 - 00000000 ____D C:\Users\Dee\Desktop\mbar
2017-05-14 19:24 - 2017-05-14 19:24 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Dee\Desktop\mbar-1.09.4.1001.exe
2017-05-14 19:08 - 2017-05-14 23:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-14 19:08 - 2017-05-14 23:11 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-05-14 19:08 - 2017-05-14 19:08 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-05-14 19:08 - 2017-05-14 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-05-14 19:08 - 2017-05-14 19:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-05-14 19:08 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-05-14 19:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-14 19:07 - 2017-05-14 19:07 - 06705178 _____ C:\Users\Dee\Desktop\mbam-chameleon-3.1.33.0.zip
2017-05-14 19:07 - 2017-05-14 19:07 - 00000000 ____D C:\Users\Dee\Desktop\mbam-chameleon-3.1.33.0
2017-05-14 19:00 - 2017-05-14 19:00 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Dee\Desktop\tdsskiller (1).exe
2017-05-14 18:53 - 2017-05-16 14:03 - 00000000 ____D C:\FRST
2017-05-14 18:53 - 2017-05-14 18:54 - 00051078 _____ C:\Users\Dee\Downloads\Addition.txt
2017-05-14 18:53 - 2017-05-14 18:54 - 00047680 _____ C:\Users\Dee\Downloads\FRST.txt
2017-05-14 18:43 - 2017-05-14 18:43 - 02429952 _____ (Farbar) C:\Users\Dee\Desktop\FRST64.exe
2017-05-14 18:34 - 2017-05-14 18:34 - 00011920 _____ C:\Users\Dee\Desktop\rk_65E1.tmp.txt
2017-05-14 18:00 - 2017-05-14 18:00 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-14 18:00 - 2017-05-14 18:00 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-14 18:00 - 2017-05-14 18:00 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-14 18:00 - 2017-05-14 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-14 18:00 - 2017-05-14 18:00 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-14 17:59 - 2017-05-14 17:59 - 35366512 _____ (Adlice Software ) C:\Users\Dee\Downloads\RogueKiller_setup.exe
2017-05-14 17:51 - 2017-05-14 17:51 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Dee\Desktop\rkill64.exe
2017-05-14 17:42 - 2017-05-14 17:42 - 00000000 ____D C:\ProgramData\dbg
2017-05-14 17:38 - 2017-05-16 14:03 - 00132223 _____ C:\Windows\ZAM.krnl.trace
2017-05-14 17:38 - 2017-05-16 14:03 - 00064700 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-14 17:38 - 2017-05-14 17:38 - 05766464 _____ (Zemana Ltd. ) C:\Users\Dee\Downloads\eXplorer.exe
2017-05-14 17:38 - 2017-05-14 17:38 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-14 17:38 - 2017-05-14 17:38 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-05-14 17:38 - 2017-05-14 17:38 - 00001164 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-14 17:38 - 2017-05-14 17:38 - 00000000 ____D C:\Users\Dee\AppData\Local\Zemana
2017-05-14 17:38 - 2017-05-14 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-05-14 17:38 - 2017-05-14 17:38 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-14 17:36 - 2017-05-14 17:57 - 00002286 _____ C:\Users\Dee\Desktop\Rkill.txt
2017-05-14 17:36 - 2017-05-14 17:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dee\Downloads\rkill.exe
2017-05-14 17:36 - 2017-05-14 17:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dee\Desktop\rkill.exe
2017-05-14 17:35 - 2017-05-14 17:36 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Dee\Downloads\tdsskiller.exe
2017-05-14 17:34 - 2017-05-14 17:34 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-14 17:34 - 2017-05-14 17:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-14 17:34 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-14 17:33 - 2017-05-14 17:34 - 63035592 _____ (Malwarebytes ) C:\Users\Dee\Downloads\mb3-setup-consumer-3.1.2.1733 (1).exe
2017-05-14 17:21 - 2017-05-16 10:59 - 00000000 ____D C:\AdwCleaner
2017-05-14 17:21 - 2017-05-14 17:21 - 04102600 _____ C:\Users\Dee\Downloads\AdwCleaner.exe
2017-05-14 17:19 - 2017-05-16 14:00 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-05-14 17:18 - 2017-05-14 17:18 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-05-14 17:17 - 2017-05-14 17:17 - 00001352 _____ C:\Windows\system32\.crusader
2017-05-14 17:12 - 2017-05-14 17:17 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-14 17:12 - 2017-05-14 17:12 - 11583584 _____ (SurfRight B.V.) C:\Users\Dee\Downloads\hitmanpro_x64.exe
2017-05-14 16:53 - 2017-05-14 16:53 - 63035592 _____ (Malwarebytes ) C:\Users\Dee\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-14 16:44 - 2017-05-14 16:44 - 00000000 ____D C:\Users\Dee\AppData\Local\ptufv
2017-05-14 09:51 - 2017-05-14 09:51 - 01317572 _____ C:\Users\Dee\Downloads\310_2-0_shake_it_off_ebook-interactive.pdf
2017-05-12 19:35 - 2017-05-12 19:35 - 00000000 ____D C:\Users\Dee\AppData\Local\CrashReportClient
2017-05-11 11:13 - 2017-04-28 18:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 11:13 - 2017-04-28 18:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 16:49 - 2017-05-10 16:49 - 00000000 ____D C:\Users\Dee\AppData\Local\OrionGame
2017-05-10 15:33 - 2017-05-10 15:33 - 00000947 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-05-10 15:33 - 2017-05-10 15:33 - 00000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-05-10 15:32 - 2017-05-10 15:32 - 38526976 _____ C:\Users\Dee\Downloads\ParagonEpicGamesLauncherInstaller-2.14.0-3399308.msi
2017-05-10 11:57 - 2017-04-28 17:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 11:57 - 2017-04-26 10:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 11:57 - 2017-04-16 06:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 11:57 - 2017-04-16 06:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 11:57 - 2017-04-16 06:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 11:57 - 2017-04-16 06:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 11:57 - 2017-04-16 06:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 11:57 - 2017-04-16 05:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 11:57 - 2017-04-16 05:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 11:57 - 2017-04-16 05:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 11:57 - 2017-04-16 05:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 11:57 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 11:57 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 11:57 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 11:57 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 11:57 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 11:57 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 11:57 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 11:57 - 2017-04-16 04:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 11:57 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 11:57 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 11:57 - 2017-04-16 04:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 11:57 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 11:57 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 11:57 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 11:57 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 11:57 - 2017-04-16 03:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 11:57 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 11:57 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 11:57 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 11:57 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 11:57 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 11:57 - 2017-04-16 03:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 11:57 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 11:57 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 11:57 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 11:57 - 2017-04-16 03:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 11:57 - 2017-04-16 03:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 11:57 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 11:57 - 2017-04-16 03:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 11:57 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 11:57 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 11:57 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 11:57 - 2017-04-16 03:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 11:57 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 11:57 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 11:57 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 11:57 - 2017-04-16 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 11:57 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 11:57 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 11:57 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 11:57 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 11:57 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 11:57 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 11:57 - 2017-04-09 18:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 11:57 - 2017-04-09 18:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 11:57 - 2017-04-07 19:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 11:57 - 2017-04-07 09:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 11:57 - 2017-04-02 12:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 11:57 - 2017-04-02 12:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 11:57 - 2017-03-31 19:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 11:57 - 2017-03-31 17:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 11:57 - 2017-03-13 12:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 11:57 - 2017-03-13 12:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 11:57 - 2017-03-13 12:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 11:57 - 2017-03-13 12:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 11:57 - 2017-03-13 12:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 11:57 - 2017-03-13 12:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 11:57 - 2017-03-11 15:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 11:57 - 2017-03-11 15:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 11:57 - 2017-03-11 15:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 11:57 - 2017-03-11 14:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 11:57 - 2017-03-11 13:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 11:57 - 2017-03-11 13:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 11:57 - 2017-03-10 19:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 11:57 - 2017-03-10 19:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 11:57 - 2017-03-09 16:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 11:57 - 2017-03-09 15:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 11:57 - 2017-03-07 22:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-09 20:43 - 2017-05-09 20:43 - 00000222 _____ C:\Users\Dee\Desktop\Dishonored 2.url
2017-05-09 15:03 - 2017-05-09 00:37 - 61507924 _____ C:\Users\Dee\Desktop\League of Legends 05-09-2017 0-37-48-889.mp4
2017-05-04 16:42 - 2017-05-04 16:42 - 10435136 _____ C:\Users\Dee\Downloads\dark-star-banner.webm
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N (TOSHIBA CORPORATION) C:\Windows\system32\tprdpw64.exe
2017-05-02 15:48 - 2017-05-02 15:48 - 00000000 ____D C:\Users\Dee\Desktop\Discord_HypeSquad_Logos
2017-05-02 15:39 - 2017-05-02 15:39 - 00199736 _____ C:\Users\Dee\Downloads\Discord_HypeSquad_Logos.zip
2017-05-01 22:35 - 2017-05-01 22:35 - 00000000 ____D C:\Users\Dee\AppData\Local\TslGame
2017-05-01 21:29 - 2017-05-01 21:29 - 00000222 _____ C:\Users\Dee\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2017-04-30 10:38 - 2017-04-30 10:38 - 00994498 _____ C:\Users\Dee\Downloads\ElophantClient (1).zip
2017-04-29 15:01 - 2017-04-29 15:01 - 00000222 _____ C:\Users\Dee\Desktop\H1Z1 King of the Kill.url
2017-04-27 10:38 - 2017-04-27 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm 4 Express
2017-04-27 10:38 - 2017-04-27 10:38 - 00000612 _____ C:\Users\Dee\Desktop\HitFilm 4 Express.lnk
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Users\Dee\Documents\FXHOME
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Users\Dee\AppData\Local\HitFilm 4 Express Activation
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Users\Dee\AppData\Local\FXHOME Helper
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Users\Dee\AppData\Local\FXHOME
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Users\Dee\AppData\Local\Crashpad
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\ProgramData\FXHOME
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Program Files\Common Files\OFX
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Program Files\Boris FX, Inc
2017-04-27 10:38 - 2017-04-27 10:38 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-04-26 21:06 - 2017-04-26 21:06 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Google
2017-04-25 16:26 - 2017-04-25 16:27 - 00925832 _____ (Overwolf Ltd.) C:\Users\Dee\Downloads\Replay HUD-OverwolfInstaller.exe
2017-04-19 09:40 - 2017-04-19 09:40 - 00364354 _____ C:\Users\Dee\Downloads\ivern.mp4
2017-04-18 18:32 - 2017-05-02 02:37 - 00001432 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-04-18 18:32 - 2017-03-27 23:32 - 00153536 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-04-18 18:32 - 2017-03-27 23:32 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-04-18 18:32 - 2017-03-27 23:32 - 00047552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-16 14:03 - 2016-10-16 09:13 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-05-16 14:02 - 2016-09-24 12:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-16 14:01 - 2017-04-13 09:13 - 00000000 ____D C:\Users\Dee\AppData\Local\Overwolf
2017-05-16 14:01 - 2016-10-12 11:38 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Skype
2017-05-16 14:01 - 2016-09-24 12:20 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6D922BF-B6B3-4F99-8596-7610142D07FC}
2017-05-16 14:00 - 2017-02-16 00:39 - 00000000 ____D C:\Users\Dee\Documents\AirDroid
2017-05-16 14:00 - 2017-02-16 00:38 - 00000000 ____D C:\Users\Dee\AppData\Roaming\AirDroid
2017-05-16 14:00 - 2016-10-12 11:58 - 00000000 ___RD C:\Users\Dee\OneDrive
2017-05-16 11:00 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-16 11:00 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-16 10:54 - 2016-09-25 15:19 - 00000000 ____D C:\Users\Dee\AppData\Local\Adobe
2017-05-15 11:51 - 2016-09-24 12:09 - 00000000 ____D C:\Users\Dee\AppData\Local\Packages
2017-05-15 11:47 - 2016-09-25 15:46 - 03566080 ___SH C:\Users\Dee\Desktop\Thumbs.db
2017-05-14 23:11 - 2014-11-21 04:44 - 00913650 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-14 23:11 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-05-14 23:07 - 2016-09-24 12:09 - 00000000 ____D C:\Users\Dee
2017-05-14 23:04 - 2017-03-05 22:42 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-05-14 23:04 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\InputMethod
2017-05-14 19:38 - 2016-09-28 19:01 - 01569792 ___SH C:\Users\Dee\Downloads\Thumbs.db
2017-05-14 19:14 - 2016-09-24 12:24 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3449829512-4136246939-2097004572-1001
2017-05-14 18:32 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-14 17:34 - 2016-09-26 22:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-14 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-13 18:32 - 2016-09-24 12:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-13 18:23 - 2016-09-24 13:09 - 00000000 ____D C:\Users\Dee\AppData\Roaming\discord
2017-05-13 16:29 - 2017-04-13 23:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-13 16:29 - 2016-11-07 23:45 - 00000000 ____D C:\ProgramData\Skype
2017-05-12 16:05 - 2016-09-25 09:47 - 00000000 ____D C:\Users\Dee\AppData\Roaming\obs-studio
2017-05-12 11:19 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 11:18 - 2016-10-12 11:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 21:38 - 2016-10-04 11:16 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 14:51 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 11:12 - 2013-08-22 10:44 - 00534960 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 02:37 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 15:33 - 2016-11-11 21:12 - 00000000 ____D C:\Users\Dee\AppData\Local\EpicGamesLauncher
2017-05-10 15:33 - 2016-10-01 12:13 - 00000000 ____D C:\Users\Dee\AppData\Local\UnrealEngine
2017-05-10 14:25 - 2016-09-25 11:23 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 14:23 - 2016-09-25 11:23 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-10 14:23 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-09 19:01 - 2017-04-13 09:14 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-09 11:49 - 2016-09-25 15:19 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 11:49 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 11:49 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-08 23:40 - 2016-09-24 12:59 - 00000000 ____D C:\Users\Dee\AppData\Local\CrashDumps
2017-05-08 02:30 - 2016-09-30 16:44 - 00000000 ____D C:\Users\Dee\AppData\Local\Spotify
2017-05-08 02:06 - 2016-09-30 16:44 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Spotify
2017-05-03 13:50 - 2016-11-24 22:49 - 00000000 ____D C:\Users\Dee\AppData\Local\Ubisoft Game Launcher
2017-05-02 02:37 - 2016-12-15 14:43 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-10-10 17:40 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-02 02:37 - 2016-09-24 12:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-02 02:37 - 2016-09-24 12:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-02 02:37 - 2016-09-24 12:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-27 16:33 - 2016-10-04 11:16 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 16:33 - 2016-10-04 11:16 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 01:40 - 2016-09-24 12:29 - 01882048 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-04-26 01:40 - 2016-09-24 12:29 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-04-26 01:40 - 2016-09-24 12:29 - 01472960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-04-26 01:40 - 2016-09-24 12:29 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-04-26 01:40 - 2016-09-24 12:29 - 00121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-04-26 01:03 - 2016-12-15 14:43 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-04-19 20:53 - 2016-09-24 12:30 - 00000000 ____D C:\Users\Dee\AppData\Local\NVIDIA Corporation
2017-04-18 09:39 - 2017-03-15 19:54 - 00000000 ____D C:\Program Files\CCleaner
2017-04-17 16:33 - 2016-11-09 18:44 - 00000000 ____D C:\Users\Dee\AppData\Local\ElevatedDiagnostics
2017-04-16 12:07 - 2016-09-25 09:31 - 00000000 ____D C:\Users\Dee\AppData\Local\Battle.net
2017-04-16 12:07 - 2016-09-25 09:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2016-09-24 12:41 - 2016-09-24 12:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-10-07 16:04 - 2016-08-08 16:04 - 0000032 ____R () C:\ProgramData\hash.dat
2016-12-15 14:43 - 2017-01-24 10:51 - 0024376 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 14:43 - 2017-01-05 18:14 - 0004188 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
2017-05-14 18:00 - 2016-08-13 03:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Dee\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-12 02:48
 
==================== End of FRST.txt ============================
 
 
Addition: 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Dee (16-05-2017 14:04:08)
Running from C:\Users\Dee\Desktop
Windows 8.1 (Update) (X64) (2016-09-24 16:09:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3449829512-4136246939-2097004572-500 - Administrator - Disabled)
Dee (S-1-5-21-3449829512-4136246939-2097004572-1001 - Administrator - Enabled) => C:\Users\Dee
Guest (S-1-5-21-3449829512-4136246939-2097004572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3449829512-4136246939-2097004572-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AirDroid 3.4.0.1 (HKLM-x32\...\AirDroid) (Version: 3.4.0.1 - Sand Studio)
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
CodeBlocks (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Discord (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored 2 (HKLM\...\Steam App 403640) (Version:  - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{CA3D68C2-DC5C-4652-B7ED-E1088F8EB2F3}) (Version: 1.1.103.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{EABF244B-9702-4B37-AA3F-F5CFF9572546}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heavy Bullets (HKLM-x32\...\c7325e58-5895-4667-81a2-1854397fbb43) (Version:  - DFE5J)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
ManyCam 5.1.0 (HKLM-x32\...\ManyCam) (Version: 5.1.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 378.78 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.19.0 - Overwolf Ltd.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.34.1311.2 - Hi-Rez Studios)
PlanetSide 2 (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\DGC-PlanetSide 2) (Version: 1.0.3.192 - Daybreak Game Company)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.7 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
RogueKiller version 12.10.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.8.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.3.3937.3 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 22.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.345 - Zemana Ltd.)
Zombie Kill of the Week - Reborn (HKLM\...\Steam App 342300) (Version:  - Still Running)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3449829512-4136246939-2097004572-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dee\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3449829512-4136246939-2097004572-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0109D19A-8E4C-4075-ABBD-430852FAD474} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-04-26] (NVIDIA Corporation)
Task: {23E7F805-C95E-4E4D-BD11-5EFEC1276D65} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {29B67660-FE69-449D-A525-DB3012EFC784} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-04-26] (NVIDIA Corporation)
Task: {3D371D1B-65A3-4A83-972B-AE5084CD7D01} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-12-09] (Adobe Systems Incorporated)
Task: {47258869-DD52-4296-848F-E8B55EA3CB0F} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {51D0CEB8-2286-4646-958D-F84F4DEC764F} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe 
Task: {57AE9B3C-3DB5-49F8-A31A-301F6592F9E1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-26] (NVIDIA Corporation)
Task: {609769AD-39BE-4445-A0EF-65B47F1C33EA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation)
Task: {6E28BE09-FD4E-45AE-8709-28F01DE017F8} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {8814D9FF-33DF-4AEC-8EC9-E6237A0AFA03} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-04-27] (Overwolf LTD)
Task: {91945B44-926C-41E6-B97B-11837E225BAF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-26] (NVIDIA Corporation)
Task: {981D759D-78A4-4F4D-9F3C-998C4D352D84} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {989EE944-EB57-429C-B494-8F27E033EA6C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ddd671@live.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {9FEE5A61-A12F-414B-993E-E04FC97B3DD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-04] (Google Inc.)
Task: {A363BDDE-5F26-4012-967A-66D5F96FA1C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-04] (Google Inc.)
Task: {A3C560C6-1870-41F6-9FC1-FB436B394CDA} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {BCF9792A-544D-4F09-A802-E102FE9F4BDE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-26] (NVIDIA Corporation)
Task: {C333BCD4-5C11-4035-8C27-636864F3686F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-04-26] (NVIDIA Corporation)
Task: {CF0A8843-7A0D-4E65-9470-AE1EFCF7C11E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-26] (NVIDIA Corporation)
Task: {EE6A9053-CE44-4D55-B714-FE3DD655893F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {FA8C2728-0E4F-4E43-93B9-4A7F58A56E8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-10 17:40 - 2017-04-26 01:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 18:20 - 2016-09-24 18:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-24 12:19 - 2017-02-23 04:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-12 11:39 - 2017-05-12 11:17 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-14 17:38 - 2017-05-14 17:38 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-10-10 17:40 - 2017-04-26 01:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-13 02:24 - 2016-12-13 02:24 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-01-18 22:41 - 2017-03-06 01:08 - 09046568 _____ () C:\Program Files (x86)\AirDroid\Android.dll
2017-01-18 22:42 - 2017-03-06 01:08 - 00642088 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
2017-04-27 07:10 - 2017-04-27 07:10 - 68886856 _____ () C:\Program Files (x86)\Overwolf\0.104.19.0\libcef.DLL
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-10-10 17:40 - 2017-04-26 01:03 - 02442360 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-10 17:40 - 2017-04-26 01:03 - 00361920 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-10 17:40 - 2017-04-26 01:03 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-10 17:40 - 2017-04-26 01:03 - 00384120 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-10 17:40 - 2017-04-26 01:03 - 00467392 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-10 17:40 - 2017-04-26 01:03 - 00572024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee\Desktop\Discord_HypeSquad_Logos\Discord HypeSquad Logos\HypeSquad Logo 2.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{654CB2A7-1CA8-480B-8734-B389C5F676F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD89FBD1-5D3B-495F-91FD-9AE0BBAB1CB0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64094013-C377-4E8D-AD2C-7136416DDCB9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C958BFF9-1272-41FC-BD05-AC9302E1618B}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{491FB9CF-9EDF-46FB-B688-37BCE39C8D8D}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D5E20C3A-6F45-494B-BABD-7C6265619DE9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0F774E07-28CD-4632-8168-B8977AB9E645}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{753D5DED-3F4B-4389-80E3-D3DFEA6CF2E5}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D9D57F91-A219-4B21-9225-257D96870014}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1F685DF9-A8DF-4AF0-8820-8B8E0B5DBBA3}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{68A40FB0-F717-49E0-A98F-D1E150C37FD2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9CC7478D-158B-4BEF-9888-05D9995643CE}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2945E0F5-4E7A-4ADA-8952-CBBC39F7F8B3}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{1CF555BA-AC7F-4A68-9F4F-CB642603B1D2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{7BCAE0E6-EC17-40DB-A17F-D674ADB1B31D}D:\battle net games\overwatch\overwatch.exe] => (Allow) D:\battle net games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E74EA563-1C35-41FB-9F3F-8654210E6887}D:\battle net games\overwatch\overwatch.exe] => (Allow) D:\battle net games\overwatch\overwatch.exe
FirewallRules: [{8AFF5B4F-4822-4CD4-A925-7615BE72ED69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{365420BB-FCEE-4BDD-B2B8-5A237E752384}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FDD56534-121D-45AA-90D6-7C19ABF25861}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{520AB3D6-DC9D-4F9C-ACA9-29171E096B29}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{090E969F-440E-40D1-A215-85B2764C46C1}D:\hi-rez\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) D:\hi-rez\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{BE64B3F7-F489-41C7-A239-1027C44FC853}D:\hi-rez\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) D:\hi-rez\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{B4714B40-21F6-4835-8134-358986CBB6D1}D:\hi-rez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hi-rez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{E733FBCC-99B0-491B-B5CF-1DE32C4CA366}D:\hi-rez\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\hi-rez\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{FA5BEC20-8594-454B-894B-B9766BF33A16}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{C504831D-9D18-4194-BBD6-212CE26EE3CF}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{222A3B39-7F06-475E-A755-DC9CB3519C79}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{958B5EB3-7F36-4424-B8BE-A3A7B514FB71}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{BCA684BF-8AB8-4C70-8763-A26D21672376}D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{CA539D1A-C7D9-4F16-B4FD-3F816E10FCA2}D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{7A6CA477-0465-4AD9-9C37-D2743AC51518}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{EA28B5A9-7BDC-4305-AFA6-C1648D697D15}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{D4964580-2698-4F59-8222-2625D14C552A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{82074802-B68B-4778-84EA-1AD78F1BF15C}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe
FirewallRules: [UDP Query User{557A2938-4647-411D-9CE4-71E85A08E5B6}C:\program files\java\jre1.8.0_111\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\java.exe
FirewallRules: [TCP Query User{D86D6796-7149-4EE6-92D1-C96E7C592323}D:\battle net games\starcraft ii\support64\sc2editor_x64.exe] => (Allow) D:\battle net games\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{D20E8DBC-1D56-49BC-9B3E-9D188D69539A}D:\battle net games\starcraft ii\support64\sc2editor_x64.exe] => (Allow) D:\battle net games\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{E040C4DC-33B9-4B24-BF75-741A166A5B86}] => (Allow) D:\Steam Games\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{C4B64320-AE37-4FF0-B7E1-F56A6E22BC9C}] => (Allow) D:\Steam Games\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [TCP Query User{373700A7-3DB0-46AA-8614-B44A38728221}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{5B7BBD8A-8039-4CD2-AD52-3220B2F068BC}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{A3097CCC-DA28-496F-983D-D61C9363BA0E}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A87C5C83-219B-4D07-AA92-0E78D58D6DD5}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{09A22F5D-2441-4DF3-A834-5E0625040406}D:\black desert online\bin64\blackdesert64.exe] => (Allow) D:\black desert online\bin64\blackdesert64.exe
FirewallRules: [UDP Query User{E26BD0F1-9933-4CC2-A0CE-8A3DDA897BCE}D:\black desert online\bin64\blackdesert64.exe] => (Allow) D:\black desert online\bin64\blackdesert64.exe
FirewallRules: [{D0A5BE36-BD8C-4016-93DB-98E641F0F66C}] => (Allow) D:\Steam Games\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{1CD03F28-9A11-440F-8AF8-57BC938CCD35}] => (Allow) D:\Steam Games\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{58E5ED19-E6DD-4009-A373-D7AE4A3EB3D6}] => (Allow) D:\Steam Games\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{AA2639E7-F068-43BC-90E9-AFAC6D2B9F82}] => (Allow) D:\Steam Games\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{BF4149CC-E5E5-4060-BFD2-93479495F25B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FE74F619-A985-4557-9C2F-16AAA172E140}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{19EACD1B-5A22-4251-B988-BEB51B767E5B}C:\users\dee\desktop\client\bin\openvpn.exe] => (Allow) C:\users\dee\desktop\client\bin\openvpn.exe
FirewallRules: [UDP Query User{82A17392-3260-4FD0-B149-2D30BAB4D191}C:\users\dee\desktop\client\bin\openvpn.exe] => (Allow) C:\users\dee\desktop\client\bin\openvpn.exe
FirewallRules: [{E988D410-0844-4478-8FDD-18FCC5B32247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6D513511-2D3F-465B-85E9-00B2140FE43C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3521E96E-44E0-49D7-9F1D-2333DF4B0473}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{101D46A8-9211-4763-9FBD-9FD42F2AD4EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8C8ED6CA-999D-4644-B619-547019DDF204}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7B4FC064-3EC6-4A89-B1DC-C5B56AF5D224}C:\users\dee\desktop\im4x\imminent monitor 3.exe] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [UDP Query User{A9F4098A-2A4C-4E54-BB30-F2A12350CEB6}C:\users\dee\desktop\im4x\imminent monitor 3.exe] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [{57A1401E-77B2-4F8D-8096-4AF8ADA8EEC5}] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [{909A85AD-4B4D-41A2-846F-A5197E378133}] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [{A9BA5738-F4B6-4ED7-9BD5-29A6D83394F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F6E5C0A-12EE-45B3-859D-715F17045AC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{941BC44B-0F34-4467-BCC7-A3C6B06EAE5B}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{90576E7A-EFD1-44B0-A97B-8C5E55AD4830}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D118312A-BBCE-4AF2-AF41-E0A8B0EBB2C0}] => (Allow) D:\Steam Games\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{981F3BC0-F76A-43F7-9D79-B837BA72FDBD}] => (Allow) D:\Steam Games\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{CB9F3257-0D0C-45EE-962C-19EB21A5069C}] => (Allow) D:\Steam Games\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99578B8A-7AC4-4327-B362-0AEEFCDE2BBD}] => (Allow) D:\Steam Games\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ACAE1D95-4D01-4B32-A2F3-57A60237DBC2}] => (Allow) D:\Steam Games\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9958E308-1A08-4915-8860-278288CC5F56}] => (Allow) D:\Steam Games\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A72DC3C-E1F5-4ED1-856D-B1B31FC84B67}] => (Allow) D:\Steam Games\steamapps\common\Zombie Kill of the Week - Reborn\Reborn.exe
FirewallRules: [{4EDE3915-2A09-4C41-A4E9-0A50133DA708}] => (Allow) D:\Steam Games\steamapps\common\Zombie Kill of the Week - Reborn\Reborn.exe
FirewallRules: [{9230F2DC-5F2A-4548-84E6-5F21E9DC09C5}] => (Allow) D:\Steam Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{D34E8868-6498-4032-9E48-1597825C0B1D}] => (Allow) D:\Steam Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [TCP Query User{E36EAD14-A48C-47B5-A580-1BC21683DEB5}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{1F5CC1BC-444F-4EF1-8DAE-78AF8EE74951}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{93F0A044-D06B-4693-B9A9-1E3E16B2B835}C:\users\dee\desktop\client\bin\openvpn.exe] => (Allow) C:\users\dee\desktop\client\bin\openvpn.exe
FirewallRules: [UDP Query User{4B31E628-AD80-4193-A39F-0B8C12F36787}C:\users\dee\desktop\client\bin\openvpn.exe] => (Allow) C:\users\dee\desktop\client\bin\openvpn.exe
FirewallRules: [TCP Query User{5820FA8C-FA8F-4C71-A0BF-8324E12866EB}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7A670475-4C26-47BC-8351-3293AEB4D645}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E6F20859-AE72-4EE7-8A46-A5747C163E94}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4812D66D-5659-44A4-A4A8-98E950091736}] => (Allow) D:\Steam Games\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{93E1F5E5-00CD-4310-9A14-501C7B2F8BA6}] => (Allow) D:\Steam Games\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{737F281D-3E1C-44D9-9008-4827C3B22422}D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{46002A53-ADDD-457C-8095-E0645FC51884}D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\steam games\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{309FD075-E834-4E44-9AD3-362A2EB279D0}D:\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{0499C430-7B55-4008-8462-3D41087EBB3D}D:\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam games\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{2C50E686-A506-42DC-B75E-4CFB3A7576E8}] => (Allow) D:\Steam Games\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{89DB0454-5800-4FEE-8822-C0E259601634}] => (Allow) D:\Steam Games\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [TCP Query User{4F2C1DFB-BFA7-4C55-869B-61824649AB82}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{28B18A45-F3CC-4BC4-848C-E9FC67937AA6}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{E0CDD49E-D892-4CE9-94D6-0BCBACB2DEC6}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{83DB596C-CC49-4C4E-A66C-B0F6B5632B64}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{5A56B50A-189D-4E1A-AFA8-401ED9DF8014}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{30B21698-F0BF-41A9-8784-D77ED826E30C}] => (Allow) D:\Steam Games\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{AB5F7137-D3A3-4310-97B8-985296CE0433}] => (Allow) D:\Steam Games\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
 
==================== Restore Points =========================
 
10-05-2017 14:21:48 Windows Update
14-05-2017 17:16:35 Checkpoint by HitmanPro
14-05-2017 19:41:15 Malwarebytes Anti-Rootkit Restore Point
16-05-2017 10:52:50 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2017 10:56:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/16/2017 10:51:50 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (05/15/2017 11:55:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/15/2017 11:55:58 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0600B0E7-AA7A-42C6-9DEE-28116CF0F2D3}
 
Error: (05/15/2017 11:55:57 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0600B0E7-AA7A-42C6-9DEE-28116CF0F2D3}
 
Error: (05/15/2017 11:48:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/14/2017 11:04:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (05/14/2017 11:04:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (05/14/2017 11:04:23 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (05/14/2017 11:04:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (05/16/2017 11:02:21 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (05/16/2017 11:01:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/16/2017 11:01:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RzSurroundVADStreamingService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/16/2017 10:59:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 12188.16 MB
Available physical RAM: 9898.86 MB
Total Virtual: 12956.16 MB
Available Virtual: 10597.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.27 GB) (Free:41 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:562.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 40DEED08)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E00BFDCC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 PM

Posted 16 May 2017 - 01:27 PM

There isn't much left to remove :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Are there any other issues you would like me to address?

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 hyenapack

hyenapack
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 16 May 2017 - 04:47 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Dee (16-05-2017 17:43:15) Run:1
Running from C:\Users\Dee\Desktop
Loaded Profiles: Dee (Available Profiles: Dee)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
 
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
Task: {A3C560C6-1870-41F6-9FC1-FB436B394CDA} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
 
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
 
FirewallRules: [TCP Query User{7B4FC064-3EC6-4A89-B1DC-C5B56AF5D224}C:\users\dee\desktop\im4x\imminent monitor 3.exe] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [UDP Query User{A9F4098A-2A4C-4E54-BB30-F2A12350CEB6}C:\users\dee\desktop\im4x\imminent monitor 3.exe] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [{57A1401E-77B2-4F8D-8096-4AF8ADA8EEC5}] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
FirewallRules: [{909A85AD-4B4D-41A2-846F-A5197E378133}] => (Allow) C:\users\dee\desktop\im4x\imminent monitor 3.exe
 
C:\Users\Dee\AppData\Local\ptufv
C:\Windows\system32\tprdpw64.exe
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3C560C6-1870-41F6-9FC1-FB436B394CDA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3C560C6-1870-41F6-9FC1-FB436B394CDA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2 => key not found. 
HKU\S-1-5-21-3449829512-4136246939-2097004572-1001\Software\Classes\regfile => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7B4FC064-3EC6-4A89-B1DC-C5B56AF5D224}C:\users\dee\desktop\im4x\imminent monitor 3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A9F4098A-2A4C-4E54-BB30-F2A12350CEB6}C:\users\dee\desktop\im4x\imminent monitor 3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57A1401E-77B2-4F8D-8096-4AF8ADA8EEC5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{909A85AD-4B4D-41A2-846F-A5197E378133} => value removed successfully
C:\Users\Dee\AppData\Local\ptufv => moved successfully
C:\Windows\system32\tprdpw64.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17114351 B
Java, Flash, Steam htmlcache => 399355495 B
Windows/system/drivers => 15834870 B
Edge => 0 B
Chrome => 454454987 B
Firefox => 12253677 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => -652 B
Dee => 361863768 B
 
RecycleBin => 8279350 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:43:31 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users