Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Listener App?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Kinimx

Kinimx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 02 July 2017 - 02:39 PM

I had attempted to restart my computer but it was halted by a process going by the name 'RTC Video Listener PnP'. I've never heard the app before in my life and have done several things in an attempt to find it such as full scans by Norton, using Norton Power Eraser, searching for individual terms in the C: drive and gone through apps and features + control panel all to no avail.

I've searched various forums but they were back in April with little to no information as to the purpose behind the listener nor its actual effects. Some say it pings your computer for information and records your screen and webcam. Others say that it's harmless and that it hasn't shown up since the first time it has appeared.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Raion (administrator) on RAION-PC (02-07-2017 15:23:53)
Running from C:\Users\Raion\Documents\Malware Removal
Loaded Profiles: Raion & DefaultAppPool (Available Profiles: Raion & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Alienware Survey] => c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-07-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\NagaTray.exe [810880 2010-05-11] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29645440 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1b0da872-d83d-4629-b765-b54b36869ee2}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{bf8ca97f-b753-48b1-aeb1-fb79048587bd}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\.DEFAULT -> DefaultScope {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> DefaultScope {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-29] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-29] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-06] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-29] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1279453236-2449229446-3293993781-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raion\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1279453236-2449229446-3293993781-1001: jpl.nasa.gov/NASAEyes -> C:\Users\Raion\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-03-09] (Jet Propulsion Laboratory)
FF Plugin HKU\S-1-5-21-1279453236-2449229446-3293993781-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.youtube.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default [2017-07-02]
CHR Extension: (BetterTTV) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-24]
CHR Extension: (Google Drive) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-05-08]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-03-01]
CHR Extension: (Adblock Plus) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-29]
CHR Extension: (uBlock Origin) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-03-05]
CHR Extension: (Pew) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmabibkehlikfiemgngigobpmoophla [2016-02-25]
CHR Extension: (Google Play Books) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Memo Notepad) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmoihkoninaoanjobiiknmgenhpaecec [2016-07-01]
CHR Extension: (Chrome Media Router) - C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-26]
CHR Profile: C:\Users\Raion\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-04-28] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-12-18] (BitRaider, LLC)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170628.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-12-18] (BitRaider)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\DRIVERS\evolve.sys [21656 2016-05-20] (Echobit, LLC)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170630.001\IDSvia64.sys [1053824 2017-05-20] (Symantec Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R3 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-24] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-07-02] (Wellbia.com Co., Ltd.)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170625.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20170625.001\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 15:23 - 2017-07-02 15:23 - 00000000 ____D C:\FRST
2017-07-02 15:16 - 2017-07-02 15:23 - 00000000 ____D C:\Users\Raion\Documents\Malware Removal
2017-07-02 06:29 - 2017-07-02 06:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-07-02 01:12 - 2017-07-02 01:25 - 00037344 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2017-07-01 21:23 - 2017-07-02 01:41 - 00000000 ____D C:\Program Files (x86)\NCWest
2017-06-28 20:15 - 2017-06-28 20:15 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-06-28 20:15 - 2017-06-28 20:15 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-06-28 20:15 - 2017-06-28 20:15 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-06-28 20:15 - 2017-06-28 20:15 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-06-28 20:15 - 2017-06-28 20:15 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-06-25 11:01 - 2017-06-25 11:02 - 01465300 _____ C:\WINDOWS\Minidump\062517-49937-01.dmp
2017-06-25 11:01 - 2017-06-25 11:01 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-15 11:52 - 2017-06-15 13:24 - 00000000 ____D C:\Users\Raion\Documents\Audacity
2017-06-15 11:52 - 2017-06-15 13:24 - 00000000 ____D C:\Users\Raion\AppData\Roaming\audacity
2017-06-14 12:18 - 2017-06-03 05:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 12:18 - 2017-06-03 05:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 12:18 - 2017-05-20 04:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 12:18 - 2017-05-20 04:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 12:17 - 2017-06-03 06:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 12:17 - 2017-06-03 06:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 12:17 - 2017-06-03 06:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 12:17 - 2017-06-03 05:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 12:17 - 2017-06-03 05:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 12:17 - 2017-06-03 05:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 12:17 - 2017-06-03 05:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 12:17 - 2017-06-03 05:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 12:17 - 2017-06-03 05:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 12:17 - 2017-06-03 05:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 12:17 - 2017-06-03 05:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 12:17 - 2017-06-03 05:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 12:17 - 2017-06-03 05:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 12:17 - 2017-06-03 05:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 12:17 - 2017-06-03 05:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 12:17 - 2017-06-03 05:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 12:17 - 2017-06-03 05:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 12:17 - 2017-06-03 05:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 12:17 - 2017-06-03 05:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 12:17 - 2017-06-03 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 12:17 - 2017-06-03 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 12:17 - 2017-06-03 05:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 12:17 - 2017-06-03 05:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 12:17 - 2017-06-03 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 12:17 - 2017-06-03 05:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 12:17 - 2017-06-03 05:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 12:17 - 2017-06-03 05:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 12:17 - 2017-06-03 05:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 12:17 - 2017-06-03 05:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 12:17 - 2017-06-03 05:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 12:17 - 2017-06-03 05:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 12:17 - 2017-06-03 05:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 12:17 - 2017-06-03 05:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 12:17 - 2017-06-03 05:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 12:17 - 2017-06-03 05:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 12:17 - 2017-06-03 05:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 12:17 - 2017-06-03 05:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 12:17 - 2017-06-03 04:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 12:17 - 2017-06-03 04:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 12:17 - 2017-06-03 04:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 12:17 - 2017-06-03 04:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 12:17 - 2017-06-03 04:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 12:17 - 2017-06-03 04:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 12:17 - 2017-06-03 04:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 12:17 - 2017-06-03 04:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 12:17 - 2017-06-03 04:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 12:17 - 2017-06-03 04:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 12:17 - 2017-06-03 04:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 12:17 - 2017-06-03 04:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 12:17 - 2017-06-03 04:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 12:17 - 2017-06-03 04:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 12:17 - 2017-06-03 04:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 12:17 - 2017-06-03 04:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 12:17 - 2017-06-03 04:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 12:17 - 2017-05-20 05:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 12:17 - 2017-05-20 04:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 12:17 - 2017-05-20 04:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 12:17 - 2017-05-20 04:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 12:17 - 2017-05-20 04:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 12:17 - 2017-05-20 04:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 12:17 - 2017-05-20 04:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 12:17 - 2017-05-20 04:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 12:17 - 2017-05-20 04:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 12:17 - 2017-05-20 04:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 12:17 - 2017-05-20 04:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 12:17 - 2017-05-20 04:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 12:17 - 2017-05-20 04:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 12:17 - 2017-05-20 04:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 12:17 - 2017-05-20 04:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 12:17 - 2017-05-20 04:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 12:17 - 2017-05-20 04:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 12:17 - 2017-05-20 04:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 12:17 - 2017-05-20 04:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 12:17 - 2017-05-20 04:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 12:17 - 2017-05-20 04:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 12:17 - 2017-05-20 04:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 12:17 - 2017-05-20 04:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 12:17 - 2017-05-20 04:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 12:17 - 2017-05-20 04:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 12:17 - 2017-05-20 04:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 12:17 - 2017-05-20 04:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 12:17 - 2017-05-20 04:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 12:17 - 2017-05-20 04:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 12:17 - 2017-05-20 04:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 12:17 - 2017-05-20 04:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 12:17 - 2017-05-20 04:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 12:17 - 2017-05-20 04:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 12:17 - 2017-05-20 04:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 12:17 - 2017-05-20 04:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 12:17 - 2017-05-20 04:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 12:17 - 2017-05-20 04:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 12:17 - 2017-05-20 04:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 12:17 - 2017-05-20 04:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 12:17 - 2017-05-20 04:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 12:17 - 2017-05-20 04:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 12:17 - 2017-05-20 04:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 12:17 - 2017-05-20 04:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 12:17 - 2017-05-20 04:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 12:17 - 2017-05-20 04:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 12:17 - 2017-05-20 04:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 12:17 - 2017-05-20 04:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 12:17 - 2017-05-20 04:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 12:17 - 2017-05-20 04:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 12:17 - 2017-05-20 03:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 12:17 - 2017-05-20 03:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 12:17 - 2017-05-20 02:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 12:17 - 2017-05-20 02:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 12:17 - 2017-05-20 02:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-14 12:17 - 2017-05-20 02:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-14 12:17 - 2017-05-20 02:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 12:17 - 2017-05-20 02:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-14 12:17 - 2017-05-20 02:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-14 12:17 - 2017-05-20 02:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-14 12:17 - 2017-05-20 02:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-14 12:17 - 2017-05-20 02:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-14 12:17 - 2017-05-20 02:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-14 12:17 - 2017-05-20 02:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-14 12:17 - 2017-05-20 02:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-14 12:17 - 2017-05-20 02:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-14 12:17 - 2017-05-20 02:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 12:17 - 2017-05-20 02:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-14 12:17 - 2017-05-20 02:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-14 12:17 - 2017-05-20 01:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-14 12:16 - 2017-06-03 06:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 12:16 - 2017-06-03 06:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 12:16 - 2017-06-03 06:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 12:16 - 2017-06-03 06:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 12:16 - 2017-06-03 06:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 12:16 - 2017-06-03 06:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 12:16 - 2017-06-03 06:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 12:16 - 2017-06-03 06:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 12:16 - 2017-06-03 06:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 12:16 - 2017-06-03 06:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 12:16 - 2017-06-03 06:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 12:16 - 2017-06-03 06:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 12:16 - 2017-06-03 06:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 12:16 - 2017-06-03 05:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 12:16 - 2017-06-03 05:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 12:16 - 2017-06-03 05:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 12:16 - 2017-06-03 05:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 12:16 - 2017-06-03 05:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 12:16 - 2017-06-03 05:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 12:16 - 2017-06-03 05:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 12:16 - 2017-06-03 05:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 12:16 - 2017-06-03 05:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 12:16 - 2017-06-03 05:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 12:16 - 2017-06-03 05:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 12:16 - 2017-06-03 05:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 12:16 - 2017-06-03 05:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 12:16 - 2017-06-03 05:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 12:16 - 2017-06-03 05:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 12:16 - 2017-06-03 05:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 12:16 - 2017-06-03 05:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 12:16 - 2017-06-03 05:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 12:16 - 2017-06-03 05:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 12:16 - 2017-06-03 05:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 12:16 - 2017-06-03 05:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 12:16 - 2017-06-03 05:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 12:16 - 2017-06-03 05:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 12:16 - 2017-06-03 05:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 12:16 - 2017-06-03 04:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 12:16 - 2017-06-03 04:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 12:16 - 2017-06-03 04:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 12:16 - 2017-06-03 04:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 12:16 - 2017-06-03 04:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 12:16 - 2017-06-03 04:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 12:16 - 2017-06-03 04:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 12:16 - 2017-06-03 04:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 12:16 - 2017-06-03 04:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 12:16 - 2017-06-03 04:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 12:16 - 2017-06-03 04:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 12:16 - 2017-06-03 04:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 12:16 - 2017-06-03 04:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 12:16 - 2017-05-20 04:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 12:16 - 2017-05-20 03:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-14 12:16 - 2017-05-20 03:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 12:16 - 2017-05-20 02:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-14 12:16 - 2017-05-20 02:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 12:16 - 2017-05-20 02:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-14 12:16 - 2017-05-20 02:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-14 12:16 - 2017-05-20 02:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 12:16 - 2017-05-20 02:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-14 12:16 - 2017-05-20 02:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 12:16 - 2017-05-20 02:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-14 12:16 - 2017-05-20 02:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-14 12:16 - 2017-05-20 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 12:16 - 2017-05-20 02:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-14 12:16 - 2017-05-20 02:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-14 12:16 - 2017-05-20 02:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 12:16 - 2017-05-20 02:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-14 12:16 - 2017-05-20 02:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 12:16 - 2017-05-20 02:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 12:16 - 2017-05-20 02:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-14 12:16 - 2017-05-20 02:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-14 12:16 - 2017-05-20 02:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-14 12:16 - 2017-05-20 02:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-14 12:16 - 2017-05-20 02:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-14 12:16 - 2017-05-20 02:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-14 12:16 - 2017-05-20 02:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-14 12:16 - 2017-05-20 02:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 12:16 - 2017-05-20 02:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 12:16 - 2017-05-20 02:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-14 12:16 - 2017-05-20 02:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-14 12:16 - 2017-05-20 02:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-14 12:16 - 2017-05-20 02:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-14 12:16 - 2017-05-20 02:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-14 12:16 - 2017-05-20 02:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 12:16 - 2017-05-20 02:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-14 12:16 - 2017-05-20 02:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-14 12:16 - 2017-05-20 02:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-14 12:16 - 2017-05-20 02:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-14 12:16 - 2017-05-20 02:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-14 12:16 - 2017-05-20 02:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-14 12:16 - 2017-05-20 02:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-14 12:16 - 2017-05-20 02:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-14 12:16 - 2017-05-20 01:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-14 12:16 - 2017-05-20 01:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 12:16 - 2017-05-20 01:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 12:16 - 2017-05-20 01:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 12:16 - 2017-05-20 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-14 12:16 - 2017-05-20 01:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-14 12:16 - 2017-05-20 01:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-14 12:16 - 2017-05-20 01:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 12:16 - 2017-05-20 01:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-14 12:16 - 2017-05-20 01:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 12:16 - 2017-05-20 01:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 12:16 - 2017-05-20 01:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 12:16 - 2017-05-20 01:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-14 12:16 - 2017-05-20 01:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 12:16 - 2017-05-20 01:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 12:16 - 2017-05-20 01:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 12:16 - 2017-05-20 01:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 12:16 - 2017-05-20 01:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-14 12:16 - 2017-05-20 01:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-14 12:16 - 2017-05-20 01:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-14 12:16 - 2017-05-20 01:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-14 12:16 - 2017-05-20 01:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-14 12:16 - 2017-05-20 01:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-14 12:16 - 2017-05-20 01:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-14 12:16 - 2017-05-20 01:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-14 12:16 - 2017-05-20 01:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-14 12:16 - 2017-05-20 01:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 12:16 - 2017-05-20 01:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-14 12:16 - 2017-05-20 01:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-14 12:16 - 2017-05-20 01:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-05 00:35 - 2017-06-05 00:35 - 00000000 ____D C:\Users\Raion\AppData\Local\Medibang
2017-06-05 00:32 - 2017-06-05 00:32 - 00000642 _____ C:\Users\Raion\Desktop\SAI.lnk
2017-06-05 00:28 - 2017-06-05 00:28 - 00001100 _____ C:\Users\Public\Desktop\Medibang.lnk
2017-06-05 00:28 - 2017-06-05 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medibang
2017-06-05 00:28 - 2017-06-05 00:28 - 00000000 ____D C:\Program Files\Medibang
2017-06-05 00:28 - 2017-04-07 16:41 - 00703664 _____ C:\WINDOWS\system32\MdpThumb64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 15:20 - 2016-10-01 01:27 - 00000000 ____D C:\Users\Raion\AppData\Roaming\Skype
2017-07-02 14:25 - 2014-07-19 10:35 - 00000000 ____D C:\Users\Raion\AppData\Local\NPE
2017-07-02 12:12 - 2017-05-13 11:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-02 11:09 - 2017-05-21 10:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2017-07-02 02:26 - 2013-09-16 06:26 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2017-07-02 02:10 - 2013-12-25 03:39 - 00000000 ____D C:\Users\Raion\AppData\Local\LogMeIn Hamachi
2017-07-02 02:08 - 2017-05-30 11:35 - 00000176 _____ C:\Users\Raion\BullseyeCoverageError.txt
2017-07-02 02:06 - 2017-05-13 11:22 - 00000000 ____D C:\Users\Raion
2017-07-02 02:06 - 2017-05-13 11:18 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-02 02:06 - 2016-07-24 19:35 - 00000000 __SHD C:\Users\Raion\IntelGraphicsProfiles
2017-07-02 02:05 - 2017-05-13 11:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 02:05 - 2017-05-13 11:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-02 02:04 - 2017-03-18 07:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-02 01:51 - 2013-12-25 22:55 - 00000000 ____D C:\Users\Raion\Documents\1 Game mods
2017-07-02 01:45 - 2014-01-18 09:00 - 00000000 ____D C:\Games
2017-07-02 01:44 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-02 01:41 - 2016-01-20 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-07-02 01:39 - 2016-01-20 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-07-02 01:39 - 2013-09-16 06:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-01 07:31 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-01 07:31 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-01 00:34 - 2014-03-25 02:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-28 23:09 - 2013-12-25 14:38 - 00000000 ____D C:\Users\Raion\AppData\Local\CrashDumps
2017-06-26 14:06 - 2013-12-25 13:37 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 14:06 - 2013-12-25 13:37 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 08:45 - 2017-03-18 07:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-06-26 00:05 - 2017-05-13 11:22 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-25 11:08 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-25 11:08 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-25 11:01 - 2015-07-28 04:13 - 1269785168 _____ C:\WINDOWS\MEMORY.DMP
2017-06-19 15:13 - 2017-05-13 12:12 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-19 15:13 - 2016-07-24 19:15 - 00002409 _____ C:\Users\Raion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 15:13 - 2016-07-24 19:15 - 00000000 ___RD C:\Users\Raion\OneDrive
2017-06-17 14:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 13:24 - 2017-05-05 00:19 - 00000000 ____D C:\tmp
2017-06-15 10:57 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 03:16 - 2017-05-13 11:14 - 00239608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 03:12 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 03:11 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-15 03:11 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-15 03:11 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-14 12:29 - 2017-01-11 05:23 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-06-14 12:29 - 2016-07-24 22:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 12:24 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 12:24 - 2016-07-24 22:53 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-09 17:36 - 2015-02-01 18:57 - 00000000 ____D C:\Users\Raion\AppData\Roaming\.minecraft
2017-06-09 16:35 - 2016-07-12 17:25 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-09 11:33 - 2015-07-16 12:51 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-09 11:07 - 2016-07-09 03:13 - 00002394 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-06-09 11:07 - 2015-08-09 17:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2017-06-09 11:07 - 2013-12-25 19:59 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2017-06-03 02:32 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 02:32 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-08-18 21:32 - 2016-08-18 21:46 - 0001243 _____ () C:\Users\Raion\AppData\Local\CleanupUninstall.txt
2016-09-24 20:36 - 2016-09-24 20:36 - 0002844 _____ () C:\Users\Raion\AppData\Local\recently-used.xbel
2017-03-12 19:50 - 2017-03-12 19:53 - 0007602 _____ () C:\Users\Raion\AppData\Local\Resmon.ResmonCfg
2015-09-19 17:15 - 2015-09-19 17:16 - 0000000 _____ () C:\Users\Raion\AppData\Local\{9A1E0163-6F18-4142-A1F5-53C44265D030}
2017-01-04 05:07 - 2017-01-04 05:07 - 0047636 _____ () C:\ProgramData\agent.1483520821.bdinstall.bin
2017-01-04 05:15 - 2017-01-04 05:15 - 0029147 _____ () C:\ProgramData\agent.1483521312.bdinstall.bin
2017-05-13 11:20 - 2017-05-13 11:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-02 01:12 - 2017-07-02 01:25 - 0000000 _____ () C:\Users\Raion\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll
2017-07-02 02:07 - 2017-07-02 02:07 - 0010520 _____ () C:\Users\Raion\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
2017-07-02 01:13 - 2017-07-02 01:26 - 0000047 _____ () C:\Users\Raion\AppData\Local\Temp\c41e933abf0ebb3dc0ee9be8152bb904.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-29 12:44

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Raion (02-07-2017 15:24:55)
Running from C:\Users\Raion\Documents\Malware Removal
Windows 10 Home Version 1703 (X64) (2017-05-13 16:00:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1279453236-2449229446-3293993781-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1279453236-2449229446-3293993781-503 - Limited - Disabled)
Guest (S-1-5-21-1279453236-2449229446-3293993781-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1279453236-2449229446-3293993781-1003 - Limited - Enabled)
Raion (S-1-5-21-1279453236-2449229446-3293993781-1001 - Administrator - Enabled) => C:\Users\Raion

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.04 alpha x64 (HKLM\...\7-Zip) (Version: - )
Accidental Damage Services Agreement (HKLM-x32\...\{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Alienware)
Alienware Command Center (HKLM\...\{DAED3587-0349-4BF8-8C6B-5DB7BB25CFB5}) (Version: 3.0.29.0 - Alienware Corp.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{DAED3587-0349-4BF8-8C6B-5DB7BB25CFB5}) (Version: 3.0.29.0 - Alienware Corp.)
Alienware Customer Surveys (HKLM-x32\...\{9AAA35D1-B21D-4610-BBAE-18FE2D00C3E0}) (Version: 1.11.4124 - Dell Inc.)
Alienware On-Screen Display (HKLM-x32\...\{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.9C - ) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.9C - )
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CompleteCare Business Service Agreement (HKLM-x32\...\{83E499FA-E6AA-47F9-80F2-1E0109E49397}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.107 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
DHS Service Agreement (HKLM-x32\...\{BE7FC743-CC74-4977-82DD-CD4FC7EF74B6}) (Version: 2.0.0 - Dell Inc.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GameRanger (HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hammerwatch (HKLM\...\Steam App 239070) (Version: - Crackshell)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Killer Windows 7/8 Wifi 64bit Driver (HKLM\...\{74322A53-04C5-4DEB-9932-D99DD9A230B9}) (Version: 1.0.10.1062 - Qualcomm Atheros) Hidden
Killer Windows 7/8 Wifi Driver Suite (HKLM-x32\...\{7611D9EC-002A-438B-B51F-FB31C44896ED}) (Version: 1.0.10.1062 - Qualcomm Atheros)
LogMeIn Hamachi (HKLM-x32\...\{E59194A0-A215-4C44-8B92-40780387EBE0}) (Version: 2.2.0.578 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.578 - LogMeIn, Inc.)
MediBang Paint Pro 11.0 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 11.0 - Medibang)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.9.4.8 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Premium Service Agreement (HKLM-x32\...\{A74168E5-C3F7-4809-85D3-145C64A4CFCC}) (Version: 2.0.0 - Dell Inc.)
PROTOTYPE 2 (HKLM\...\Steam App 115320) (Version: - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications) Hidden
QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Naga (HKLM-x32\...\{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}) (Version: 2.03.05 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-06-09] (Igor Pavlov)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-06-09] (Igor Pavlov)
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-06-09] (Igor Pavlov)
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers06: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-05-13] (Microsoft Corporation)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\NavShExt.dll [2017-05-26] (Symantec Corporation)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AB4F75-516F-428D-B243-4C48C37FCAA4} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {066E30F4-7103-4A4C-8C8F-D6D6E56B983A} - \GoogleUpdateTaskMachineUA1d1f38a598768b3 -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {11A697FA-93E0-45BD-B56D-7E64C1956FF6} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {14D17F42-440D-4DE1-A49F-3892FE3E3D64} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {15CCEE74-CE2C-4CC1-92E0-1EECADC65DEE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1627F770-57C0-4A45-BDB0-D93E041DBA16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {175A6035-6539-49B7-A3C8-785E95801DFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {22ED3C60-D93C-4C11-9641-44967FE42C8D} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {3281C116-3203-4658-A085-BBE538A854BA} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {3D07B915-B089-4808-84E8-A4C3F9CC0B70} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {479B93FF-114C-44F1-88C9-C7FEBB2A4421} - \GoogleUpdateTaskMachineCore1d1f38a58da790e -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4AB6AA55-7F38-4EED-A193-6D23D8213AFA} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {50871997-C566-4986-97E8-A36320F1D2D0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {530C5DBE-B9E5-412D-8FE8-E3DB4209FDC7} - \{B415AFF8-D648-4436-BCA5-BF3963AEDCF0} -> No File <==== ATTENTION
Task: {579E8CD5-73E1-4C39-9A11-38610AD4BDE5} - \WPD\SqmUpload_S-1-5-21-1279453236-2449229446-3293993781-1001 -> No File <==== ATTENTION
Task: {5887AEC2-C64C-4B75-8479-1114727AE52C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {606B6B60-FE50-4CD2-ADC7-331BB4753BC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {65D05418-3254-437D-BEB2-F2C90502489D} - \{67FBA6A4-CA7B-4D0E-AE28-2760E3AA925A} -> No File <==== ATTENTION
Task: {69D37301-7578-4B7F-B422-5BE288157916} - \Microsoft\Windows\WindowsBackup\AutomaticBackup -> No File <==== ATTENTION
Task: {6A6D4E67-4640-4ED1-A5AA-22C9921D6916} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
Task: {6AC27663-5E0D-4823-85E1-5AAB91556D39} - \{6C8506B3-244B-4437-B010-393BC204FBAF} -> No File <==== ATTENTION
Task: {6FF3C99D-3D38-46F2-9850-0A1814D67D0A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7474D9D2-207C-4D74-BFA1-F652EB9D7A66} - System32\Tasks\Norton 360\Norton Security Suite Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {75B3BA3A-1326-415F-A2EF-8B81EC25E419} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {79BC0605-5CB6-440E-93B9-C79750ABC50C} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {7ABF40DF-D27E-40C3-A3B5-06B0E12B144C} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {7B10912E-565F-49CC-98D8-087D7F9F58BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {826DFA7F-3574-4331-8E5D-EEAE1258900B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {8BC9361F-5CCA-4AC1-9831-3018FC5DCDE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {9033AC93-17E4-48A5-BA41-66DF3DB3811E} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {9FCCB2E4-5D1D-48F3-8E83-613802B1B106} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {A1210EEE-12CB-4951-99D9-9094F7E1EB4F} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {A2F4B50C-42AF-47A5-A487-67B906ED9945} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {A8A4EB24-3D55-45E8-93A4-01D5363F1E38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AAF211D1-574E-4324-83BE-5C4BA7DC8280} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B1BABF72-FC4E-4214-9318-E6FF698A5C2F} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {B33100AC-14DF-4DEC-AED9-307218D0CC3B} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {B6818693-25D4-49D7-AD9E-E71EE461EF06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {B824D77B-CC5B-464C-81F5-BD0981D17984} - \{DA98D253-EA0D-4033-87B7-16E577F06ACA} -> No File <==== ATTENTION
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {C3ED9755-8040-46F9-87D2-25202696C253} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {CB8DA873-5636-4AED-A6B8-52CE1CE8C5C8} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {D33852CA-C423-4FD3-AC01-697759769829} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {D49BBE31-42CE-4B75-AA63-3EA027AABF40} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {D558BE52-E7DF-48CD-9DC3-87F7F4B819CC} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {D60E53ED-A9F7-4E5A-8BDE-B56705AAE785} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {DED9516B-919A-4A04-9544-22A98728544E} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor -> No File <==== ATTENTION
Task: {E1815811-BDEA-478F-A35C-3CB15CF6BD00} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E54307A9-7162-47D8-8248-3338B0B1FF91} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {EF1D5F09-9355-4C2E-A9D3-8D45A5D52041} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {F29147B7-A909-4993-A988-209B54944DCF} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {F31A1E3E-1826-4F18-B924-679A265921FA} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {F4BC0F4F-2666-4FCD-858C-6035B9AA6EF6} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {FBB3860F-0B1E-427C-911A-1F0778C89221} - \{29B10A1C-F3A7-4C74-99FE-7EDD690B636C} -> No File <==== ATTENTION
Task: {FEA30BB4-66F7-423D-BE03-D86402C78A14} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-13 11:19 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-02 02:05 - 2017-07-02 02:05 - 00012080 _____ () C:\WINDOWS\TEMP\BullseyeCoverage-x64-3.dll
2013-12-30 14:46 - 2014-09-03 04:27 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-01-01 14:41 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-11-01 23:05 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-06-21 09:19 - 2017-06-21 09:19 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 09:19 - 2017-06-21 09:19 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 09:19 - 2017-06-21 09:19 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 09:19 - 2017-06-21 09:19 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2013-07-18 19:41 - 2013-07-18 19:41 - 04434224 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
2017-06-26 14:06 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 14:06 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2013-09-16 06:26 - 2013-04-19 16:51 - 00023328 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
2017-05-22 20:16 - 2017-05-22 20:16 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 10:54 - 2017-06-22 10:55 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 10:54 - 2017-06-22 10:55 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 10:54 - 2017-06-22 10:54 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-12 23:04 - 2017-06-12 23:05 - 04323840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-12 23:04 - 2017-06-12 23:04 - 03500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2009-12-18 12:07 - 2009-12-18 12:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2017-07-02 02:07 - 2017-07-02 02:07 - 00010520 _____ () C:\Users\Raion\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
2013-09-16 06:26 - 2013-05-02 17:01 - 01813792 _____ () C:\Program Files (x86)\AlienRespawn\OLCoreWrapper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Alienware Survey"
HKLM\...\StartupApproved\Run32: => "Razer Naga Driver"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FAB7A9D-30E5-489C-8EF4-1EE70998882A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EC017C8B-3FE3-4508-B9AE-C7CEAD546E8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C6984786-0842-4A5D-BB7D-D28A62490E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A540AD07-834E-4A3A-AF01-763BD9DEB45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E2B224B8-EA8E-442E-9201-52CB1D440445}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4D2CAF9A-E463-4844-AD9E-FAA3AE2979CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F3E94395-59D1-47CE-8A20-D30D013E25B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{51598168-7FC1-494E-AB3E-20EBEDE6CDB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{8BB1A436-D3FD-4E58-94C7-9AE8454FB72E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{57CAA882-A1DF-4D54-9AB7-30A675DB37BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{76C07688-797E-47D5-93BB-92F453B887A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{852AEF25-4385-41E4-9AB3-1EC6CBEACA96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AF14CC6D-AA68-4F23-BBFD-FBB8C74252B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{FF69A042-2FE6-423C-A3D8-62ADE3E046FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{A394745F-FF65-4664-A06E-A8B9C7A43824}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{9CCAC45E-666C-4AF1-BF47-A13F7750E7E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{0E89B278-84F4-4CC3-A510-0FA854F0D204}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BBBF6AD1-6D5E-4B9F-BBD7-719698FFFBE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{24595C20-9D06-4834-B957-21D98FDD92D0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E21670AE-F893-45F7-983B-37C7D1533E48}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{14A71DF3-3064-4A6F-BFF1-90143219435E}] => (Allow) C:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{7B7CDF93-6E50-4B88-8636-6500E5BE87E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prototype 2\prototype2.exe
FirewallRules: [{F13F4E1F-D470-4E51-9CA4-33E475DC27A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prototype 2\prototype2.exe
FirewallRules: [{213D2807-7F0E-4C2E-A134-33CE7E6E4F4A}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{A14B3D2F-5CB5-46EB-A406-94070D51FB20}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{37E7A9F5-120F-4ABB-8E9D-1E3299E1640C}] => (Allow) C:\Nexon\Library\dragonnest\appdata\DragonNest.exe
FirewallRules: [{468EA630-DFFF-43A1-BEBB-DA6DC3F43802}] => (Allow) C:\Nexon\Library\dragonnest\appdata\DragonNest.exe
FirewallRules: [{B54BB7F7-06B9-4591-8778-D243CC9C73D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe
FirewallRules: [{8E587B9D-4C3A-4778-AE2D-BD507439B39D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WarframeTennoGen\bin\SteamWorkshopUploader.exe
FirewallRules: [{027684C8-CEB8-4119-A5D9-0C3035B281D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{14AD446C-FD90-44BC-B35F-3F4F440C1511}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{627922F4-B645-47C4-BA46-9ADD65F7642F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A91CB378-8F22-4D94-A366-001CA19EA048}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{495DB0E7-C9DF-442C-9561-D72680DB427B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A918A34-FBA9-41F3-B3EF-8620DC45BBB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{855843EA-6255-429F-9EB8-94B53FD7C6BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D56EE32-4A50-4C51-8232-681B9F0E0D97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{DA57DF71-576A-4519-9B51-83BCF2BB5975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [UDP Query User{AA9631D5-FD0A-4864-9A37-FC597F3FCDAC}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{ED355A95-9A85-4D8A-9505-F517419487A7}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [{75E4C28B-C003-435B-B2E2-8148785E69FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{FD6FFC83-B2D0-41A5-9510-D2897C43E646}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{EF71BA32-84B6-4520-BCE5-F00888DB01B9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{00EA492C-3FBC-4889-82B5-E4C473C57CF6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{231E846D-8F43-498A-8E55-EF23B30D3EC9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3FEDF5B8-06ED-43C3-A3AB-551EC579D207}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{84D12C9C-84E4-4D74-B696-C533F6F994A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{9DBAC234-F3A7-4160-B3C8-39F989214A72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{C919D98F-152E-4FCE-8E30-6B539F6F0715}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{ED2DCA56-6E27-45C8-999C-5064373F1BFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{93078E9C-3384-431F-96FF-B09A0648B1FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{3EE91FFE-DA45-4198-B29F-2ECC028635E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\StaticLauncher64.exe
FirewallRules: [{DF169383-1BBD-4ED3-8DE8-0B0CFDEBF4DF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{027E0BA8-7492-4B91-89DC-D66A2BA7C99D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{09865028-FF54-47F3-B958-965D23A42089}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{CCD64191-5F68-4C2F-B8FB-8AA54F0C88F6}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{5ADDC10E-325F-42D5-B26C-CF2F3282ABE9}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{C5B25214-350E-4D39-9E60-D2B15C51941A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{75F0F6A9-CF4B-4674-B001-5BC46BE6240D}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{F0940AC2-7B36-4215-B19F-752A0A6599CD}] => (Allow) C:\Nexon\Vindictus\en-US\NMService.exe
FirewallRules: [{3A61FDBF-9EED-48BE-B788-A8940879090F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [{B03DF885-D15B-4501-8397-437820E39ADB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [{712FD845-4195-4AAC-9E6C-473E09E1E62B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{4D05F0E0-55A9-459D-AA9A-C61B8B50AAD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{BC3E996D-732C-4865-9EDA-1B880E1789E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{A33F0DC2-4832-4F61-9BCE-CAB2D5EAA800}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{57885E64-A19D-49B0-AFA8-6744BDD3D60F}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{4D0E158B-9A5F-4D4E-B739-075A7E98C7E7}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{F4E6E98B-5D3A-43DC-8B92-F56F33DFFF7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79C87A18-D3DC-440C-B0DF-538DBC4B8D15}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DC5AE025-69DF-4228-A214-CA6E563D66FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E6B38C0A-08E9-439E-A3F2-5E846D727113}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{81AD36D2-202E-4C31-B1C0-70D3054B3C17}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{A1EC7031-DA4D-4415-B7F3-35D44EEB80B2}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{39335C6F-E496-46FC-B676-54BE74EC2F33}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B9F7654A-B694-495D-9067-846BA563409D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{B66B90CB-E71F-4B95-9853-DD7FE51F0384}C:\users\raion\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\raion\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{38DA55B4-5958-4E8C-A379-538356A4E661}C:\users\raion\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\raion\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7D239999-5A75-402D-BAD9-D4809E55B92E}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{EBE2AEE3-9709-4F12-BEEE-FF9A825FCA56}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{156EC9FB-5A10-4B2E-9D0E-631753B1AD05}] => (Allow) C:\Nexon\DragonNest\DragonNest.exe
FirewallRules: [{3410CEB2-C9F4-4B62-B501-CCED41557D40}] => (Allow) C:\Nexon\DragonNest\DragonNest.exe
FirewallRules: [{3922518A-A1F5-441C-879E-B9DB160A6B76}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{A0A77BAC-7F99-4060-BD24-1DB014AA7633}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E954085E-D950-4701-B447-A841C6FBC520}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{7FFE75CA-3ADE-4022-A1B8-3905C0A8B017}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{A7ED952D-3F89-4831-94C2-A166D7E2FF67}] => (Allow) LPort=1900
FirewallRules: [{E4BAF87E-D430-4E1A-8486-7914EFDBEB21}] => (Allow) LPort=2869
FirewallRules: [{25BC915D-E236-4E2F-B810-C0DD09BB099A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B71D01D6-25D3-44D4-9130-C1F30553A1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{AFDB37F3-B11E-4D18-BEFC-6771225758AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{6E87CD35-AA62-4B7E-BDA0-05F0560C987F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6EE79313-2CED-4A30-934A-E0D38A168B3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DB916EDC-B920-4775-9FAF-6841E13DC3FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B2F64ADF-94D4-425C-914F-E2DDC4D95A45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81B5F33E-B3B8-4ABA-8AB6-23E9AC57D52A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C1C5A746-6396-4CAA-A0CF-C44862EE0A88}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FB8E2438-9EE9-4D68-A7AF-99DF984509B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dragonnest\DragonNest.exe
FirewallRules: [{67AE27FE-A0E6-4623-B1D1-9B4EEA61CC4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dragonnest\DragonNest.exe
FirewallRules: [{4516776A-1B4E-4F18-8CF4-214C185B035C}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{DAB7733D-7250-4D59-860A-67308A5F7AE5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{A215E610-072E-4CDA-A00C-3617CCFC22A6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{DB36E519-FB1F-407E-BDC2-E59A04EEC71F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{989FDC5E-A369-4919-882A-5C83A7DA15E6}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{1AFF8A55-FCB9-4723-86B9-E3733DE6DBEF}] => (Allow) C:\Program Files (x86)\Kill3rCombo\Elsword\data\x2.exe
FirewallRules: [{CD644E02-15EA-46F8-A240-3EF0DD7B0CC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{09473E3D-2A9A-415F-B719-EBCBF6AB0236}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F63E8975-4B1E-4143-A292-F72237299355}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6F9A2EBD-7510-4D00-ACF6-73370B412CE6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A3904C88-2E18-4FB5-AAE0-B52021064D04}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{43F14DCF-692E-4A38-98BD-5392BB15AB04}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1362ED03-4E01-4D27-BA2E-F17694F5B8EC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{27D8BC4E-0F63-4BC8-9580-80D32EFF813D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6F5D6877-679B-449D-A7DC-80CAF540D5DB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{78EF0036-82ED-4AFF-AC85-AD940B4F23BE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CA20E366-939A-4F29-8D1C-AFA01EA12DDB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3E01B0F3-E522-4A1A-BDD9-E416DE6DE3C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8F6CC99-1BF4-4171-BBA9-6976BF46DA85}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{94E41B14-06A5-4EC6-A579-C7DD81DEEAE5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A79C6518-6757-49B4-BE25-BC9581A65D52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{7FD329AE-00FB-4D04-A9F1-87A5150893C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{0D5ACE77-D981-4679-919C-23DB8A817364}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{9332A407-B115-477F-8A22-EB89571BC3E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{96189E72-F612-4D38-8FA8-F694FF1295ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{BA97E6E8-5200-4DC5-BB11-5204098AE3D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{A0089294-6F3E-468D-8D3E-7BC17B133F84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{99427E87-A50F-4462-9F9B-B574ED13FFC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{29946EFF-BA14-4A2E-92FF-061FC0FE832D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{E21F8917-6DFD-4534-8BA9-BE980B89446A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{7B6E5DDA-221D-4CD9-944A-0D58727AF3F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C97A654E-37A7-4325-BFE1-02B6F4678A17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{C6FEA22E-7F0A-4C72-9935-A419775BD4CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{33CFEE77-8DA3-4CE5-80F6-9542DAD9BE96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{E578A36D-7E56-42F7-AFE4-BF489DE434AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe

==================== Restore Points =========================

22-06-2017 17:58:14 Scheduled Checkpoint
01-07-2017 14:07:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 02:12:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DellDataVault.exe, version: 4.0.0.0, time stamp: 0x56e20b2c
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x38a8
Faulting application start time: 0x01d2f2fa13614944
Faulting application path: C:\Program Files\Dell\DellDataVault\DellDataVault.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ac1726d9-6148-4d9a-b339-f3fa37c93226
Faulting package full name:
Faulting package-relative application ID:

Error: (07/02/2017 02:11:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/02/2017 02:04:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AlienFusionController.exe, version: 3.0.29.0, time stamp: 0x51a64b1e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xa6f870e0
Faulting process id: 0x7fd0
Faulting application start time: 0x01d2f2f8fd14046c
Faulting application path: C:\Program Files\Alienware\Command Center\AlienFusionController.exe
Faulting module path: unknown
Report Id: 01072bc6-afbe-4931-a390-fc4c24fa7854
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2017 11:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Hammerwatch.exe, version: 1.0.0.0, time stamp: 0x56fe7534
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0603100e
Faulting process id: 0x9174
Faulting application start time: 0x01d2f06cc441479d
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
Faulting module path: unknown
Report Id: 6980f536-a848-4862-b0df-691801ffe65f
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2017 11:09:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Hammerwatch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at TiltedEngine.Sprite.Update(Int32)
at ARPGGame.GUI.SpriteWidget.Update(Int32)
at ARPGGame.GUI.Widget.Update(Int32)
at ARPGGame.GUI.SpriteWidget.Update(Int32)
at ARPGGame.GUI.Widget.Update(Int32)
at ARPGGame.GUI.Widget.Update(Int32)
at ARPGGame.GUI.Widget.Update(Int32)
at ARPGGame.Menus.GameMenu.Update(Int32, Boolean)
at ARPGGame.Menus.GameHUD.Update(Int32, Boolean)
at ARPGGame.GameBase.Update(Int32)
at ARPGGame.ARPGGame.OnUpdateFrame()
at ARPGGame.ARPGGame.Run()
at ARPGGame.Program.Main(System.String[])

Error: (06/26/2017 08:51:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DellDataVault.exe, version: 4.0.0.0, time stamp: 0x56e20b2c
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x3870
Faulting application start time: 0x01d2ee7ad851541c
Faulting application path: C:\Program Files\Dell\DellDataVault\DellDataVault.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 260a0694-ed67-450d-aa41-b9c0c6f67ed4
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2017 01:22:30 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/26/2017 01:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DellDataVault.exe, version: 4.0.0.0, time stamp: 0x56e20b2c
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x2c20
Faulting application start time: 0x01d2ee3bcd2b23c8
Faulting application path: C:\Program Files\Dell\DellDataVault\DellDataVault.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7a10694a-e86f-4eee-9cfd-12291e3a40eb
Faulting package full name:
Faulting package-relative application ID:

Error: (06/25/2017 11:13:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DellDataVault.exe, version: 4.0.0.0, time stamp: 0x56e20b2c
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xb79b6ddb
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x3564
Faulting application start time: 0x01d2edc57e8096f3
Faulting application path: C:\Program Files\Dell\DellDataVault\DellDataVault.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 23254ec4-492a-4dc0-a2a4-3618a4bde50e
Faulting package full name:
Faulting package-relative application ID:

Error: (06/25/2017 11:11:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.28.80.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2350

Start Time: 01d2edc4902a81d2

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: fc055776-7b35-43f3-8911-54ca863cf542

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (07/02/2017 03:48:27 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-S97U0V8
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF8CA97F-B753-48B1-AEB1-FB79048587BD}.
The master browser is stopping or an election is being forced.

Error: (07/02/2017 02:12:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).

Error: (07/02/2017 02:05:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/02/2017 02:05:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/02/2017 02:03:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (07/02/2017 02:02:23 AM) (Source: DCOM) (EventID: 10010) (User: Raion-PC)
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.

Error: (07/01/2017 10:42:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-S97U0V8
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF8CA97F-B753-48B1-AEB1-FB79048587BD}.
The master browser is stopping or an election is being forced.

Error: (07/01/2017 10:02:40 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-S97U0V8
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF8CA97F-B753-48B1-AEB1-FB79048587BD}.
The master browser is stopping or an election is being forced.

Error: (06/28/2017 09:12:05 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-S97U0V8
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF8CA97F-B753-48B1-AEB1-FB79048587BD}.
The master browser is stopping or an election is being forced.

Error: (06/28/2017 05:58:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DESKTOP-S97U0V8
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BF8CA97F-B753-48B1-AEB1-FB79048587BD}.
The master browser is stopping or an election is being forced.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 71%
Total physical RAM: 8077.06 MB
Available physical RAM: 2290.29 MB
Total Virtual: 16269.06 MB
Available Virtual: 8487.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:688.4 GB) (Free:454.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 5A263A92)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 02 July 2017 - 09:05 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 02 July 2017 - 09:11 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> DefaultScope {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {03AB4F75-516F-428D-B243-4C48C37FCAA4} - \PCDoctorBackgroundMonitorTask
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - \Microsoft\Windows\Media Center\PBDADiscoveryW1
Task: {066E30F4-7103-4A4C-8C8F-D6D6E56B983A} - \GoogleUpdateTaskMachineUA1d1f38a598768b3
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2
Task: {11A697FA-93E0-45BD-B56D-7E64C1956FF6} - \Remediation\AntimalwareMigrationTask
Task: {14D17F42-440D-4DE1-A49F-3892FE3E3D64} - \SystemToolsDailyTest
Task: {15CCEE74-CE2C-4CC1-92E0-1EECADC65DEE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d
Task: {1627F770-57C0-4A45-BDB0-D93E041DBA16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {175A6035-6539-49B7-A3C8-785E95801DFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {22ED3C60-D93C-4C11-9641-44967FE42C8D} - \Norton WSC Integration
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - \Microsoft\Windows\Media Center\PvrScheduleTask
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - \Microsoft\Windows\Media Center\PBDADiscoveryW2
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - \Microsoft\Windows\Media Center\PeriodicScanRetry
Task: {3281C116-3203-4658-A085-BBE538A854BA} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
Task: {3D07B915-B089-4808-84E8-A4C3F9CC0B70} - \GoogleUpdateTaskMachineCore
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - \Microsoft\Windows\Media Center\InstallPlayReady
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific
Task: {479B93FF-114C-44F1-88C9-C7FEBB2A4421} - \GoogleUpdateTaskMachineCore1d1f38a58da790e
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - \Microsoft\Windows\Media Center\ActivateWindowsSearch
Task: {50871997-C566-4986-97E8-A36320F1D2D0} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {530C5DBE-B9E5-412D-8FE8-E3DB4209FDC7} - \{B415AFF8-D648-4436-BCA5-BF3963AEDCF0}
Task: {579E8CD5-73E1-4C39-9A11-38610AD4BDE5} - \WPD\SqmUpload_S-1-5-21-1279453236-2449229446-3293993781-1001
Task: {5887AEC2-C64C-4B75-8479-1114727AE52C} - \GoogleUpdateTaskMachineUA
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls
Task: {606B6B60-FE50-4CD2-ADC7-331BB4753BC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - \Microsoft\Windows\Media Center\ReindexSearchRoot
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - \Microsoft\Windows\SideShow\GadgetManager
Task: {65D05418-3254-437D-BEB2-F2C90502489D} - \{67FBA6A4-CA7B-4D0E-AE28-2760E3AA925A}
Task: {69D37301-7578-4B7F-B422-5BE288157916} - \Microsoft\Windows\WindowsBackup\AutomaticBackup
Task: {6A6D4E67-4640-4ED1-A5AA-22C9921D6916} - \GyazoUpdateTaskMachine
Task: {6AC27663-5E0D-4823-85E1-5AAB91556D39} - \{6C8506B3-244B-4437-B010-393BC204FBAF}
Task: {6FF3C99D-3D38-46F2-9850-0A1814D67D0A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {75B3BA3A-1326-415F-A2EF-8B81EC25E419} - \GyazoUpdateTaskMachineDaily
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - \Microsoft\Windows\SideShow\AutoWake
Task: {79BC0605-5CB6-440E-93B9-C79750ABC50C} - \PCDDataUploadTask
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - \Microsoft\Windows\Media Center\PvrRecoveryTask
Task: {7ABF40DF-D27E-40C3-A3B5-06B0E12B144C} - \Adobe Flash Player Updater
Task: {7B10912E-565F-49CC-98D8-087D7F9F58BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {826DFA7F-3574-4331-8E5D-EEAE1258900B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {8BC9361F-5CCA-4AC1-9831-3018FC5DCDE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService
Task: {9033AC93-17E4-48A5-BA41-66DF3DB3811E} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {A1210EEE-12CB-4951-99D9-9094F7E1EB4F} - \Microsoft\XblGameSave\XblGameSaveTaskLogon
Task: {A2F4B50C-42AF-47A5-A487-67B906ED9945} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - \Microsoft\Windows\Media Center\OCURDiscovery
Task: {A8A4EB24-3D55-45E8-93A4-01D5363F1E38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {AAF211D1-574E-4324-83BE-5C4BA7DC8280} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task: {B1BABF72-FC4E-4214-9318-E6FF698A5C2F} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B33100AC-14DF-4DEC-AED9-307218D0CC3B} - \Apple\AppleSoftwareUpdate
Task: {B6818693-25D4-49D7-AD9E-E71EE461EF06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - \Microsoft\Windows\Media Center\mcupdate
Task: {B824D77B-CC5B-464C-81F5-BD0981D17984} - \{DA98D253-EA0D-4033-87B7-16E577F06ACA}
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - \Microsoft\Windows\Media Center\PBDADiscovery
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - \Microsoft\Windows\SideShow\SessionAgent
Task: {C3ED9755-8040-46F9-87D2-25202696C253} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - \Microsoft\Windows\Media Center\OCURActivate
Task: {CB8DA873-5636-4AED-A6B8-52CE1CE8C5C8} - \PCDEventLauncherTask
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D33852CA-C423-4FD3-AC01-697759769829} - \Microsoft\Windows\Media Center\RegisterSearch
Task: {D49BBE31-42CE-4B75-AA63-3EA027AABF40} - \Microsoft\Windows\UpdateOrchestrator\Policy Install
Task: {D558BE52-E7DF-48CD-9DC3-87F7F4B819CC} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D60E53ED-A9F7-4E5A-8BDE-B56705AAE785} - \Dell SupportAssistAgent AutoUpdate
Task: {DED9516B-919A-4A04-9544-22A98728544E} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
Task: {E1815811-BDEA-478F-A35C-3CB15CF6BD00} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Task: {E54307A9-7162-47D8-8248-3338B0B1FF91} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - \Microsoft\Windows\Media Center\RecordingRestart
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - \Microsoft\Windows\Media Center\UpdateRecordPath
Task: {EF1D5F09-9355-4C2E-A9D3-8D45A5D52041} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - \Microsoft\Windows\Media Center\ehDRMInit
Task: {F29147B7-A909-4993-A988-209B54944DCF} - \Microsoft\Windows\SideShow\SystemDataProviders
Task: {F31A1E3E-1826-4F18-B924-679A265921FA} - \Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Task: {F4BC0F4F-2666-4FCD-858C-6035B9AA6EF6} - \Microsoft\Windows\Media Center\StartRecording
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - \Microsoft\Windows\MobilePC\HotStart
Task: {FBB3860F-0B1E-427C-911A-1F0778C89221} - \{29B10A1C-F3A7-4C74-99FE-7EDD690B636C}
Task: {FEA30BB4-66F7-423D-BE03-D86402C78A14} - \Microsoft\Windows\Setup\gwx\rundetector
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
hosts:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Edited by Oh My!, 02 July 2017 - 09:18 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Kinimx

Kinimx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 02 July 2017 - 09:54 PM

Hi Gary, my name is Victor. Thank you very much for your assistance!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Raion (02-07-2017 22:30:58) Run:1
Running from C:\Users\Raion\Documents\Malware Removal
Loaded Profiles: Raion & DefaultAppPool (Available Profiles: Raion & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> DefaultScope {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
SearchScopes: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001 -> {0F648844-4BC6-4C27-A9E3-346FE865E00D} URL =
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {03AB4F75-516F-428D-B243-4C48C37FCAA4} - \PCDoctorBackgroundMonitorTask
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - \Microsoft\Windows\Media Center\PBDADiscoveryW1
Task: {066E30F4-7103-4A4C-8C8F-D6D6E56B983A} - \GoogleUpdateTaskMachineUA1d1f38a598768b3
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2
Task: {11A697FA-93E0-45BD-B56D-7E64C1956FF6} - \Remediation\AntimalwareMigrationTask
Task: {14D17F42-440D-4DE1-A49F-3892FE3E3D64} - \SystemToolsDailyTest
Task: {15CCEE74-CE2C-4CC1-92E0-1EECADC65DEE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d
Task: {1627F770-57C0-4A45-BDB0-D93E041DBA16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {175A6035-6539-49B7-A3C8-785E95801DFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {22ED3C60-D93C-4C11-9641-44967FE42C8D} - \Norton WSC Integration
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - \Microsoft\Windows\Media Center\PvrScheduleTask
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - \Microsoft\Windows\Media Center\PBDADiscoveryW2
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - \Microsoft\Windows\Media Center\PeriodicScanRetry
Task: {3281C116-3203-4658-A085-BBE538A854BA} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
Task: {3D07B915-B089-4808-84E8-A4C3F9CC0B70} - \GoogleUpdateTaskMachineCore
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - \Microsoft\Windows\Media Center\InstallPlayReady
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific
Task: {479B93FF-114C-44F1-88C9-C7FEBB2A4421} - \GoogleUpdateTaskMachineCore1d1f38a58da790e
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - \Microsoft\Windows\Media Center\ActivateWindowsSearch
Task: {50871997-C566-4986-97E8-A36320F1D2D0} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {530C5DBE-B9E5-412D-8FE8-E3DB4209FDC7} - \{B415AFF8-D648-4436-BCA5-BF3963AEDCF0}
Task: {579E8CD5-73E1-4C39-9A11-38610AD4BDE5} - \WPD\SqmUpload_S-1-5-21-1279453236-2449229446-3293993781-1001
Task: {5887AEC2-C64C-4B75-8479-1114727AE52C} - \GoogleUpdateTaskMachineUA
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls
Task: {606B6B60-FE50-4CD2-ADC7-331BB4753BC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - \Microsoft\Windows\Media Center\ReindexSearchRoot
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - \Microsoft\Windows\SideShow\GadgetManager
Task: {65D05418-3254-437D-BEB2-F2C90502489D} - \{67FBA6A4-CA7B-4D0E-AE28-2760E3AA925A}
Task: {69D37301-7578-4B7F-B422-5BE288157916} - \Microsoft\Windows\WindowsBackup\AutomaticBackup
Task: {6A6D4E67-4640-4ED1-A5AA-22C9921D6916} - \GyazoUpdateTaskMachine
Task: {6AC27663-5E0D-4823-85E1-5AAB91556D39} - \{6C8506B3-244B-4437-B010-393BC204FBAF}
Task: {6FF3C99D-3D38-46F2-9850-0A1814D67D0A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {75B3BA3A-1326-415F-A2EF-8B81EC25E419} - \GyazoUpdateTaskMachineDaily
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - \Microsoft\Windows\SideShow\AutoWake
Task: {79BC0605-5CB6-440E-93B9-C79750ABC50C} - \PCDDataUploadTask
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - \Microsoft\Windows\Media Center\PvrRecoveryTask
Task: {7ABF40DF-D27E-40C3-A3B5-06B0E12B144C} - \Adobe Flash Player Updater
Task: {7B10912E-565F-49CC-98D8-087D7F9F58BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {826DFA7F-3574-4331-8E5D-EEAE1258900B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {8BC9361F-5CCA-4AC1-9831-3018FC5DCDE4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService
Task: {9033AC93-17E4-48A5-BA41-66DF3DB3811E} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {A1210EEE-12CB-4951-99D9-9094F7E1EB4F} - \Microsoft\XblGameSave\XblGameSaveTaskLogon
Task: {A2F4B50C-42AF-47A5-A487-67B906ED9945} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - \Microsoft\Windows\Media Center\OCURDiscovery
Task: {A8A4EB24-3D55-45E8-93A4-01D5363F1E38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {AAF211D1-574E-4324-83BE-5C4BA7DC8280} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task: {B1BABF72-FC4E-4214-9318-E6FF698A5C2F} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B33100AC-14DF-4DEC-AED9-307218D0CC3B} - \Apple\AppleSoftwareUpdate
Task: {B6818693-25D4-49D7-AD9E-E71EE461EF06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - \Microsoft\Windows\Media Center\mcupdate
Task: {B824D77B-CC5B-464C-81F5-BD0981D17984} - \{DA98D253-EA0D-4033-87B7-16E577F06ACA}
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - \Microsoft\Windows\Media Center\PBDADiscovery
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - \Microsoft\Windows\SideShow\SessionAgent
Task: {C3ED9755-8040-46F9-87D2-25202696C253} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - \Microsoft\Windows\Media Center\OCURActivate
Task: {CB8DA873-5636-4AED-A6B8-52CE1CE8C5C8} - \PCDEventLauncherTask
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D33852CA-C423-4FD3-AC01-697759769829} - \Microsoft\Windows\Media Center\RegisterSearch
Task: {D49BBE31-42CE-4B75-AA63-3EA027AABF40} - \Microsoft\Windows\UpdateOrchestrator\Policy Install
Task: {D558BE52-E7DF-48CD-9DC3-87F7F4B819CC} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D60E53ED-A9F7-4E5A-8BDE-B56705AAE785} - \Dell SupportAssistAgent AutoUpdate
Task: {DED9516B-919A-4A04-9544-22A98728544E} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
Task: {E1815811-BDEA-478F-A35C-3CB15CF6BD00} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Task: {E54307A9-7162-47D8-8248-3338B0B1FF91} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - \Microsoft\Windows\Media Center\RecordingRestart
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - \Microsoft\Windows\Media Center\UpdateRecordPath
Task: {EF1D5F09-9355-4C2E-A9D3-8D45A5D52041} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - \Microsoft\Windows\Media Center\ehDRMInit
Task: {F29147B7-A909-4993-A988-209B54944DCF} - \Microsoft\Windows\SideShow\SystemDataProviders
Task: {F31A1E3E-1826-4F18-B924-679A265921FA} - \Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Task: {F4BC0F4F-2666-4FCD-858C-6035B9AA6EF6} - \Microsoft\Windows\Media Center\StartRecording
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - \Microsoft\Windows\MobilePC\HotStart
Task: {FBB3860F-0B1E-427C-911A-1F0778C89221} - \{29B10A1C-F3A7-4C74-99FE-7EDD690B636C}
Task: {FEA30BB4-66F7-423D-BE03-D86402C78A14} - \Microsoft\Windows\Setup\gwx\rundetector
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
hosts:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F648844-4BC6-4C27-A9E3-346FE865E00D} => key removed successfully
HKLM\Software\Classes\CLSID\{0F648844-4BC6-4C27-A9E3-346FE865E00D} => key not found. 
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001_Classes\ChromeHTML => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03AB4F75-516F-428D-B243-4C48C37FCAA4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03AB4F75-516F-428D-B243-4C48C37FCAA4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066E30F4-7103-4A4C-8C8F-D6D6E56B983A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066E30F4-7103-4A4C-8C8F-D6D6E56B983A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088482FA-65B8-4E17-9ABF-1DCD48E8D373} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F06BFE-A3C8-40E3-846A-6E6F4000C238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11A697FA-93E0-45BD-B56D-7E64C1956FF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11A697FA-93E0-45BD-B56D-7E64C1956FF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D17F42-440D-4DE1-A49F-3892FE3E3D64} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D17F42-440D-4DE1-A49F-3892FE3E3D64} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15CCEE74-CE2C-4CC1-92E0-1EECADC65DEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15CCEE74-CE2C-4CC1-92E0-1EECADC65DEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1627F770-57C0-4A45-BDB0-D93E041DBA16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1627F770-57C0-4A45-BDB0-D93E041DBA16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175A6035-6539-49B7-A3C8-785E95801DFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175A6035-6539-49B7-A3C8-785E95801DFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22ED3C60-D93C-4C11-9641-44967FE42C8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22ED3C60-D93C-4C11-9641-44967FE42C8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25D9C75E-5407-41D1-AB0D-E77CF131168B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25D9C75E-5407-41D1-AB0D-E77CF131168B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30AEFC67-F451-41D0-9107-9E3C062295CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30AEFC67-F451-41D0-9107-9E3C062295CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3281C116-3203-4658-A085-BBE538A854BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3281C116-3203-4658-A085-BBE538A854BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D07B915-B089-4808-84E8-A4C3F9CC0B70} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D07B915-B089-4808-84E8-A4C3F9CC0B70} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D1B8B0E-6642-4134-B72D-F76D88BE4544} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1B8B0E-6642-4134-B72D-F76D88BE4544} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4520E8A9-AF06-4122-859B-E4B655B29B36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4520E8A9-AF06-4122-859B-E4B655B29B36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{479B93FF-114C-44F1-88C9-C7FEBB2A4421} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{479B93FF-114C-44F1-88C9-C7FEBB2A4421} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CE4033A-BEB9-45F8-9ACE-085A50C2E917} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CE4033A-BEB9-45F8-9ACE-085A50C2E917} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50871997-C566-4986-97E8-A36320F1D2D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50871997-C566-4986-97E8-A36320F1D2D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B7FB15-4DCB-400E-9A98-10E802F21FB3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B7FB15-4DCB-400E-9A98-10E802F21FB3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{530C5DBE-B9E5-412D-8FE8-E3DB4209FDC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{530C5DBE-B9E5-412D-8FE8-E3DB4209FDC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{579E8CD5-73E1-4C39-9A11-38610AD4BDE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{579E8CD5-73E1-4C39-9A11-38610AD4BDE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5887AEC2-C64C-4B75-8479-1114727AE52C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5887AEC2-C64C-4B75-8479-1114727AE52C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{606B6B60-FE50-4CD2-ADC7-331BB4753BC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{606B6B60-FE50-4CD2-ADC7-331BB4753BC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62CD5F12-2156-440D-BE8B-E128153E58A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62CD5F12-2156-440D-BE8B-E128153E58A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65899461-1FC6-40B3-AFA4-F2A43923DCB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65899461-1FC6-40B3-AFA4-F2A43923DCB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65D05418-3254-437D-BEB2-F2C90502489D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65D05418-3254-437D-BEB2-F2C90502489D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69D37301-7578-4B7F-B422-5BE288157916} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D37301-7578-4B7F-B422-5BE288157916} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A6D4E67-4640-4ED1-A5AA-22C9921D6916} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A6D4E67-4640-4ED1-A5AA-22C9921D6916} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AC27663-5E0D-4823-85E1-5AAB91556D39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC27663-5E0D-4823-85E1-5AAB91556D39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FF3C99D-3D38-46F2-9850-0A1814D67D0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FF3C99D-3D38-46F2-9850-0A1814D67D0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75B3BA3A-1326-415F-A2EF-8B81EC25E419} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B3BA3A-1326-415F-A2EF-8B81EC25E419} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{777E1701-75C6-4F62-8F92-F876D658BA63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{777E1701-75C6-4F62-8F92-F876D658BA63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79BC0605-5CB6-440E-93B9-C79750ABC50C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79BC0605-5CB6-440E-93B9-C79750ABC50C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A14CA65-B2A2-4788-B4F3-D25BEFE56933} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A14CA65-B2A2-4788-B4F3-D25BEFE56933} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ABF40DF-D27E-40C3-A3B5-06B0E12B144C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABF40DF-D27E-40C3-A3B5-06B0E12B144C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B10912E-565F-49CC-98D8-087D7F9F58BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B10912E-565F-49CC-98D8-087D7F9F58BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{826DFA7F-3574-4331-8E5D-EEAE1258900B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{826DFA7F-3574-4331-8E5D-EEAE1258900B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BC9361F-5CCA-4AC1-9831-3018FC5DCDE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BC9361F-5CCA-4AC1-9831-3018FC5DCDE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CC764A0-B47D-4174-9FED-261CA4736C55} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC764A0-B47D-4174-9FED-261CA4736C55} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9033AC93-17E4-48A5-BA41-66DF3DB3811E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9033AC93-17E4-48A5-BA41-66DF3DB3811E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1210EEE-12CB-4951-99D9-9094F7E1EB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1210EEE-12CB-4951-99D9-9094F7E1EB4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2F4B50C-42AF-47A5-A487-67B906ED9945} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F4B50C-42AF-47A5-A487-67B906ED9945} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A45031B4-CE64-45E6-A290-E46EE19ED9FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A45031B4-CE64-45E6-A290-E46EE19ED9FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8A4EB24-3D55-45E8-93A4-01D5363F1E38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A4EB24-3D55-45E8-93A4-01D5363F1E38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAF211D1-574E-4324-83BE-5C4BA7DC8280} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAF211D1-574E-4324-83BE-5C4BA7DC8280} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1BABF72-FC4E-4214-9318-E6FF698A5C2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BABF72-FC4E-4214-9318-E6FF698A5C2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B320E058-C6FA-413F-876B-0C9B4428AE66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B320E058-C6FA-413F-876B-0C9B4428AE66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33100AC-14DF-4DEC-AED9-307218D0CC3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33100AC-14DF-4DEC-AED9-307218D0CC3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6818693-25D4-49D7-AD9E-E71EE461EF06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6818693-25D4-49D7-AD9E-E71EE461EF06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80B82BB-EF32-41FC-82B7-78EA124485F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80B82BB-EF32-41FC-82B7-78EA124485F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B824D77B-CC5B-464C-81F5-BD0981D17984} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B824D77B-CC5B-464C-81F5-BD0981D17984} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8541BDC-C229-498C-9F4F-02E7897007D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8541BDC-C229-498C-9F4F-02E7897007D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAEE117B-20B4-49EA-94A2-D757CE74E18B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAEE117B-20B4-49EA-94A2-D757CE74E18B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3ED9755-8040-46F9-87D2-25202696C253} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3ED9755-8040-46F9-87D2-25202696C253} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B2579B-4962-4D12-883D-BBD420573A6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B2579B-4962-4D12-883D-BBD420573A6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA209243-FFD3-4C33-8101-CF53D720C344} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA209243-FFD3-4C33-8101-CF53D720C344} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB8DA873-5636-4AED-A6B8-52CE1CE8C5C8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB8DA873-5636-4AED-A6B8-52CE1CE8C5C8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D19A2726-897E-4F7D-9CE4-0773B449CE9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D19A2726-897E-4F7D-9CE4-0773B449CE9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D33852CA-C423-4FD3-AC01-697759769829} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33852CA-C423-4FD3-AC01-697759769829} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D49BBE31-42CE-4B75-AA63-3EA027AABF40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D49BBE31-42CE-4B75-AA63-3EA027AABF40} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D558BE52-E7DF-48CD-9DC3-87F7F4B819CC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D558BE52-E7DF-48CD-9DC3-87F7F4B819CC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D60E53ED-A9F7-4E5A-8BDE-B56705AAE785} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D60E53ED-A9F7-4E5A-8BDE-B56705AAE785} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DED9516B-919A-4A04-9544-22A98728544E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED9516B-919A-4A04-9544-22A98728544E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1815811-BDEA-478F-A35C-3CB15CF6BD00} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1815811-BDEA-478F-A35C-3CB15CF6BD00} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E54307A9-7162-47D8-8248-3338B0B1FF91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54307A9-7162-47D8-8248-3338B0B1FF91} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E7CE2F71-A981-4344-A9D2-3CF6FE79E734} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7CE2F71-A981-4344-A9D2-3CF6FE79E734} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACA24FF-236C-401D-A1E7-B3D5267B8A50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECB6050B-1EED-402B-8686-244B9ACDCB1D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB6050B-1EED-402B-8686-244B9ACDCB1D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1D5F09-9355-4C2E-A9D3-8D45A5D52041} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1D5F09-9355-4C2E-A9D3-8D45A5D52041} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF62269D-A795-4E81-B886-6C8C9588251C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF62269D-A795-4E81-B886-6C8C9588251C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F29147B7-A909-4993-A988-209B54944DCF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29147B7-A909-4993-A988-209B54944DCF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F31A1E3E-1826-4F18-B924-679A265921FA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31A1E3E-1826-4F18-B924-679A265921FA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F365DE6C-571F-4B97-B178-88BE6EF6442A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F365DE6C-571F-4B97-B178-88BE6EF6442A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4BC0F4F-2666-4FCD-858C-6035B9AA6EF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4BC0F4F-2666-4FCD-858C-6035B9AA6EF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9608979-743F-4487-9C15-A6F7676BD678} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9608979-743F-4487-9C15-A6F7676BD678} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBB3860F-0B1E-427C-911A-1F0778C89221} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBB3860F-0B1E-427C-911A-1F0778C89221} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA30BB4-66F7-423D-BE03-D86402C78A14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA30BB4-66F7-423D-BE03-D86402C78A14} => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2620:9b::1931:904
   Link-local IPv6 Address . . . . . : fe80::bc2b:9f12:292d:8f03%9
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2601:343:8102:5fa0:459a:3570:83de:7e92
   Temporary IPv6 Address. . . . . . : 2601:343:8102:5fa0:c8f0:3960:e812:3013
   Link-local IPv6 Address . . . . . : fe80::459a:3570:83de:7e92%12
   Default Gateway . . . . . . . . . : fe80::200:caff:fe11:2233%12
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:419:64c:f5ff:fff8
   Link-local IPv6 Address . . . . . : fe80::419:64c:f5ff:fff8%32
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2620:9b::1931:904
   Link-local IPv6 Address . . . . . : fe80::bc2b:9f12:292d:8f03%9
   IPv4 Address. . . . . . . . . . . : 25.49.9.4
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   IPv6 Address. . . . . . . . . . . : 2601:343:8102:5fa0:459a:3570:83de:7e92
   Temporary IPv6 Address. . . . . . : 2601:343:8102:5fa0:c8f0:3960:e812:3013
   Link-local IPv6 Address . . . . . : fe80::459a:3570:83de:7e92%12
   IPv4 Address. . . . . . . . . . . : 10.0.0.7
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::200:caff:fe11:2233%12
                                       10.0.0.1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:896:3209:f5ff:fff8
   Link-local IPv6 Address . . . . . : fe80::896:3209:f5ff:fff8%32
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:32:10 ====
 
 
# AdwCleaner v6.047 - Logfile created 02/07/2017 at 22:46:41
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Raion - RAION-PC
# Running from : C:\Users\Raion\Documents\Malware Removal\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Raion\AppData\Local\28050
[-] Folder deleted: C:\Users\Raion\AppData\Local\AVG SafeGuard toolbar
[-] Folder deleted: C:\Users\Raion\AppData\Local\WeatherAlerts
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\speedupmypc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Software\OB
[-] Key deleted: HKU\S-1-5-21-1279453236-2449229446-3293993781-1001\Software\SearchProtectWS
[#] Key deleted on reboot: HKCU\Software\OB
[#] Key deleted on reboot: HKCU\Software\SearchProtectWS
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: [x64] HKCU\Software\OB
[#] Key deleted on reboot: [x64] HKCU\Software\SearchProtectWS
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Raion\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2861 Bytes] - [02/07/2017 22:46:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [3229 Bytes] - [02/07/2017 22:44:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3007 Bytes] ##########
 
 
Current computer performance appears to still be fine. No noticeable slowdowns or issues.

Edited by Kinimx, 02 July 2017 - 09:58 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 02 July 2017 - 10:11 PM

Are you seeing 'RTC Video Listener PnP'?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kinimx

Kinimx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 02 July 2017 - 10:12 PM

Not from what I've seen from the few restarts required.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 02 July 2017 - 10:15 PM

OK, let's follow up with this and touch base tomorrow.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kinimx

Kinimx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 03 July 2017 - 05:47 AM

(Uninstalled and Quarantined ESET but appeared to have no log, if that's fine, will rescan if needed.)

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender        
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Flash Player 22.0.0.209  
 Adobe Reader XI  
 Google Chrome (59.0.3071.115) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 Raion Documents Malware Removal securitycheck.exe 
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
Computer still looking good, haven't seen anything of the RTC Video Listener PnP.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 03 July 2017 - 10:25 AM

Everything looks great. I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Kinimx

Kinimx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 03 July 2017 - 10:40 AM

Thank you very kindly, Gary. I hope you have a nice day!



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 03 July 2017 - 11:35 AM

Thank you Victor, and you as well.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:34 AM

Posted 03 July 2017 - 11:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users