Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to certain servers & links redirect


  • This topic is locked This topic is locked
11 replies to this topic

#1 virtualflying

virtualflying

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 July 2017 - 02:44 PM

 
Hi guys,
 
First, huge shoutout to Bleeping Computer. I found this website last night because I was having virus issues and you guys really know your stuff!
 
 
You can see my logs and such there, but I have my FRST.txt log here:
 
*****
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Grant (administrator) on DESKTOP-FE7BE0B (11-07-2017 14:19:53)
Running from C:\Users\Grant\Downloads
Loaded Profiles: Grant (Available Profiles: Grant)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(SUPERAntiSpyware.com) D:\Programs\Spyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.1.12\NS.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() D:\Programs\CAM\Service\CAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.1.12\NS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Windows\System32\tprdpw64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(CobianSoft, Luis Cobian) D:\Programs\Cobian Backup\cbVSCService11.exe
(Luis Cobian, CobianSoft) D:\Programs\Cobian Backup\Cobian.exe
(Luis Cobian, CobianSoft) D:\Programs\Cobian Backup\cbInterface.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\Programs\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAMS\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\Grant\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [Steam] => D:\Steam\steam.exe [3062048 2017-07-06] (Valve Corporation)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [puush] => D:\Programs\puush.exe [568904 2017-03-27] ()
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [com.squirrel.slack.slack] => "C:\Users\Grant\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup"
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [Discord] => C:\Users\Grant\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [Spotify Web Helper] => C:\Users\Grant\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Run: [GoogleChromeAutoLaunch_B4E9779156F26FC26D03BF7A2ADC2259] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnimaPaper.lnk [2017-03-05]
ShortcutTarget: AnimaPaper.lnk -> C:\Users\Grant\Documents\GitHub\AnimaPaper\VideoDesk\bin\Release\AnimaPaper.exe (No File)
Startup: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2017-07-05]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywherePlayer\DishAnywherePlayer.exe (Sling Media Inc.)
Startup: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-04-22]
ShortcutTarget: Rainmeter.lnk -> D:\Programs\Rainmeter\Rainmeter.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a4d0f598-d314-4afd-9f9b-f9bc325a2522}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c0684182-5690-47df-80ae-0fd99fd2c7d9}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2814850551-2797825924-249666552-1001 -> {485C9FA1-CD87-4038-87C3-CE92F779D359} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-08] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: m0ryuj1n.default
FF ProfilePath: C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\m0ryuj1n.default [2017-07-11]
FF Homepage: Mozilla\Firefox\Profiles\m0ryuj1n.default -> hxxps://www.google.com/webhp?hl=en&ictx=2&sa=X&ved=0ahUKEwja4PCCgPDUAhVEOCYKHV7yAR4QPQgD
FF Extension: (Fast search) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\m0ryuj1n.default\Extensions\amcontextmenu@loucypher [2017-07-10]
FF Extension: (Firefox Search Test) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\m0ryuj1n.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-03]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon [2017-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2814850551-2797825924-249666552-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Grant\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
StartMenuInternet: Firefox-BACC37DBECC71A0 - D:\Programs\FireFox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Google Slides) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-07]
CHR Extension: (Google Docs) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-07]
CHR Extension: (Google Drive) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-07]
CHR Extension: (YouTube) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-07]
CHR Extension: (Adblock Plus) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-07]
CHR Extension: (Google Sheets) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-07]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-07-07]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-07-07]
CHR Extension: (Google Hangouts) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-07-07]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-07]
CHR Extension: (DISH Anywhere Chrome Video Player) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiogfjcmcooikkpemeppajhnmpeekgf [2017-07-07]
CHR Extension: (Gmail) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-07]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-07-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-07-10]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"drmkpro64" => service could not be unlocked. <==== ATTENTION
R2 !SASCORE; D:\Programs\Spyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 acCAMService; D:\Programs\CAM\Service\CAMService.exe [30320 2017-06-27] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 cbVSCService11; D:\Programs\Cobian Backup\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.9.1.12\NS.exe [326160 2017-03-16] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-07] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R2 Wallpaper Engine Service; D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-07-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S2 DATAUP; C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\BASHDefs\20170111.001\BHDrvx64.sys [1874136 2017-03-16] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-03-16] (Symantec Corporation)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2017-07-10] (CPUID)
R3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2017-04-25] (Duet, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\IPSDefs\20170204.021\IDSVia64.sys [1038024 2017-03-16] (Symantec Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-11] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 SaiH0763; C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [178304 2008-02-15] (Saitek)
R1 SASDIFSV; D:\Programs\Spyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Programs\Spyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-03-16] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1609010.00C\SymELAM.sys [24616 2017-03-16] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-07-10] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-03-16] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-03-16] (Symantec Corporation)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Programs\CAM\CAM_V3.sys [14544 2017-07-10] (OpenLibSys.org)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-11] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 14:19 - 2017-07-11 14:20 - 00025276 _____ C:\Users\Grant\Downloads\FRST.txt
2017-07-11 14:19 - 2017-07-11 14:19 - 02437120 _____ (Farbar) C:\Users\Grant\Downloads\FRST64.exe
2017-07-11 14:19 - 2017-07-11 14:19 - 00000000 ____D C:\FRST
2017-07-11 14:18 - 2017-07-11 14:18 - 01782784 _____ (Farbar) C:\Users\Grant\Downloads\FRST.exe
2017-07-11 14:12 - 2017-07-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-11 14:10 - 2017-07-11 14:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Grant\Downloads\cbSetup.exe
2017-07-11 13:58 - 2017-07-11 13:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-07-11 13:58 - 2017-07-11 13:58 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-11 13:50 - 2017-07-11 13:50 - 00001303 _____ C:\Users\Grant\Desktop\malwarebytes.txt
2017-07-11 13:44 - 2017-07-11 13:45 - 00001141 _____ C:\Users\Grant\Desktop\JRT.txt
2017-07-11 13:38 - 2017-07-11 13:38 - 01663672 _____ (Malwarebytes) C:\Users\Grant\Downloads\JRT.exe
2017-07-11 13:36 - 2017-07-11 13:37 - 00000000 ____D C:\Users\Grant\AppData\Local\llssoft
2017-07-11 13:12 - 2017-07-11 13:12 - 15579280 _____ (Copyright 2017.) C:\Users\Grant\Desktop\Zemana.AntiMalware.Portable (1).exe
2017-07-11 13:11 - 2017-07-11 13:11 - 15579280 _____ (Copyright 2017.) C:\Users\Grant\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-07-11 13:11 - 2017-07-11 13:11 - 00002282 _____ C:\Users\Grant\Desktop\ADW Cleaner log.txt
2017-07-11 13:07 - 2017-07-11 14:19 - 01030928 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-11 13:07 - 2017-07-11 14:19 - 01022427 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-11 13:07 - 2017-07-11 13:07 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-11 13:07 - 2017-07-11 13:07 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-07-11 13:07 - 2017-07-11 13:07 - 00000000 ____D C:\Users\Grant\AppData\Local\Zemana
2017-07-11 13:06 - 2017-07-11 13:06 - 15579280 _____ (Copyright 2017.) C:\Users\Grant\Downloads\Zemana.AntiMalware.Portable.exe
2017-07-11 13:05 - 2017-07-11 13:09 - 00000000 ____D C:\AdwCleaner
2017-07-11 13:05 - 2017-07-11 13:05 - 04110280 _____ C:\Users\Grant\Downloads\AdwCleaner.exe
2017-07-11 12:54 - 2017-07-11 12:54 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-11 12:53 - 2017-07-11 12:53 - 00000868 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-11 12:53 - 2017-07-11 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-11 12:53 - 2017-07-11 12:53 - 00000000 ____D C:\Program Files\CCleaner
2017-07-11 12:47 - 2017-07-11 12:48 - 09747512 _____ (Piriform Ltd) C:\Users\Grant\Downloads\ccsetup532.exe
2017-07-11 09:56 - 2017-07-11 12:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-11 09:55 - 2017-07-11 09:55 - 00000000 ____D C:\WINDOWS\pss
2017-07-11 09:38 - 2017-07-11 09:49 - 00000486 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bc6d6151-acde-4abc-94f8-69819a201759.job
2017-07-11 09:38 - 2017-07-11 09:49 - 00000486 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2e77bb64-7722-4605-a628-6831e91bb9c5.job
2017-07-11 09:38 - 2017-07-11 09:39 - 24344680 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Grant\Downloads\SASDEFINITIONS (2).EXE
2017-07-11 09:38 - 2017-07-11 09:38 - 24344680 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Grant\Downloads\SASDEFINITIONS.EXE
2017-07-11 09:38 - 2017-07-11 09:38 - 24344680 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Grant\Downloads\SASDEFINITIONS (1).EXE
2017-07-11 09:38 - 2017-07-11 09:38 - 00003730 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bc6d6151-acde-4abc-94f8-69819a201759
2017-07-11 09:38 - 2017-07-11 09:38 - 00003648 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 2e77bb64-7722-4605-a628-6831e91bb9c5
2017-07-11 09:38 - 2017-07-11 09:38 - 00000000 ____D C:\Users\Grant\AppData\Roaming\SUPERAntiSpyware.com
2017-07-11 09:36 - 2017-07-11 09:57 - 00000812 _____ C:\Users\Grant\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-07-11 09:36 - 2017-07-11 09:36 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-07-11 09:36 - 2017-07-11 09:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-07-11 09:35 - 2017-07-11 09:35 - 30303432 _____ (SUPERAntiSpyware) C:\Users\Grant\Downloads\SUPERAntiSpyware.exe
2017-07-11 09:35 - 2017-07-11 09:35 - 00050688 _____ (Atribune.org) C:\Users\Grant\Downloads\Unconfirmed 386958.crdownload
2017-07-11 09:28 - 2017-07-11 09:28 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Grant\Desktop\notrkill64.exe
2017-07-11 09:04 - 2017-07-11 09:04 - 00000834 _____ C:\Users\Grant\Desktop\hostss.txt
2017-07-10 20:40 - 2017-07-11 13:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-07-10 20:39 - 2017-07-10 20:39 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-07-10 20:39 - 2017-07-10 20:39 - 00008298 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-07-10 20:39 - 2017-07-10 20:39 - 00003374 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-07-10 20:39 - 2017-07-10 20:39 - 00002211 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-07-10 20:39 - 2017-07-10 20:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-07-10 20:38 - 2017-07-10 20:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-07-10 20:38 - 2017-07-10 20:38 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-07-10 20:38 - 2017-07-10 20:38 - 00000000 ____D C:\Program Files\Norton Security
2017-07-10 20:36 - 2017-07-10 20:36 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-07-10 20:36 - 2017-07-10 20:36 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-07-10 20:34 - 2017-07-10 20:40 - 00000000 ____D C:\ProgramData\Norton
2017-07-10 20:34 - 2017-07-10 20:34 - 01027368 _____ (Symantec Corporation) C:\Users\Grant\Downloads\NSDeluxeDownloader.exe
2017-07-10 20:34 - 2017-07-10 20:34 - 00001312 _____ C:\Users\Grant\Desktop\Norton Installation Files.lnk
2017-07-10 20:34 - 2017-07-10 20:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-07-10 20:33 - 2017-07-10 20:33 - 02984922 _____ C:\Users\Grant\Desktop\AvgInstallLog.cab
2017-07-10 20:29 - 2017-07-11 12:54 - 00004360 _____ C:\Users\Grant\Desktop\Rkill.txt
2017-07-10 20:29 - 2017-07-10 20:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Grant\Desktop\notrkill.exe
2017-07-10 20:24 - 2017-07-10 20:24 - 06705178 _____ C:\Users\Grant\Downloads\mbam-chameleon-3.1.33.0.zip
2017-07-10 20:24 - 2017-07-10 20:24 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-10 20:24 - 2017-07-10 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-10 20:24 - 2017-07-10 20:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-07-10 20:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-10 20:22 - 2017-07-10 20:22 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Grant\Downloads\AVG_Protection_Free_1606.exe
2017-07-10 20:20 - 2017-07-11 13:37 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-07-10 20:13 - 2017-07-11 13:36 - 00000000 ____D C:\Users\Grant\AppData\Local\ntuserlitelist
2017-07-10 20:13 - 2017-07-11 13:24 - 00000000 ____D C:\Users\Grant\AppData\Local\keluswol
2017-07-10 20:13 - 2017-07-10 20:13 - 00000000 ____D C:\Users\Grant\AppData\Local\dpbynzd
2017-07-10 14:38 - 2017-07-10 14:38 - 00003214 _____ C:\WINDOWS\System32\Tasks\CAM
2017-07-10 14:38 - 2017-07-10 14:38 - 00000000 ____D C:\Users\Grant\AppData\Local\IsolatedStorage
2017-07-10 12:32 - 2017-07-11 09:24 - 00000000 ____D C:\Users\Public\Documents\CAM
2017-07-10 12:32 - 2017-07-10 12:32 - 00000685 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM.lnk
2017-07-10 12:32 - 2017-07-10 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM
2017-07-09 15:11 - 2017-07-09 15:11 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1A6E4B99.sys
2017-07-07 12:39 - 2017-07-07 12:39 - 00001482 _____ C:\Users\Grant\apply.html
2017-07-07 11:03 - 2017-07-07 11:03 - 00000727 _____ C:\Users\Grant\Documents\old nav.txt
2017-07-07 09:25 - 2017-07-07 09:56 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-07-07 09:21 - 2017-07-07 10:34 - 00000000 ____D C:\Users\Grant\AppData\Local\Google
2017-07-07 09:21 - 2017-07-07 09:21 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-07 09:21 - 2017-07-07 09:21 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-07 09:21 - 2017-07-07 09:21 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-07 09:21 - 2017-07-07 09:21 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-07 09:15 - 2017-07-07 09:15 - 00000000 ____D C:\Users\Grant\AppData\Roaming\NuGet
2017-07-07 09:13 - 2017-07-07 09:13 - 00002754 _____ C:\Users\Grant\coffeelint.json
2017-07-07 09:13 - 2017-07-07 09:13 - 00001803 _____ C:\Users\Grant\tslint.json
2017-07-07 09:13 - 2017-07-07 09:13 - 00001506 _____ C:\Users\Grant\.eslintrc
2017-07-07 09:13 - 2017-07-07 09:13 - 00001002 _____ C:\Users\Grant\.csslintrc
2017-07-07 09:13 - 2017-07-07 09:13 - 00000000 ____D C:\Users\Grant\Documents\Visual Studio 2013
2017-07-07 09:13 - 2017-07-07 09:13 - 00000000 ____D C:\Users\Grant\AppData\Roaming\npm-cache
2017-07-07 09:09 - 2017-07-07 09:11 - 00000000 ____D C:\Users\Grant\AppData\Local\.IdentityService
2017-07-07 09:08 - 2017-07-07 09:12 - 00000000 ____D C:\Users\Grant\Documents\Visual Studio 2017
2017-07-07 00:10 - 2017-07-07 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2017-07-07 00:10 - 2017-07-07 00:10 - 00000000 ____D C:\ProgramData\Git
2017-07-07 00:09 - 2017-07-07 00:10 - 00000000 ____D C:\Program Files\Git
2017-07-07 00:08 - 2017-07-07 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-07-07 00:08 - 2017-07-07 00:09 - 00000000 ____D C:\Program Files\Python36
2017-07-07 00:08 - 2017-07-07 00:08 - 00000000 ____D C:\Users\Grant\AppData\Local\Package Cache
2017-07-07 00:08 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2017-07-07 00:08 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\dftmp
2017-07-06 23:58 - 2017-07-06 23:58 - 00000000 ____D C:\Program Files\VS2012Schemas
2017-07-06 23:58 - 2017-07-06 23:58 - 00000000 ____D C:\Program Files\VS2010Schemas
2017-07-06 23:58 - 2017-07-06 23:58 - 00000000 ____D C:\Program Files\Microsoft SDKs
2017-07-06 23:57 - 2017-07-06 23:57 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-07-06 23:57 - 2017-07-06 23:57 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2017-07-06 23:48 - 2017-07-06 23:48 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2017-07-06 23:40 - 2017-07-06 23:40 - 00000000 ____D C:\Program Files\dotnet
2017-07-06 23:31 - 2017-07-06 23:58 - 00000000 ____D C:\Program Files\IIS Express
2017-07-06 23:31 - 2017-07-06 23:58 - 00000000 ____D C:\Program Files (x86)\IIS Express
2017-07-06 23:31 - 2017-07-06 23:31 - 00000000 ____D C:\Program Files\IIS
2017-07-06 23:31 - 2017-07-06 23:31 - 00000000 ____D C:\Program Files (x86)\IIS
2017-07-06 23:28 - 2017-07-06 23:28 - 00000000 ____D C:\Program Files (x86)\Entity Framework Tools
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\3082
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\2052
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1055
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1049
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1046
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1045
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1042
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1041
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1040
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1036
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1031
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1029
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1028
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\3082
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\2052
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1055
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1049
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1046
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1045
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1042
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1041
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1040
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1036
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1033
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1031
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1029
2017-07-06 23:21 - 2017-07-06 23:23 - 00000000 ____D C:\WINDOWS\system32\1028
2017-07-06 23:21 - 2017-07-06 23:21 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-07-06 23:21 - 2017-07-06 23:21 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-07-06 23:21 - 2017-07-06 23:21 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-07-06 23:08 - 2017-07-06 23:08 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-07-06 23:06 - 2017-07-06 23:06 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2017-07-06 23:06 - 2017-07-06 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-07-06 23:06 - 2017-07-06 23:06 - 00000000 ____D C:\Program Files\Application Verifier
2017-07-06 23:06 - 2017-07-06 23:06 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2017-07-06 22:09 - 2017-07-06 23:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-07-06 22:09 - 2017-07-06 23:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-07-06 22:09 - 2017-07-06 22:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-07-06 22:08 - 2017-07-06 23:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-07-06 21:25 - 2017-07-07 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-07-06 21:25 - 2017-07-06 23:06 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-07-06 21:25 - 2017-07-06 21:25 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-07-06 21:25 - 2017-07-06 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-06 21:08 - 2017-07-06 21:08 - 00000866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-07-06 21:03 - 2017-07-07 09:02 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Visual Studio Setup
2017-07-06 21:03 - 2017-07-06 23:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-06 21:03 - 2017-07-06 21:03 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-07-06 21:03 - 2017-07-06 21:03 - 00000000 ____D C:\Users\Grant\AppData\Roaming\vstelemetry
2017-07-06 21:03 - 2017-07-06 21:03 - 00000000 ____D C:\Users\Grant\AppData\Local\ServiceHub
2017-07-06 14:24 - 2017-07-06 14:24 - 00000000 ____D C:\Users\Grant\AppData\Local\AviraSpeedup
2017-07-06 10:36 - 2017-07-06 10:36 - 00000000 ____D C:\Users\Grant\AppData\Local\YouTubeDownloader
2017-07-06 10:36 - 2017-07-06 10:36 - 00000000 ____D C:\Users\Grant\AppData\Local\MediaHuman
2017-07-06 10:35 - 2017-07-06 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2017-07-06 09:47 - 2017-07-06 09:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Avira
2017-07-06 09:47 - 2017-07-06 09:47 - 00000000 ____D C:\Users\Grant\AppData\Local\Avira
2017-07-06 09:44 - 2017-07-06 09:44 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-06 09:36 - 2017-07-07 09:19 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-06 09:36 - 2017-07-06 21:47 - 00000000 ____D C:\ProgramData\Avira
2017-07-05 21:38 - 2017-07-05 21:38 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Sling Media
2017-07-05 21:38 - 2017-07-05 21:38 - 00000000 ____D C:\Users\Grant\AppData\LocalLow\DishAnywherePlayer
2017-07-05 21:32 - 2017-07-05 21:32 - 00000000 ____D C:\Users\Grant\AppData\Roaming\SlingMedia
2017-07-05 21:32 - 2017-07-05 21:32 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DISH Anywhere Video Player
2017-07-05 21:32 - 2017-07-05 21:32 - 00000000 ____D C:\Users\Grant\AppData\Roaming\DISH Anywhere
2017-07-05 21:32 - 2017-07-05 21:32 - 00000000 ____D C:\Users\Grant\AppData\LocalLow\DISH Anywhere
2017-07-05 21:32 - 2017-07-05 21:32 - 00000000 ____D C:\Program Files (x86)\DishAnywherePlayer
2017-07-04 09:52 - 2017-07-04 09:52 - 00000070 _____ C:\Users\Grant\Documents\older settings.txt
2017-07-03 19:31 - 2017-07-04 11:12 - 00000000 ____D C:\Users\Grant\AppData\LocalLow\Mozilla
2017-07-03 19:31 - 2017-07-03 19:36 - 00000000 ____D C:\Users\Grant\AppData\Local\Mozilla
2017-07-03 19:31 - 2017-07-03 19:31 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Mozilla
2017-07-03 19:31 - 2017-07-03 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-03 09:44 - 2017-07-03 09:44 - 00003006 _____ C:\Users\Grant\Documents\p3d experiment.txt
2017-07-01 22:05 - 2017-07-01 22:05 - 00000000 ____D C:\Users\Grant\AppData\Roaming\RAASPRO
2017-07-01 22:04 - 2017-07-01 22:04 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PMDG Operations Center.lnk
2017-06-28 17:47 - 2017-06-28 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft - Mega Airport London Heathrow Xtended - PREPAR3D V3.x
2017-06-28 17:42 - 2017-06-28 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft - Manchester X - PREPAR3D V3.x
2017-06-28 17:24 - 2017-06-28 17:24 - 00002247 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LatinVFR_Manual_KMIA_v3.lnk
2017-06-28 17:24 - 2017-06-28 17:24 - 00002163 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMIAdiagram.lnk
2017-06-28 17:24 - 2017-06-28 17:24 - 00001818 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMIA v3 Uninstaller program.lnk
2017-06-28 17:13 - 2017-06-28 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSDreamTeam
2017-06-28 16:09 - 2017-06-28 16:09 - 00000000 ____D C:\Program Files (x86)\Addon Manager
2017-06-28 15:24 - 2017-06-28 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimObject Display Engine
2017-06-28 15:24 - 2017-06-28 15:24 - 00000000 ____D C:\Program Files (x86)\12bPilot
2017-06-28 15:15 - 2017-06-28 15:15 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Hifi
2017-06-28 15:14 - 2017-06-28 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi
2017-06-28 15:04 - 2017-06-28 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX 4
2017-06-28 10:34 - 2017-06-28 10:36 - 00000000 ____D C:\Users\Grant\Documents\Prepar3D v4 Add-ons
2017-06-27 19:29 - 2017-06-27 19:29 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Legend of Pirates Online
2017-06-27 13:48 - 2017-06-27 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-26 07:32 - 2017-06-26 07:32 - 00000000 ____D C:\Users\Grant\AppData\Local\ElevatedDiagnostics
2017-06-26 05:27 - 2017-06-26 05:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 05:27 - 2017-06-26 05:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-25 21:02 - 2017-06-21 02:07 - 00179320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-25 21:02 - 2017-06-21 02:07 - 00146552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-25 09:09 - 2017-06-25 09:09 - 00001257 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-06-24 20:02 - 2017-07-11 13:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 20:02 - 2017-07-10 20:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-24 20:02 - 2017-07-07 09:19 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-24 20:02 - 2017-07-05 23:51 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-24 20:02 - 2017-06-24 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-24 20:02 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-24 20:02 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-24 17:37 - 2017-07-10 20:33 - 00000000 ____D C:\Users\Grant\AppData\Local\AvgSetupLog
2017-06-24 17:37 - 2017-07-10 20:33 - 00000000 ____D C:\ProgramData\Avg
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\Grant\AppData\Local\Avg
2017-06-14 18:11 - 2017-06-14 18:11 - 00000000 ____D C:\Users\Grant\Documents\Flight Simulator X Files
2017-06-14 18:09 - 2017-06-14 18:09 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-06-14 08:44 - 2017-06-14 08:44 - 00000203 _____ C:\Users\Grant\FSDreamTeam_Hawaiian Airports Volume 2.reg
2017-06-14 08:44 - 2017-06-14 08:44 - 00000203 _____ C:\Users\Grant\FSDreamTeam_Hawaiian Airports Volume 1.reg
2017-06-13 08:04 - 2017-06-13 08:04 - 00000000 ____D C:\Users\Grant\AppData\Local\Discord
2017-06-12 09:55 - 2017-06-07 18:38 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-12 09:54 - 2017-06-12 09:54 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-12 09:54 - 2017-03-10 16:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-12 09:54 - 2017-03-10 16:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-12 09:54 - 2017-03-10 16:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-12 09:54 - 2017-03-10 16:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-12 09:52 - 2017-06-07 20:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 01278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00993360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-06-12 09:52 - 2017-06-07 20:45 - 00045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-06-12 09:47 - 2017-06-25 21:02 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-11 20:30 - 2017-06-11 20:30 - 00000046 _____ C:\Users\Grant\Documents\memz.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-11 13:54 - 2017-03-28 19:19 - 00000000 ____D C:\Users\Grant\AppData\Local\CrashDumps
2017-07-11 13:43 - 2017-03-26 17:27 - 01671570 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-11 13:39 - 2017-03-26 17:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-11 13:37 - 2017-04-12 20:10 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Slack
2017-07-11 13:37 - 2017-03-29 18:13 - 00000000 ___RD C:\Users\Grant\Creative Cloud Files
2017-07-11 13:37 - 2017-03-29 18:07 - 00000000 ____D C:\Users\Grant\AppData\Local\Adobe
2017-07-11 13:37 - 2017-03-27 16:44 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Spotify
2017-07-11 13:37 - 2017-03-26 17:42 - 00000000 ____D C:\Users\Grant
2017-07-11 13:36 - 2017-03-26 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-11 13:36 - 2016-07-16 01:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-07-11 13:25 - 2017-03-27 16:44 - 00000000 ____D C:\Users\Grant\AppData\Local\Spotify
2017-07-11 12:58 - 2017-04-18 18:40 - 00000000 ____D C:\Users\Grant\AppData\Roaming\FileZilla
2017-07-11 12:57 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-11 12:50 - 2017-06-08 18:28 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3EA9FEBE-A1FC-4E2C-BCFB-093E3F49ABC6}
2017-07-11 12:42 - 2017-03-26 17:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-11 09:27 - 2017-05-14 20:24 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Twitch
2017-07-11 09:24 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-07-10 20:39 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-10 20:05 - 2017-05-30 20:55 - 00000000 ____D C:\Users\Grant\AppData\Local\Battle.net
2017-07-10 19:35 - 2017-05-30 20:55 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-07-10 12:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-07-10 12:13 - 2017-03-27 16:43 - 00000000 ____D C:\Users\Grant\AppData\Local\Ubisoft Game Launcher
2017-07-10 11:32 - 2017-03-27 18:07 - 00000000 ____D C:\Users\Grant\Documents\Prepar3D v3 Add-ons
2017-07-09 21:01 - 2017-03-29 18:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-07-09 17:14 - 2017-03-27 17:38 - 00000000 ____D C:\Users\Grant\AppData\Roaming\OBS
2017-07-07 12:39 - 2017-04-18 18:40 - 00000000 ____D C:\Users\Grant\AppData\Local\FileZilla
2017-07-07 11:14 - 2017-03-27 18:07 - 00000000 ____D C:\Users\Grant\Documents\Prepar3D v3 Files
2017-07-07 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-07 09:19 - 2017-03-26 17:40 - 05024184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-07 06:09 - 2017-03-28 16:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-07 00:08 - 2017-03-27 16:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-06 23:31 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-06 23:23 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-06 21:24 - 2017-03-27 17:56 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-07-06 11:59 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-04 13:50 - 2017-03-28 17:03 - 00000000 ____D C:\ProgramData\Virtuali
2017-07-04 13:50 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Grant\Documents\P3D Addons
2017-07-02 20:09 - 2017-04-12 17:39 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-07-02 17:42 - 2017-03-27 15:54 - 00000000 ____D C:\Flightsim
2017-07-01 22:09 - 2017-03-30 17:57 - 00000000 ____D C:\Users\Public\Documents\PFPX Data
2017-07-01 22:04 - 2017-03-28 18:51 - 00000000 ____D C:\Program Files (x86)\PMDG Operations Center
2017-06-30 18:49 - 2017-04-22 10:13 - 00000000 ____D C:\Users\Grant\AppData\Local\Arma 3 Launcher
2017-06-30 18:20 - 2017-04-22 10:15 - 00000000 ____D C:\Users\Grant\AppData\Local\Arma 3
2017-06-29 21:03 - 2017-03-28 17:07 - 00000000 ____D C:\Users\Grant\AppData\Local\NVIDIA Corporation
2017-06-29 09:29 - 2017-06-09 18:54 - 00000795 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph Charts Desktop.lnk
2017-06-28 20:30 - 2017-04-08 12:33 - 00000000 ____D C:\Users\Grant\AppData\Roaming\TS3Client
2017-06-28 17:50 - 2017-03-28 18:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-28 17:39 - 2017-04-14 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket
2017-06-28 17:24 - 2017-05-06 15:29 - 00002148 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LVFR KMIA v3.lnk
2017-06-28 16:09 - 2017-03-28 17:03 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Virtuali
2017-06-28 10:45 - 2017-04-11 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
2017-06-28 10:40 - 2017-04-16 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Majestic Software
2017-06-28 10:32 - 2017-05-26 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A2A Simulations
2017-06-27 17:45 - 2017-03-29 18:08 - 00000000 ____D C:\ProgramData\Adobe
2017-06-27 17:45 - 2017-03-29 18:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-27 13:48 - 2017-05-27 20:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-26 15:01 - 2017-05-11 17:09 - 00000015 _____ C:\Users\Grant\AppData\Local\X-Plane_drm_11.prf
2017-06-25 21:02 - 2017-03-28 17:07 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-28 17:07 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-25 21:02 - 2017-03-26 17:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-25 21:02 - 2017-03-26 17:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-25 21:02 - 2017-03-26 17:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-25 16:55 - 2017-05-24 19:40 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-06-25 16:54 - 2017-05-24 19:39 - 00000000 ____D C:\Program Files\Rockstar Games
2017-06-25 16:10 - 2017-05-14 20:35 - 00000000 ____D C:\Users\Grant\AppData\Roaming\.minecraft
2017-06-25 05:53 - 2017-03-26 17:24 - 00002368 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-25 05:53 - 2017-03-26 17:24 - 00000000 ___RD C:\Users\Grant\OneDrive
2017-06-21 02:07 - 2017-03-28 17:07 - 01903224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-06-21 02:07 - 2017-03-28 17:07 - 01755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-06-21 02:07 - 2017-03-28 17:07 - 01489528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-06-21 02:07 - 2017-03-28 17:07 - 01317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-06-21 02:07 - 2017-03-28 17:07 - 00121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-06-21 02:07 - 2017-03-28 17:07 - 00057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-21 02:07 - 2017-03-28 17:07 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-06-20 15:58 - 2017-03-28 17:07 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-17 10:21 - 2017-03-26 17:24 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Skype
2017-06-14 18:16 - 2017-03-28 18:52 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-06-14 15:29 - 2017-05-27 20:34 - 00000000 ____D C:\Users\Grant\AppData\Local\Dropbox
2017-06-14 09:52 - 2017-03-28 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph FMS Data Manager
2017-06-13 15:58 - 2017-04-12 20:10 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-06-13 15:58 - 2017-04-12 20:10 - 00000000 ____D C:\Users\Grant\AppData\Local\slack
2017-06-13 15:58 - 2017-03-27 16:41 - 00000000 ____D C:\Users\Grant\AppData\Local\SquirrelTemp
2017-06-13 08:05 - 2017-05-05 17:06 - 00000000 ____D C:\Users\Grant\AppData\Roaming\BetterDiscord
2017-06-13 08:04 - 2017-03-27 16:41 - 00000000 ____D C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-12 21:37 - 2017-05-11 17:41 - 00000000 ____D C:\ProgramData\TEMP
2017-06-12 09:55 - 2017-03-26 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
==================== Files in the root of some directories =======
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Grant\AppData\Local\report
2017-05-03 20:37 - 2017-06-08 19:22 - 0007602 _____ () C:\Users\Grant\AppData\Local\Resmon.ResmonCfg
2017-05-11 17:09 - 2017-05-30 21:59 - 0000037 _____ () C:\Users\Grant\AppData\Local\X-Plane Installer.prf
2017-05-11 17:09 - 2017-06-26 15:01 - 0000015 _____ () C:\Users\Grant\AppData\Local\X-Plane_drm_11.prf
2017-05-11 17:05 - 2017-05-11 17:05 - 0000030 _____ () C:\Users\Grant\AppData\Local\x-plane_install_11.txt
2017-03-26 17:41 - 2017-03-26 17:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-15 20:58 - 2017-04-22 07:27 - 0019535 _____ () C:\ProgramData\empty.ico
Files to move or delete:
====================
C:\Users\Grant\FlightBeam_Denver International - HD.reg
C:\Users\Grant\FlightBeam_Phoenix Sky Harbor - HD.reg
C:\Users\Grant\FlightBeam_San Francisco Intl HD.reg
C:\Users\Grant\FlightBeam_Washington Dulles Intl - HD.reg
C:\Users\Grant\FSDreamTeam_Dallas-Fort Worth.reg
C:\Users\Grant\FSDreamTeam_GSX.reg
C:\Users\Grant\FSDreamTeam_Hawaiian Airports Volume 1.reg
C:\Users\Grant\FSDreamTeam_Hawaiian Airports Volume 2.reg
C:\Users\Grant\FSDreamTeam_JFK V2.reg
C:\Users\Grant\FSDreamTeam_KIAH.reg
C:\Users\Grant\FSDreamTeam_Los Angeles V2.reg
C:\Users\Grant\QualityWings_Ultimate 757 Collection.reg
 
Some files in TEMP:
====================
2017-07-10 20:13 - 2017-07-10 20:13 - 0469327 _____ (                                                            ) C:\Users\Grant\AppData\Local\Temp\avboost.exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2531740 _____ (Microsoft) C:\Users\Grant\AppData\Local\Temp\setup (1).exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2211328 _____ () C:\Users\Grant\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-04 17:51
==================== End of FRST.txt ============================
 
And here is my Addition.txt:
 
****
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Grant (11-07-2017 14:21:01)
Running from C:\Users\Grant\Downloads
Windows 10 Home Version 1607 (X64) (2017-03-26 22:46:29)
Boot Mode: Normal
==========================================================
 
==================== Accounts: =============================
Administrator (S-1-5-21-2814850551-2797825924-249666552-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2814850551-2797825924-249666552-503 - Limited - Disabled)
Grant (S-1-5-21-2814850551-2797825924-249666552-1001 - Administrator - Enabled) => C:\Users\Grant
Guest (S-1-5-21-2814850551-2797825924-249666552-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.NET Core SDK 1.0.4 (x64) (HKLM\...\{11ACCE3C-C179-472C-A8CA-0F467702B2DA}) (Version: 4.1.5012 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.4 (x64) (HKLM-x32\...\{c56e80af-58a4-490b-a1cd-5718290133b9}) (Version: 1.0.4 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Sky Next for P3D SP5 (HKLM-x32\...\{67230DFC-F135-4F7F-B489-5860FD0EE162}_is1) (Version: 1.0.6255.21926 - HiFi Technologies, Inc.)
Addon Manager (HKLM-x32\...\{18CDDB93-8413-4F52-91A3-9DD5C989E11C}) (Version: 1.0.5.0 - TFDi Design)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus A318-A319 - PREPAR3D V3.x (HKLM-x32\...\Airbus A318-A319 - PREPAR3D V3.x) (Version: 1.31 - Aerosoft)
Aerosoft's - Airbus A320-A321 - PREPAR3D V3.x (HKLM-x32\...\Airbus A320-A321 - PREPAR3D V3.x) (Version: 1.31 - Aerosoft)
Aerosoft's - Manchester X - PREPAR3D V3.x (HKLM-x32\...\Manchester X - PREPAR3D V3.x) (Version: 1.01 - Aerosoft)
Aerosoft's - Mega Airport London Heathrow Xtended - PREPAR3D V3.x (HKLM-x32\...\Mega Airport London Heathrow Xtended - PREPAR3D V3.x) (Version: 1.01 - Aerosoft)
Aerosoft's - Mega Airport London Heathrow Xtended Jetway patch - P3D - PREPAR3D V3.x (HKLM-x32\...\{B8F009E7-20FC-403F-9048-37EC1D7D3A20}) (Version: 1.00 - Aerosoft)
aerosoft's - Professional Flight Planner X (HKLM-x32\...\{1A5D2729-4A3B-4CD5-85C8-4896FD44B78D}) (Version: 1.28 - aerosoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{01C2C51F-B0CF-BB5E-A010-E927D44F7720}) (Version: 10.1.15063.137 - Microsoft) Hidden
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM\...\Steam App 219540) (Version:  - )
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASConnect for P3D (HKLM-x32\...\{70C18CD2-D9F3-478D-994C-DCE39C84E19E}_is1) (Version: 1.0.0.34 - HiFi Technologies, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brackets (HKLM-x32\...\{B2F571A7-E9D3-4030-B167-57373D2D61D7}) (Version: 1.9 - brackets.io)
Calgary International Airport CYYC v1.1 (HKLM-x32\...\{3BFE39C5-94DA-43F2-BB35-D390D7122BF7}) (Version: 1.0.0 - FSimStudios) Hidden
Calgary International Airport CYYC v1.1 (HKLM-x32\...\Calgary International Airport CYYC v1.1 1.0.0) (Version: 1.0.0 - FSimStudios)
CAM (HKLM-x32\...\{E50A708E-18E0-437A-9CCF-D6C6061ECCA0}) (Version: 3.3.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DCS World (HKLM\...\Steam App 223750) (Version:  - Eagle Dynamics)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DISH Anywhere Player Installer (HKLM-x32\...\{50A5B498-1F0C-429E-9C6C-7486A9CB17C0}) (Version: 1.1.6.424 - Sling Media) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere)
DishAnywherePlayer (HKLM-x32\...\{39209df2-06e7-4ccc-a0ad-ec43c210bbc5}) (Version: 1.1.6.424 - Sling Media)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
FileZilla Client 3.25.2 (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse)
FlightBeam Denver version 1.3.0 (HKLM-x32\...\FlightBeam Denver_is1) (Version: 1.3.0 - FlightBeam.)
FlightBeam Phoenix Sky Harbor version 1.4.0 (HKLM-x32\...\FlightBeam Phoenix Sky Harbor_is1) (Version: 1.4.0 - FlightBeam)
FlightBeam San Francisco HD version 4.0 (HKLM-x32\...\FlightBeam San Francisco HD_is1) (Version: 4.0 - FlightBeam)
FlightBeam Washington Dulles version 1.4.0 (HKLM-x32\...\FlightBeam Washington Dulles_is1) (Version: 1.4.0 - FlightBeam.)
FSDreamTeam Dallas/Fort Worth International version 2.3.1 (HKLM-x32\...\FSDreamTeam Dallas/Fort Worth International_is1) (Version: 2.3.1 - VIRTUALI Sagl)
FSDreamTeam GSX version 2.0.0.2 (HKLM-x32\...\FSDreamTeam GSX_is1) (Version: 2.0.0.2 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 1 version 2.0.0 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 1_is1) (Version: 2.0.0 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 2 version 2.0.0 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2_is1) (Version: 2.0.0 - VIRTUALI Sagl)
FSDreamTeam Houston Intercontinental Airport version 2.0.1 (HKLM-x32\...\FSDreamTeam Houston Intercontinental Airport_is1) (Version: 2.0.1 - VIRTUALI Sagl)
FSDreamTeam KJFK V2 version 2.4.5 (HKLM-x32\...\FSDreamTeam KJFK V2_is1) (Version: 2.4.5 - VIRTUALI Sagl)
FSDreamTeam Las Vegas McCarran version 2.0.1 (HKLM-x32\...\FSDreamTeam Las Vegas McCarran_is1) (Version: 2.0.1 - VIRTUALI Sagl)
FSDreamTeam Los Angeles International version 1.6.7 (HKLM-x32\...\FSDreamTeam Los Angeles International_is1) (Version: 1.6.7 - VIRTUALI Sagl)
FSDreamTeam OHareX version 2.5.0.2 (HKLM-x32\...\FSDreamTeam OHareX_is1) (Version: 2.5.0.2 - VIRTUALI Sagl)
FSDreamTeam Vancouver International version 1.5.5 (HKLM-x32\...\FSDreamTeam Vancouver International_is1) (Version: 1.5.5 - VIRTUALI Sagl)
FSimStudios Calgary YYC (HKLM-x32\...\FSIMSTUDIOS-YYC-B6FD3CCC-EE5E-4B8C-887E-8AC1AE380F52_is1) (Version: 1.0.0.0 - SimMarket)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
IvAp v2.0.2 (build 2773) (HKLM-x32\...\IvAp-v2_is1) (Version:  - IVAO)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
KSEA-T2G (HKLM-x32\...\KSEA_T2G_FSX_is1) (Version: 1.0.0.0 - SimMarket)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaHuman YouTube Downloader version 3.9.8.13 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.8.13 - )
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Firefox 54.0.1 (x86 en-US) (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Navigraph Charts Desktop 6.0.0.0619 (HKLM-x32\...\{A2CFEB97-9771-4B47-9BDF-EC91D5351652}}_is1) (Version: 6.0.0.0619 - Navigraph)
Navigraph FMS Data Manager 1.7.0.0531 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.7.0.0531 - Navigraph)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.1.12 - Symantec Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\OpenIV) (Version: 2.9.906 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PMDG 737 8900 NGX Base Package P3D (HKLM-x32\...\{0EA92925-36E7-40CB-A714-118AB046099B}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 747-400 QOTSII Base Package P3D (HKLM-x32\...\{B8BBEEDC-2F4A-47BD-99C1-95B01E22FEFF}) (Version: 3.00.8334 - PMDG Simulations, LLC.)
PMDG 777-200LRF Base Package P3D (HKLM-x32\...\{C1CB0E26-CE1A-4789-8EEA-919C4CD491C1}) (Version: 1.10.7025 - PMDG Simulations, LLC.)
Prepar3D v3 Academic (HKLM-x32\...\{7a078c14-0169-4c38-9659-6caf49dcc20d}) (Version: 3.4.22.19868 - Lockheed Martin)
Prepar3D v3 Academic Client (HKLM-x32\...\{213CD124-D688-436D-9BD8-FFB56DC830BE}) (Version: 3.4.22.19868 - Lockheed Martin)
Prepar3D v3 Content (HKLM-x32\...\{CE8E65FC-9BE3-438A-8449-BCD5E8ACC6BE}) (Version: 3.4.22.19868 - Lockheed Martin)
Prepar3D v3 Scenery (HKLM-x32\...\{3F2CF900-1437-4F93-9ABF-07B8B80E37DA}) (Version: 3.4.22.19868 - Lockheed Martin)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 3.6.0 (64-bit) (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\{37a4e38b-baf7-4500-97f1-0f7c51d9a395}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (64-bit symbols) (HKLM\...\{DFAA81ED-540F-47B5-9113-814CC427CFD8}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Core Interpreter (64-bit) (HKLM\...\{1944B5D6-0FFB-47C0-BFEC-5C7A2F013FA7}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (64-bit) (HKLM\...\{A6A3184B-748E-46F4-9E28-6B5889506170}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (64-bit) (HKLM\...\{5D83032F-36B5-42E4-A114-D310119C6F51}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit symbols) (HKLM\...\{4A928E09-6798-46AB-A4F7-1B52CD164B3B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit) (HKLM\...\{C0016766-8F63-4992-9E6F-ECFB2CB12BA6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (64-bit) (HKLM\...\{F9C1C892-4908-41F4-900C-7B0DAAF2387B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit symbols) (HKLM\...\{90676013-5216-48EE-AC8D-07AC0C16DA50}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit) (HKLM\...\{F3CB2257-C4C7-4C84-AF63-BADCED1E3273}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit symbols) (HKLM\...\{96C2F083-44B8-4388-B2A5-F48B75A25188}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit) (HKLM\...\{E24AA157-AD52-42ED-B484-CA5979D4A728}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit symbols) (HKLM\...\{CFF9C3A7-86C3-410B-9DD1-F1617767D2D6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit) (HKLM\...\{631C7E77-5832-40D1-9D6D-7B3766D79BDF}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (64-bit) (HKLM\...\{FE905DA4-0F23-4F99-9284-50BB4913CEB4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
REX 4 Texture Direct (with Soft Clouds) (HKLM-x32\...\{DFDA8491-8B63-42EA-8228-A1BC0DC899CC}) (Version: 4.8.2016.0622 - REX Game Studios, LLC.)
ROBLOX Player for Grant (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Grant (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
SimObject Display Engine (HKLM-x32\...\{CF01DDCE-487C-40D1-A798-BE842515661D}) (Version: 1.5.3 - 12bPilot)
Simstall (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Simstall) (Version: 2.1.1 - Simstall)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\slack) (Version: 2.6.3 - Slack Technologies)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
StartIsBack++ (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\StartIsBack) (Version: 2.0.1 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\TeamSpeak 3 Client) (Version: 3.1.3 - TeamSpeak Systems GmbH)
The Legend of Pirates Online (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\The Legend of Pirates Online) (Version: 1.2.1 - The TLOPO Team)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VAInterface (HKLM-x32\...\{6B506C78-A794-45BF-B008-141FEC49034F}) (Version: 2.22.1.11622 - Virtual Avionics)
VAT-Spy (HKLM-x32\...\VATSpy) (Version:  - )
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VFXCentral version 1.0.0.92 (HKLM-x32\...\VFXCentral_is1) (Version: 1.0.0.92 - OldProp Solutions Inc.)
Virtual United ACARS (HKLM-x32\...\{FC7D5865-3071-496C-94AB-FAC6661BEF81}) (Version: 4.0.1.0 - Virutal United Airlines)
vPilot (HKU\S-1-5-21-2814850551-2797825924-249666552-1001\...\vPilot) (Version: 2.1.3 - Ross Carlson)
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{9E1EF6F7-ED70-4BD8-A1AE-83C5DEF0DA91}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{5E8B6B34-D844-495C-8B27-30792E229B0A}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{16B4F36F-A159-47FC-A775-01EA3277B1C8}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{D299FB42-B9AC-418F-8661-DF380FE7FA7F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{E65A4D75-0E23-482C-BE68-007C40AE54FB}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{0E9BAB78-709F-43A2-A6B3-447D318FDEF5}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{8A4C52AC-02E4-430F-AC1C-AC208F6BCFD6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{01186500-C2AD-44D1-BDEE-BE7F6DCE9E25}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{03888DC4-ED57-4E6D-9397-1912885CE14B}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{357D0CD4-8B72-8D65-7015-81DFB2BF9150}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E2F78B92-04DE-5350-14C0-7C281BF87D9E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{81A0EC8C-9462-BC98-0E5C-301DD7A46792}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D089A695-49F0-D3B2-0EBF-2BBC33A05CD6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5523FD52AC95}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{865e5e76-ad83-4dca-a109-50dc2113ce9b}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{99E2B362-3E4E-4255-9B29-41A7F40777BA}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{99E2B362-3E4E-4255-9B29-41A7F40777BB}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{c71c41f1-ddad-42dc-a8fc-f5bfc61df958}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\Grant\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Programs\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.1.12\NavShExt.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.1.12\NavShExt.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-07] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.1.12\NavShExt.dll [2017-03-16] (Symantec Corporation)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E7740EE-D55C-46C8-BC25-89B695D71504} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
Task: {10EAB943-434C-4CAE-A769-4DF139040FE5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-06] (Microsoft Corporation)
Task: {21873464-72BE-4204-B1CA-AAF525610A56} - System32\Tasks\SUPERAntiSpyware Scheduled Task bc6d6151-acde-4abc-94f8-69819a201759 => D:\Programs\Spyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2A8EFBC8-3BF4-4580-B0E5-377DCC05ADDF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {2AB61CB7-6643-4255-8BB0-ADA459600514} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2e77bb64-7722-4605-a628-6831e91bb9c5 => D:\Programs\Spyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2EE03528-3C82-4B38-BE91-7A1BAD420042} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {3DF77A3F-7622-4B5A-9BEA-8E258B2006A3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {41DD3087-FAFE-4169-A986-28E40D7DE14B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {438911EC-3B57-4BD8-8283-165867E28B3D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {4559C71A-1F28-497F-970B-DF1380FC634A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {4AA3288E-A976-4F11-8CAF-FCB6BBA3D778} - System32\Tasks\CAM => D:\Programs\CAM\CAM_V3.exe [2017-06-27] ()
Task: {5D5F64D6-C2B1-4D23-9BD2-856B3EA3B207} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.1.12\WSCStub.exe [2017-03-16] (Symantec Corporation)
Task: {6096AB5A-2F8A-4915-877D-F58FD6971A37} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {621294CE-CEED-4ADE-8004-75E928FD7CF9} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {7A2D5791-C511-4618-8C40-4271EF6A8DE2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {8652137B-A3A0-4340-B18E-FB2002B91A16} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-03-16] (Symantec Corporation)
Task: {8C2CD52F-D9EC-4F82-845A-536CE2F7461F} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-03-16] (Symantec Corporation)
Task: {9FB3F046-A006-4389-A148-758614F5D643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {AB035AA2-9037-4D9F-9B11-0B43CAA84477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-07] (Google Inc.)
Task: {ADF79C5A-1B82-4A55-973B-F012149B3CD2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {AF781A34-21A7-4B60-8EA5-4FCE36028BE9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-27] (Dropbox, Inc.)
Task: {BD250364-FCF7-4EFA-81D6-BE63DF3D7386} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {BE17BC4B-96FA-4BB0-BEDB-88C9E36CA167} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {BF65D22D-B463-45A2-BAE8-27C9A73673CA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)
Task: {C51C5BCC-7AA9-4FC9-88B8-53B012EFE53F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {C5EF97C0-C4EB-4F75-AFAB-734F71B207A9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-27] (Dropbox, Inc.)
Task: {CD54AEFE-856F-4933-941C-79BA95EA8EA8} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-03-16] (Symantec Corporation)
Task: {E63B7807-D169-449F-8866-32AAAA4535C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {E957BA29-15CA-467E-9FA1-647E876DA1BA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {EEA79D4E-E70F-4B0A-9182-5B4535F714FA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {F1E8A93A-DD80-4CD0-B263-9CADE544FE48} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-03-16] (Symantec Corporation)
Task: {F64F25F9-5DA9-42E0-9CE9-AC6CD767A0B5} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-FE7BE0B-Grant => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {F9B7CCA2-6D4A-4CD5-93E8-829429BA8A8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2e77bb64-7722-4605-a628-6831e91bb9c5.job => D:\Programs\Spyware\SASTask.exeVD:\Programs\Spyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bc6d6151-acde-4abc-94f8-69819a201759.job => D:\Programs\Spyware\SASTask.exeVD:\Programs\Spyware\SUPERAntiSpyware.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
ShortcutWithArgument: C:\Users\Grant\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-12 04:28 - 2017-03-28 01:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-27 16:34 - 2017-06-27 16:34 - 00030320 _____ () D:\Programs\CAM\Service\CAMService.exe
2017-07-06 11:42 - 2017-07-06 10:19 - 00337408 _____ () D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-28 16:19 - 2017-07-06 11:58 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-04-30 06:19 - 2017-04-30 06:19 - 00052392 _____ () D:\Programs\FileZilla FTP Client\fzshellext_64.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-27 07:49 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-27 07:49 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 07:49 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 04:27 - 2017-03-28 00:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 04:27 - 2017-03-28 00:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 04:28 - 2017-03-28 00:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-27 07:50 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-27 07:49 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-28 17:07 - 2017-06-21 02:07 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-07-07 09:21 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-07 09:21 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-04-04 13:35 - 2017-04-04 13:36 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-04-04 13:35 - 2017-04-04 13:36 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-04-04 13:35 - 2017-04-04 13:36 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-04-04 13:35 - 2017-04-04 13:36 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-03-27 07:54 - 2017-03-27 07:54 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-04-04 13:35 - 2017-04-04 13:36 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-04-04 13:35 - 2017-04-04 13:36 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-16 09:34 - 2016-07-16 09:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-28 17:07 - 2017-06-21 02:07 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:00934A10 [133]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2017-07-11 09:04 - 00000834 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Grant\Desktop\32478751933_2fb8c1014b_o.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8D702E40-BF68-4B9D-82AA-8D40C9C15873}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C9B5EF21-66BD-465E-9D01-D72B443448FB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{9E25A9CE-209A-4CDC-BA9C-AD08CE999A64}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [UDP Query User{9243734C-FFFD-479A-A79F-5ED28972466D}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [TCP Query User{1D99D205-5BF5-4606-8DDA-4151FA370303}C:\users\grant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\grant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{91C7304E-A61F-4CD3-AC5F-725D1DD25EA8}C:\users\grant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\grant\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DF2D9CAC-522E-402A-989D-BD0F3875C8B2}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{3B938E57-C576-4ADD-9AFB-474660E64875}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{66EC4E74-46C1-47A9-99CF-A5FF640EF6A4}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grant\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{62AFC514-5D9A-4F3A-8AA8-12AA92AFC205}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grant\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3D076332-6E97-4E46-B598-87EC1EAF1988}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{9848D45C-BBFC-4D87-BA00-66B630306772}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{C3AE1E98-920B-4361-BDD1-668FFFDB8A6F}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4F8F0A6C-2BB7-4D0A-AEEB-5F7D0EB7CF39}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{0C3CE1E5-5001-4E80-B250-1C7C86512106}C:\flightsim\prepar3d\prepar3d.exe] => (Allow) C:\flightsim\prepar3d\prepar3d.exe
FirewallRules: [UDP Query User{52A64967-0E45-447A-83E6-786F760DC982}C:\flightsim\prepar3d\prepar3d.exe] => (Allow) C:\flightsim\prepar3d\prepar3d.exe
FirewallRules: [TCP Query User{7374C8B7-E9A4-4E4C-8387-C2F8FEB6C43D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2FA007F3-79DE-4C94-8EF9-88F2F0AE5868}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5F5F5FAE-9C3E-43CB-83AF-9D102175F091}D:\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{8C44DABA-6EB5-4A63-80A7-A196888C20E3}D:\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [TCP Query User{723ACBF6-9359-4C45-BB98-AD5D7253E8E2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C011481C-FB30-408E-B53C-EFD6823EFD80}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F9FACE65-A58D-4E48-B1BA-BC58A4101A5B}D:\programs\vpilot\vpilot.exe] => (Allow) D:\programs\vpilot\vpilot.exe
FirewallRules: [UDP Query User{F3E526E1-25C0-4544-8381-7DA2C6E97678}D:\programs\vpilot\vpilot.exe] => (Allow) D:\programs\vpilot\vpilot.exe
FirewallRules: [{36978373-5EA7-48CA-98E8-1CDB14AC76DF}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{18744A7E-BA90-4C40-A7E4-4475A31434B3}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{B30EEDBD-CE0E-4A71-BB5E-D75B06922AD8}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1117A93F-92CB-4F18-9DC7-4B4296520EDA}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{91F96DAC-71F3-4571-8053-6F1BEF5C1A77}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{E1644DF3-8778-47C8-962F-2B2BC01A639D}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{8C4E91DC-683A-453E-8937-CDBEAC2B4E55}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3F097053-0C42-4AA8-9C8B-301B6B1EB27D}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{3990E83E-D192-4BE7-8F30-B0D6C0FF464C}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [TCP Query User{79328A83-3588-48EA-B8EF-4965024F1DFD}D:\programs\overwatch\overwatch\overwatch.exe] => (Allow) D:\programs\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F5F27549-9B93-44EA-8AB1-C032D8308790}D:\programs\overwatch\overwatch\overwatch.exe] => (Allow) D:\programs\overwatch\overwatch\overwatch.exe
FirewallRules: [TCP Query User{CFD2B806-B1B6-4F11-B037-2EA9267BF15B}D:\programs\xp11\x-plane 11\x-plane.exe] => (Allow) D:\programs\xp11\x-plane 11\x-plane.exe
FirewallRules: [UDP Query User{B55E9B2F-B28B-4DBE-9BE6-DDFB609C8D87}D:\programs\xp11\x-plane 11\x-plane.exe] => (Allow) D:\programs\xp11\x-plane 11\x-plane.exe
FirewallRules: [TCP Query User{8EF2A191-A200-4182-808D-3354B4DA2E8F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{03923979-F27C-4CBF-A513-B70F8A615150}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F8BD2A3E-7591-47A1-83F1-8281D2653FB6}] => (Allow) D:\Steam\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{20B304FF-01CE-4625-9263-BA2331335A3C}] => (Allow) D:\Steam\steamapps\common\DCSWorld\Run.exe
FirewallRules: [TCP Query User{C4AC8A0B-CF18-4647-8787-B14D0EEFA769}D:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{64111056-2941-40E7-A11F-69FF06B4FC82}D:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{67086263-AE38-47BC-AC8E-2CE28F496899}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5CDA7D44-0EC7-4688-AE1D-0E4E4AAEF9F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0442C958-E5B8-49F7-B506-0B20E2480E02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BDAEC002-4C30-431E-AAB9-DE190B6F4103}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4576F8B2-4197-48D4-8F76-6297CFA091DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B215D870-5410-4252-A444-517D66BE5243}] => (Allow) D:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{0116B4D2-A86E-4432-9BDB-1E2B4EC98454}] => (Allow) D:\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{9C557A74-CCF9-426A-91B4-87A8A2D2D904}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9FCF6B4F-FAF3-467F-AFD6-CCEA25573679}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3D752185-687C-4B83-9853-A98F542A8051}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E4C55876-59D1-4863-99C2-0B6F322D7D60}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{64B5E8E6-9653-4C17-8B2E-DE5BC25DD7EB}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C6EAFB92-8C98-4E3B-990A-38ABAFF10921}] => (Allow) D:\Programs\FireFox\firefox.exe
FirewallRules: [{196F15EA-9009-407A-9AB1-995D306EE7AB}] => (Allow) D:\Programs\FireFox\firefox.exe
FirewallRules: [TCP Query User{4146EBB1-0918-410A-AFC3-34A4CC01807E}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [UDP Query User{1AC68A4B-A22B-45CB-B670-8D7334F57B02}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [{17E69C8A-7694-43D1-8E70-53B1D4D21E0E}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{8819F5CD-5C27-4F3D-9239-62945558E6CC}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{4C4B4A02-711F-4847-9258-05C9901A04BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ED4B6990-34FA-4C3B-996F-EE3AAE6E5ABD}] => (Allow) LPort=9143
FirewallRules: [{0B65ECEF-0775-46D6-8D47-6EEC26EB0B43}] => (Allow) LPort=2333
==================== Restore Points =========================
11-07-2017 13:39:23 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
 
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2017 02:17:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
Operation:
   Gathering Writer Data
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ed2ab307-42af-4b57-9282-e388c939c20b}
Error: (07/11/2017 02:13:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/11/2017 02:13:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Signing.wintrust.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/11/2017 01:54:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: edgehtml.dll, version: 11.0.14393.1066, time stamp: 0x58d9f67b
Exception code: 0xc000041d
Fault offset: 0x000000000034bac2
Faulting process id: 0x36e4
Faulting application start time: 0x01d2fa76098dfca9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: e7eaa5ab-3b98-461e-b977-79775f964daa
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (07/11/2017 01:54:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: edgehtml.dll, version: 11.0.14393.1066, time stamp: 0x58d9f67b
Exception code: 0xc0000005
Fault offset: 0x000000000034bac2
Faulting process id: 0x36e4
Faulting application start time: 0x01d2fa76098dfca9
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: 44b28ce3-a76f-43e3-890f-908e16dba15c
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (07/11/2017 01:39:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe CEF Helper.exe, version: 4.1.1.202, time stamp: 0x5934127c
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0xc0000005
Fault offset: 0x00be5cc7
Faulting process id: 0x327c
Faulting application start time: 0x01d2fa74bce35763
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
Report Id: e026ada1-f3cf-408e-9103-6bba090130b7
Faulting package full name:
Faulting package-relative application ID:
Error: (07/11/2017 01:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/11/2017 01:16:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.6.1.25, time stamp: 0x59119fbb
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1066, time stamp: 0x58d9ef32
Exception code: 0x80000003
Fault offset: 0x00000000000c6062
Faulting process id: 0x2840
Faulting application start time: 0x01d2fa71cad87cc1
Faulting application path: D:\Programs\iTunes\iTunes.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9bff0574-d8d4-4d98-85a5-655702c1072c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/11/2017 01:12:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FE7BE0B)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (07/11/2017 01:12:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FE7BE0B)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
System errors:
=============
Error: (07/11/2017 01:39:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
Error: (07/11/2017 01:39:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (07/11/2017 01:39:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/11/2017 01:38:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/11/2017 01:36:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DATAUP service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/11/2017 01:36:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/11/2017 01:36:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dataup Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (07/11/2017 01:33:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/11/2017 01:32:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/11/2017 01:30:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DATAUP service failed to start due to the following error:
The system cannot find the file specified.
 
CodeIntegrity:
===================================
  Date: 2017-07-11 13:46:48.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-11 13:46:42.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-11 13:46:38.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-07 09:20:43.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-07 09:20:36.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-07 09:18:11.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-07 09:16:36.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-03 19:00:06.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-03 19:00:02.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
  Date: 2017-06-10 08:53:56.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
==================== Memory info ===========================
Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16286.6 MB
Available physical RAM: 12683.61 MB
Total Virtual: 17310.6 MB
Available Virtual: 13217.15 MB
==================== Drives ================================
Drive c: (Alpha) (Fixed) (Total:223.02 GB) (Free:10.27 GB) NTFS
Drive d: (Bravo) (Fixed) (Total:931.51 GB) (Free:455.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C7798299)
Partition: GPT.
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 8A597272)
Partition: GPT.
==================== End of Addition.txt ============================
 
 
No program can detect what virus I have. I cannot get Malwarebytes (originally downloaded from website) to run, it just says cannot connect to server. I've tried AVG (virus wouldn't let install), Norton, SuperAntiSpyware, CCleaner, Malwarebytes Chameleon (? I can't remember the exact name) and Avirius Antivirus
 
 
The issue is I can't run certain programs, it won't connect. Programs like Malwarebytes and Discord cannot update, I get random popups (only for Chrome and Firefox though), causing a lot of issues with my PC.
 
Hopefully we can solve this soon! Thank you all for helping!
 


BC AdBot (Login to Remove)

 


#2 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 July 2017 - 02:49 PM

WOW.

 

I'm incredibly sorry, every time I tried posting, CloudFlare gave me an error saying it didn't go through.

 

Now it posted the SAME post 5 times, and I'm not quite sure how to delete them.

 

Terribly sorry, that was not intentional.

 

Mod Edit:  All dupes have been deleted, thanks for letting us know - Hamluis.


Edited by hamluis, 11 July 2017 - 03:05 PM.


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 11 July 2017 - 04:20 PM

Welcome ;)

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 July 2017 - 05:36 PM

Welcome ;)

 

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 

 

Thanks! I did find an infection, here are the logs.

 

 

mbar-log:

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
Database version:
  main:    v2017.07.11.08
  rootkit: v2017.05.27.01
Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
Grant :: DESKTOP-FE7BE0B [administrator]
7/11/2017 4:31:04 PM
mbar-log-2017-07-11 (16-31-04).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 400224
Time elapsed: 20 minute(s), 42 second(s)
Memory Processes Detected: 1
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> 14072 -> Delete on reboot. [46be88dd486181b5f1771f82c13f0bf5]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [20e499ccc1e83bfb962c78d74db4867a]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [f21200657c2de15518e9d14d34cda25e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [8e7630359019cc6af9494fce32cf5fa1]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [43c102636b3e7bbb3d74aa1e29d8d52b]
Registry Values Detected: 4
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\Grant\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [b153c2a33a6fbe783c8b5673996838c8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [46be88dd486181b5f1771f82c13f0bf5]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [f21200657c2de15518e9d14d34cda25e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe -> Delete on reboot. [43c102636b3e7bbb3d74aa1e29d8d52b]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 29
C:\Users\Grant\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\FDGJEHWU (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\eereader.com (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\egreader.com (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#eereader.com (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#egreader.com (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
Files Detected: 163
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\Grant\AppData\Local\Temp\setup.exe (Adware.SquareNet) -> Delete on reboot. [32d29ec78623270f17268f67a85944bc]
C:\Users\Grant\AppData\Local\Temp\avboost.exe (Adware.Tuto4PC) -> Delete on reboot. [7f85ec793c6db08640dac441ca38b749]
C:\Users\Grant\AppData\Local\Temp\Rar$EXa0.812\setup.exe (Adware.FileTour) -> Delete on reboot. [22e2323392172c0af3dfad55bb47649c]
C:\Users\Grant\AppData\Local\Temp\is-J17SA.tmp\booster.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [ff0521447b2eb28401bd4eb2ba48e719]
C:\Users\Grant\AppData\Local\dpbynzd\ulriyj (Adware.Yelloader) -> Delete on reboot. [e2224f160e9b171fa05e7e84976b8b75]
C:\Windows\Temp\dataup.zip (Trojan.Clicker) -> Delete on reboot. [22e2a1c47a2f24122760e03d20e18080]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [46be88dd486181b5f1771f82c13f0bf5]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Cookies (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_0 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_1 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_2 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_3 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000001 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000002 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000003 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000004 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000005 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000006 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000007 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000008 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000009 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000010 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000011 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000012 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000013 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000014 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000015 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000016 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000017 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000018 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000019 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000020 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000022 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000023 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000024 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000025 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000026 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000027 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000028 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000029 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000030 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000031 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000032 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000033 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000034 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000036 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000037 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000038 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000039 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000040 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000041 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000042 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000043 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000044 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000045 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000046 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000047 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000048 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000050 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000051 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000052 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000053 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000054 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000055 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000056 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000057 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000058 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000059 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005c (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005e (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005f (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000060 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000061 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000062 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000063 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000064 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000065 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000066 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000067 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000068 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000069 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00006a (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00006b (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\index (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\QuotaManager (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\QuotaManager-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000021 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000035 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000049 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005d (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases\Databases.db (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases\Databases.db-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\000003.log (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOCK (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOG (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\https_widgets.outbrain.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\https_widgets.outbrain.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_widgets.outbrain.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_widgets.outbrain.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_www.express.co.uk_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_www.express.co.uk_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [ce36e0858d1cb185ea7e218df10f9d63]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [976dd491b2f7350138112395ec1525db]
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

***********************************************************************************************

 

System-log.txt:

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.1066.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 4.014000 GHz
Memory total: 17077735424, free: 13153701888
Downloaded database version: v2017.07.11.08
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.07.07.01
Initializing...
=======================================
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/11/2017 16:30:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NSx64\1609010.00C\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\NSx64\1609010.00C\SRTSP64.SYS
\SystemRoot\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NSx64\1609010.00C\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\NSx64\1609010.00C\SYMNETS.SYS
\??\D:\Programs\Spyware\SASKUTIL64.SYS
\??\D:\Programs\Spyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\IPSDefs\20170204.021\IDSVia64.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\BASHDefs\20170111.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\duetbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\SaiH0763.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\usbaapl64.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\umpass.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
  main:    v2017.07.11.08
  rootkit: v2017.05.27.01
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffc48dc2d7a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc48dc2c95ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc48dc2d7a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffc48dc1920060, DeviceName: \Device\00000034\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffc48dc2d79060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc48dc2c93ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc48dc2d79060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffc48dc01ff330, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C7798299
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 936137866
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 41f51a42-bdda-44fd-878a-a46b57f77ab5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 936137866
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 41f51a42-bdda-44fd-878a-a46b57f77ab5
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f49ff13d-7694-4eb6-91b3-c236913391cc
    FirstLBA 2048  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8A597272
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3956119546
    GPT Header CurrentLba = 1 BackupLba 468862127
    GPT Header FirstUsableLba 34  LastUsableLba 468862094
    GPT Header Guid cb64f98b-eda4-4d99-84ff-e5b9a5e9db31
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3956119546
    Backup GPT header CurrentLba = 468862127 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468862094
    Backup GPT header Guid cb64f98b-eda4-4d99-84ff-e5b9a5e9db31
    Backup GPT header Contains 128 partition entries starting at LBA 468862095
    Backup GPT header Partition entry size = 128
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID fbb8610a-2fd6-46de-a94-c9a131a32247
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID b6d8811f-aacc-4275-8c76-a19ba71a91b
    FirstLBA 923648  Last LBA 1128447
    Attributes 0
    Partition Name                 EFI system partition
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b99bcf83-a42c-45bf-b49c-c3d24ccb597
    FirstLBA 1128448  Last LBA 1161215
    Attributes 0
    Partition Name         Microsoft reserved partition
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 68f11c1f-395c-4f92-bcd-4409a6dae83
    FirstLBA 1161216  Last LBA 468860927
    Attributes 0
    Partition Name                 Basic data partition
Disk Size: 240057409536 bytes
Sector size: 512 bytes
Done!
Infected: C:\Users\Grant\AppData\Local\Temp\setup.exe --> [Adware.SquareNet]
Infected: C:\Users\Grant\AppData\Local\Temp\avboost.exe --> [Adware.Tuto4PC]
Infected: C:\Users\Grant\AppData\Local\Temp\Rar$EXa0.812\setup.exe --> [Adware.FileTour]
Infected: C:\Users\Grant\AppData\Local\Temp\is-J17SA.tmp\booster.exe --> [Adware.Tuto4PC.Generic]
File "C:\Users\Grant\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: C:\Users\Grant\AppData\Local\dpbynzd\ulriyj --> [Adware.Yelloader]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\QBackup\index.qbs" is compressed (flags = 32769)
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\QBackup\index.qbs" is sparse (flags = 32769)
Infected: C:\Windows\Temp\dataup.zip --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000002 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000003 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000004 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000005 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000006 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000007 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000008 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000009 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000010 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000011 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000012 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000013 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000014 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000015 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000016 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000017 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000018 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000019 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00001f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000020 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000022 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000023 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000024 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000025 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000026 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000027 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000028 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000029 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00002f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000030 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000031 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000032 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000033 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000034 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000036 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000037 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000038 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000039 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00003f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000040 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000041 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000042 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000043 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000044 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000045 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000046 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000047 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000048 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00004f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000050 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000051 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000052 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000053 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000054 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000055 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000056 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000057 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000058 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000059 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005c --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005e --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005f --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000060 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000061 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000062 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000063 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000064 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000065 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000066 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000067 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000068 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000069 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00006a --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00006b --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\index --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\QuotaManager --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\QuotaManager-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00000d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000021 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000035 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_000049 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\f_00005d --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases\Databases.db --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\databases\Databases.db-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\000003.log --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\CURRENT --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOCK --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOG --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\MANIFEST-000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\https_widgets.outbrain.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\https_widgets.outbrain.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_widgets.outbrain.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_widgets.outbrain.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_www.express.co.uk_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Local Storage\http_www.express.co.uk_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\FDGJEHWU --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5 --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\llssoft\winvmx\data618\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VQXTBJX5\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\dataup --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\regtool --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\debug.log --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker]
Infected: C:\Users\Grant\AppData\Local\ntuserlitelist\winscr --> [Trojan.Clicker]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
 
 
EDIT: I'd like to point out that Discord is now working like usual, but that I still get Chrome popups and malwarebytes won't open.

Edited by virtualflying, 11 July 2017 - 05:39 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 11 July 2017 - 06:28 PM

  • Highlight the entire content of the quote box below.

Start::  
S2 DATAUP; C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe [X] <==== ATTENTION
FirewallRules: [{ED4B6990-34FA-4C3B-996F-EE3AAE6E5ABD}] => (Allow) LPort=9143
FirewallRules: [{0B65ECEF-0775-46D6-8D47-6EEC26EB0B43}] => (Allow) LPort=2333
HKLM-x32\...\Run: [cpx] => "C:\Users\Grant\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S2 DATAUP; C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe [X] <==== ATTENTION
C:\WINDOWS\System32\drivers\drmkpro64
Task: {621294CE-CEED-4ADE-8004-75E928FD7CF9} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
ShortcutTarget: AnimaPaper.lnk -> C:\Users\Grant\Documents\GitHub\AnimaPaper\VideoDesk\bin\Release\AnimaPaper.exe (No File)
ShortcutTarget: Rainmeter.lnk -> D:\Programs\Rainmeter\Rainmeter.exe (No File)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5523FD52AC95}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {621294CE-CEED-4ADE-8004-75E928FD7CF9} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
2017-07-10 20:13 - 2017-07-10 20:13 - 0469327 _____ (                                                            ) C:\Users\Grant\AppData\Local\Temp\avboost.exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2531740 _____ (Microsoft) C:\Users\Grant\AppData\Local\Temp\setup (1).exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2211328 _____ () C:\Users\Grant\AppData\Local\Temp\setup.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 July 2017 - 06:59 PM

Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by Grant (11-07-2017 18:32:35) Run:1
Running from C:\Users\Grant\Desktop
Loaded Profiles: Grant (Available Profiles: Grant)
Boot Mode: Normal
==============================================
fixlist content:
*****************
  
S2 DATAUP; C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe [X] <==== ATTENTION
FirewallRules: [{ED4B6990-34FA-4C3B-996F-EE3AAE6E5ABD}] => (Allow) LPort=9143
FirewallRules: [{0B65ECEF-0775-46D6-8D47-6EEC26EB0B43}] => (Allow) LPort=2333
HKLM-x32\...\Run: [cpx] => "C:\Users\Grant\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S2 DATAUP; C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Grant\AppData\Local\keluswol\xazdki\ct.exe [X] <==== ATTENTION
C:\WINDOWS\System32\drivers\drmkpro64
Task: {621294CE-CEED-4ADE-8004-75E928FD7CF9} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
ShortcutTarget: AnimaPaper.lnk -> C:\Users\Grant\Documents\GitHub\AnimaPaper\VideoDesk\bin\Release\AnimaPaper.exe (No File)
ShortcutTarget: Rainmeter.lnk -> D:\Programs\Rainmeter\Rainmeter.exe (No File)
CustomCLSID: HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5523FD52AC95}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {621294CE-CEED-4ADE-8004-75E928FD7CF9} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
2017-07-10 20:13 - 2017-07-10 20:13 - 0469327 _____ (                                                            ) C:\Users\Grant\AppData\Local\Temp\avboost.exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2531740 _____ (Microsoft) C:\Users\Grant\AppData\Local\Temp\setup (1).exe
2017-07-10 20:13 - 2017-07-10 20:13 - 2211328 _____ () C:\Users\Grant\AppData\Local\Temp\setup.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
*****************
  => Error: No automatic fix found for this entry.
DATAUP => service not found.
windowsmanagementservice => service not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED4B6990-34FA-4C3B-996F-EE3AAE6E5ABD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B65ECEF-0775-46D6-8D47-6EEC26EB0B43} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
DATAUP => service not found.
windowsmanagementservice => service not found.
"C:\WINDOWS\System32\drivers\drmkpro64" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{621294CE-CEED-4ADE-8004-75E928FD7CF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{621294CE-CEED-4ADE-8004-75E928FD7CF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2 => key not found.
C:\Users\Grant\Documents\GitHub\AnimaPaper\VideoDesk\bin\Release\AnimaPaper.exe => not found.
D:\Programs\Rainmeter\Rainmeter.exe => not found.
HKU\S-1-5-21-2814850551-2797825924-249666552-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5523FD52AC95} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{621294CE-CEED-4ADE-8004-75E928FD7CF9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2 => key not found.
"C:\Users\Grant\AppData\Local\Temp\avboost.exe" => not found.
C:\Users\Grant\AppData\Local\Temp\setup (1).exe => moved successfully
"C:\Users\Grant\AppData\Local\Temp\setup.exe" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2814850551-2797825924-249666552-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {15FF8E54-E4DF-4DB4-ADF2-D6FE68BD065D}.
0 out of 1 jobs canceled.
========= End of CMD: =========

=========== EmptyTemp: ==========
BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 210171979 B
Java, Flash, Steam htmlcache => 218980490 B
Windows/system/drivers => 55944490 B
Edge => 208263106 B
Chrome => 64591878 B
Firefox => 6168191 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 86022 B
NetworkService => 0 B
Grant => 480442573 B
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 18:33:28 ====

 

 

​JRT.txt

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Grant (Administrator) on Tue 07/11/2017 at 18:38:45.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 0
 

Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B4E9779156F26FC26D03BF7A2ADC2259 (Registry Value)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/11/2017 at 18:41:00.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ADWCleaner Log

 

 

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 18:54:10
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Grant - DESKTOP-FE7BE0B
# Running from : C:\Users\Grant\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Grant\AppData\Local\llssoft

***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\tschmna
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\tschmna

***** [ Web browsers ] *****
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: flightaware.com
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: coolnovo.en.softonic.com
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: vsdc-free-video-editor.en.softonic.com
[-] [C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: roblox.en.softonic.com

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2282 Bytes] - [11/07/2017 13:09:13]
C:\AdwCleaner\AdwCleaner[C2].txt - [1850 Bytes] - [11/07/2017 18:54:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [2232 Bytes] - [11/07/2017 13:08:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [2343 Bytes] - [11/07/2017 18:53:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2069 Bytes] ##########


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 11 July 2017 - 08:20 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 11 July 2017 - 09:35 PM

Well, most of my programs run well, but I still can't use Chrome. Popups still appear :(



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 11 July 2017 - 10:05 PM

In your position I would reset Chrome to its default. If that wont work, remove and reinstall Chrome.

 

Keep me posted.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 12 July 2017 - 02:49 PM

So far so good. I reinstalled Chrome completely, and I haven't seen a popup since.. I'll keep you posted.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 12 July 2017 - 05:08 PM

Lets remove the quarantined items:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 14 July 2017 - 10:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users