Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Smartservice and Yelloader


  • This topic is locked This topic is locked
14 replies to this topic

#1 Stealthality

Stealthality

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 10:13 AM

Cant run MBAR Cant run Rkill I can only run PChunter and Roguekill which I ran roguekill and got a bunch of yelloaders and pups I deleted them but some remained as an error but then when I scanned again after I restarted they came back! 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by Genesis (administrator) on DESKTOP-8HHG8B7 (31-07-2017 10:00:49)
Running from C:\Users\Genesis\Desktop
Loaded Profiles: Genesis (Available Profiles: defaultuser0 & Genesis)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\Genesis\AppData\Local\ajvdscq\ct.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Flux Software LLC) C:\Users\Genesis\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-12-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Program Files\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [Discord] => C:\Users\Genesis\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Genesis\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-10-27] (MurGee.com)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [MyComGames] => C:\Users\Genesis\AppData\Local\MyComGames\MyComGames.exe [5426576 2017-05-23] (MY.COM B.V.)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [f.lux] => C:\Users\Genesis\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Genesis\AppData\Roaming\Microsoft\Protect\b0a364-e7d368-d8cb4076-fbe2b1-6cc0.rs" <==== ATTENTION
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1357704 2016-12-19] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Genesis\AppData\Roaming\Microsoft\Protect\b0a364-e7d368-d8cb4076-fbe2b1-6cc0.rs" <==== ATTENTION
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\MountPoints2: D - "D:\setup.exe" 
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs6 - {3CA8BD37-9F72-428F-926C-90ADD93A471B} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {3CA8BD37-9F72-428F-926C-90ADD93A471B} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2017-01-02]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-2224706485-2247944354-2070470572-1001] => 127.0.0.1:8003
Hosts: 37.139.50.192 www.gstatic.com
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{133770cc-df1d-470f-bc6a-7350fe1c1073}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{1d525f8a-72dd-4efc-905e-15c5f96379a6}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{70dc652d-d054-433c-bdbf-a4032cd9abcf}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{8af0542b-d3d0-4f70-96d6-65407f75beee}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{9f791710-f798-41e7-ba45-23282de57d09}: [DhcpNameServer] 10.1.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtC0BtD0DyCtCyByD0DtAtB0A0FtBtN0D0Tzu0StCzyyBtBtN1L2XzutAtFtBzytFtAtFyBzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0B0FtDyDyE0AtGyCyCyE0BtG0C0BzztBtGyD0CtB0EtG0A0AtByCyCzy0EtC0BtD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtCzy0Dzyzz0EtG0CtC0C0EtGyEtAzzyEtG0B0AzytBtGtA0AyByB0AyE0A0AyCtC0D0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyDyC%26cr%3D305066102%26a%3Dwbf_ir_17_21%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0CtC0BtD0DyCtCyByD0DtAtB0A0FtBtN0D0Tzu0StCzyyBtBtN1L2XzutAtFtBzytFtAtFyBzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0B0FtDyDyE0AtGyCyCyE0BtG0C0BzztBtGyD0CtB0EtG0A0AtByCyCzy0EtC0BtD0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtCzy0Dzyzz0EtG0CtC0C0EtGyEtAzzyEtG0B0AzytBtGtA0AyByB0AyE0A0AyCtC0D0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyDyC%26cr%3D305066102%26a%3Dwbf_ir_17_21%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-19] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2224706485-2247944354-2070470572-1001: @my.com/Games -> C:\Users\Genesis\AppData\Local\MyComGames\NPMyComDetector.dll [2017-04-14] (MY.COM B.V.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default [2017-07-31]
CHR Extension: (Google Slides) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Google Drive) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-28]
CHR Extension: (YouTube) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (Adblock Plus) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google Sheets) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Window Expander For YouTube) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Genesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2017-01-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R2 Dataup; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2017-01-15] (EasyAntiCheat Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-18] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2017-02-17] () [File not signed]
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-18] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-18] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Genesis\AppData\Local\ajvdscq\ct.exe [689152 2017-05-17] () [File not signed] <==== ATTENTION
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-02-02] (Wacom Technology, Corp.)
S2 EraserSvc11710; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe" /h ccCommon [X]
S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [X] <==== ATTENTION
S2 srcsrv2; C:\Windows\src_srv_2\winsrcsrv.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0316467.inf_amd64_3d8fbd78102e53d7\atikmdag.sys [38439848 2017-07-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0316467.inf_amd64_3d8fbd78102e53d7\atikmpag.sys [549800 2017-07-26] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-08-03] (/n software, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-07-30] (Malwarebytes)
U4 Ndileelcmsio; no ImagePath
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-30] ()
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-08-03] (/n software, Inc.)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [119952 2017-01-25] (Wacom Technology)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2017-05-31] (Basil)
S3 xhunter1; C:\Windows\xhunter1.sys [37344 2017-05-23] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-31 10:00 - 2017-07-31 10:01 - 000024902 _____ C:\Users\Genesis\Desktop\FRST.txt
2017-07-31 10:00 - 2017-07-31 10:00 - 002381312 _____ (Farbar) C:\Users\Genesis\Downloads\FRST64.exe
2017-07-31 10:00 - 2017-07-31 10:00 - 002381312 _____ (Farbar) C:\Users\Genesis\Desktop\FRST64.exe
2017-07-31 09:56 - 2017-07-31 09:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-07-30 23:25 - 2017-07-30 23:26 - 000298324 _____ C:\Windows\Minidump\073017-20703-01.dmp
2017-07-30 23:18 - 2017-07-30 23:18 - 008162248 _____ (Malwarebytes) C:\Users\Genesis\Downloads\adwcleaner_7.0.0.0.exe
2017-07-30 23:18 - 2017-07-30 23:18 - 008162248 _____ (Malwarebytes) C:\Users\Genesis\Desktop\adwcleaner_7.0.0.0.exe
2017-07-30 23:11 - 2017-07-30 23:11 - 001063439 _____ C:\Users\Genesis\Downloads\Unconfirmed 131981.crdownload
2017-07-30 20:44 - 2017-07-30 21:50 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-30 20:44 - 2017-07-30 20:44 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-30 20:44 - 2017-07-30 20:44 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-30 20:44 - 2017-07-30 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-30 20:43 - 2017-07-30 20:44 - 000000000 ____D C:\Program Files\RogueKiller
2017-07-30 20:43 - 2017-07-30 20:43 - 035709112 _____ (Adlice Software ) C:\Users\Genesis\Downloads\setup (2).exe
2017-07-30 20:36 - 2017-07-30 20:36 - 004830473 _____ C:\Users\Genesis\Downloads\tdsskiller.zip
2017-07-30 20:29 - 2017-07-30 20:29 - 000000000 ____D C:\Users\Genesis\Pavark
2017-07-30 20:27 - 2017-07-30 20:27 - 001472131 _____ C:\Users\Genesis\Downloads\vba32arkit.zip
2017-07-30 20:15 - 2017-07-30 23:25 - 1056814781 _____ C:\Windows\MEMORY.DMP
2017-07-30 20:15 - 2017-07-30 20:16 - 000317468 _____ C:\Windows\Minidump\073017-17203-01.dmp
2017-07-30 20:05 - 2017-07-30 20:35 - 006710850 _____ C:\Users\Genesis\Desktop\PCHunter_free.zip
2017-07-30 20:05 - 2016-10-06 03:05 - 009534160 _____ (一普明为北京信息技术有限公司) C:\Users\Genesis\Desktop\PCHunter64.exe
2017-07-30 20:04 - 2017-07-30 20:05 - 006559869 _____ C:\Users\Genesis\Downloads\PCHunter_free.zip
2017-07-30 19:46 - 2017-07-30 19:46 - 000085504 _____ C:\Users\Genesis\Desktop\Inherit.exe
2017-07-30 19:00 - 2017-07-31 10:00 - 000000000 ____D C:\FRST
2017-07-30 17:52 - 2017-07-30 17:57 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-30 17:50 - 2017-07-30 17:50 - 000000000 ____D C:\Windows\pss
2017-07-30 16:34 - 2017-07-30 16:34 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-30 16:22 - 2017-07-30 17:13 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-30 16:22 - 2017-07-30 16:22 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-27 15:23 - 2017-07-27 15:23 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224706485-2247944354-2070470572-1001
2017-07-27 15:04 - 2017-07-27 15:04 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2017-07-27 15:04 - 2017-07-27 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-07-27 15:03 - 2017-07-27 15:03 - 000000000 ____D C:\Program Files (x86)\AMD
2017-07-27 15:02 - 2017-07-27 15:02 - 000000000 ____D C:\Users\Genesis\AppData\LocalLow\AMD
2017-07-26 18:05 - 2017-07-26 18:05 - 000933288 _____ (AMD) C:\Windows\system32\SET1E3F.tmp
2017-07-26 18:05 - 2017-07-26 18:05 - 000933288 _____ (AMD) C:\Windows\system32\coinst_17.30.dll
2017-07-26 18:05 - 2017-07-26 18:05 - 000142248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 010283432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 002535336 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 001061792 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 001061792 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 000157176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 000144800 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 000123304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 000110504 _____ C:\Windows\SysWOW64\atidxx32.dll
2017-07-26 18:04 - 2017-07-26 18:04 - 000107944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2017-07-26 18:03 - 2017-07-26 18:03 - 000112224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-07-26 18:03 - 2017-07-26 18:03 - 000100264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-07-26 18:03 - 2017-07-26 18:03 - 000083880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-07-26 18:02 - 2017-07-26 18:02 - 000149216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-07-26 18:02 - 2017-07-26 18:02 - 000141344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-07-26 18:02 - 2017-07-26 18:02 - 000125920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-07-26 18:02 - 2017-07-26 18:02 - 000112216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-07-26 14:35 - 2017-07-26 14:35 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2017-07-26 14:35 - 2017-07-26 14:35 - 000120880 _____ C:\Windows\system32\kapp_ci.sbin
2017-07-26 14:35 - 2017-07-26 14:35 - 000031039 _____ C:\Windows\system32\AMDKernelEvents.man
2017-07-26 14:35 - 2017-07-26 14:35 - 000000145 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2017-07-20 19:36 - 2017-07-20 19:36 - 000149896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2017-07-20 19:36 - 2017-07-20 19:36 - 000127880 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2017-07-01 16:50 - 2017-07-01 16:50 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2017-07-01 10:26 - 2017-07-01 10:26 - 000000000 ____D C:\Avenger
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-31 10:01 - 2016-07-16 06:47 - 000000000 ____D C:\Windows\AppReadiness
2017-07-31 09:56 - 2016-12-28 23:18 - 000000000 ____D C:\Program Files (x86)\Steam
2017-07-31 09:55 - 2016-12-29 13:37 - 000000000 ____D C:\Users\Genesis
2017-07-31 09:55 - 2016-12-29 13:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-07-31 01:36 - 2016-07-16 06:36 - 000000000 ____D C:\Windows\CbsTemp
2017-07-30 23:30 - 2016-12-29 13:39 - 002557896 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-30 23:26 - 2017-01-15 18:14 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-30 23:26 - 2016-12-29 13:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-30 23:25 - 2017-01-22 15:47 - 000000000 ____D C:\Windows\Minidump
2017-07-30 23:18 - 2017-05-31 14:13 - 000000000 ____D C:\Users\Genesis\AppData\Local\ntuserlitelist
2017-07-30 23:14 - 2017-02-03 23:33 - 000000000 ____D C:\Users\Genesis\AppData\Local\CrashDumps
2017-07-30 23:12 - 2016-12-28 21:49 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-30 23:12 - 2016-07-16 01:04 - 000262144 _____ C:\Windows\system32\config\BBI
2017-07-30 20:16 - 2016-07-16 06:47 - 000000000 ____D C:\Windows\LiveKernelReports
2017-07-30 20:13 - 2017-06-12 23:14 - 000000000 ____D C:\Windows\src_srv_2
2017-07-30 18:30 - 2017-04-14 13:40 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-30 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-30 16:34 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-30 16:22 - 2017-06-12 09:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 15:23 - 2016-12-29 13:39 - 000002373 _____ C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 15:23 - 2016-12-29 13:39 - 000000000 ___RD C:\Users\Genesis\OneDrive
2017-07-27 15:04 - 2016-12-29 11:15 - 000000000 ____D C:\Users\Genesis\AppData\Local\Warframe
2017-07-27 15:02 - 2016-12-28 21:49 - 000000000 ____D C:\AMD
2017-07-27 15:01 - 2016-07-16 06:45 - 000000000 ____D C:\Windows\INF
2017-07-27 15:00 - 2016-12-28 22:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-27 10:11 - 2016-07-16 06:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-26 18:06 - 2017-05-16 18:06 - 000555432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-07-26 18:06 - 2017-05-16 18:06 - 000486824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-07-26 18:06 - 2017-05-16 18:06 - 000053664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-07-26 18:06 - 2017-05-16 18:06 - 000051112 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000540072 _____ C:\Windows\system32\GameManager64.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000374184 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000285096 _____ C:\Windows\system32\hsa-thunk64.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000250792 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000200104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000178600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000159656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-07-26 18:06 - 2016-10-26 04:04 - 000144296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-07-26 18:05 - 2016-12-20 13:17 - 000037800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-07-26 18:05 - 2016-12-20 13:17 - 000037800 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-07-26 18:05 - 2016-10-26 04:04 - 000789928 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000561064 _____ C:\Windows\system32\dgtrayicon.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000560552 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000492456 _____ C:\Windows\system32\atieah64.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000378280 _____ C:\Windows\system32\clinfo.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000342952 _____ C:\Windows\SysWOW64\atieah32.exe
2017-07-26 18:05 - 2016-10-26 04:04 - 000253864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-07-26 18:05 - 2016-10-26 04:04 - 000212392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-07-26 18:05 - 2016-10-26 04:04 - 000176552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-07-26 18:05 - 2016-10-26 04:04 - 000133032 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-07-26 18:05 - 2016-10-26 04:04 - 000123816 _____ C:\Windows\system32\atidxx64.dll
2017-07-26 18:04 - 2016-12-20 13:16 - 000121256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 012502952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 002920360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 001542568 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 000674728 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2017-07-26 18:04 - 2016-10-26 04:04 - 000476072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 000165440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-07-26 18:04 - 2016-10-26 04:04 - 000077736 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2017-07-26 18:03 - 2016-10-26 04:05 - 000141344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-07-26 18:03 - 2016-10-26 04:04 - 000872872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-07-26 18:03 - 2016-10-26 04:04 - 000704424 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-07-26 18:02 - 2016-10-26 04:05 - 000587648 _____ C:\Windows\system32\amdmiracast.dll
2017-07-26 18:02 - 2016-10-26 04:05 - 000206784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-07-26 18:02 - 2016-10-26 04:05 - 000174688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-07-26 18:02 - 2016-10-26 04:04 - 000523176 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-07-26 18:02 - 2016-10-26 04:04 - 000369064 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-07-26 14:35 - 2016-09-16 18:00 - 000814864 _____ C:\Windows\SysWOW64\atiapfxx.blb
2017-07-26 14:35 - 2016-09-16 18:00 - 000814864 _____ C:\Windows\system32\atiapfxx.blb
2017-07-26 14:35 - 2016-09-16 17:58 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2017-07-26 14:35 - 2015-12-16 20:06 - 000000145 _____ C:\Windows\system32\amd-vulkan64.json
2017-07-25 09:40 - 2016-12-28 23:52 - 000000000 ____D C:\Users\Genesis\AppData\Roaming\DS4Windows
2017-07-18 08:45 - 2016-12-29 13:31 - 000000000 ____D C:\Windows\Panther
2017-07-17 09:07 - 2017-03-18 22:20 - 000000000 ____D C:\$WINDOWS.~BT
2017-07-13 08:09 - 2016-12-29 01:10 - 000000000 ____D C:\Windows\system32\MRT
2017-07-13 08:06 - 2016-12-29 01:10 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-01 16:36 - 2017-06-15 13:26 - 000000222 _____ C:\Users\Genesis\Desktop\Warframe.url
2017-07-01 16:30 - 2016-12-29 13:37 - 000000000 ____D C:\Users\Genesis\AppData\Local\ConnectedDevicesPlatform
2017-07-01 16:30 - 2016-12-28 23:34 - 000000000 ____D C:\Users\Genesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-01 15:03 - 2017-05-23 17:10 - 000000000 __SHD C:\found.000
 
==================== Files in the root of some directories =======
 
2017-05-31 01:25 - 2017-05-31 01:25 - 000000047 _____ () C:\Users\Genesis\AppData\Roaming\WB.CFG
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Genesis\AppData\Local\report
2017-05-31 14:13 - 2017-05-31 14:13 - 000002048 _____ () C:\Users\Genesis\AppData\Local\uninstallro.exe
2016-12-28 22:42 - 2016-12-28 22:42 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-12 11:01 - 2017-06-12 11:01 - 000000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2017-07-30 20:44 - 2016-11-11 05:13 - 001886344 _____ (Microsoft Corporation) C:\Users\Genesis\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-25 13:38
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by Genesis (31-07-2017 10:01:57)
Running from C:\Users\Genesis\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-29 18:36:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2224706485-2247944354-2070470572-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2224706485-2247944354-2070470572-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2224706485-2247944354-2070470572-1000 - Limited - Disabled) => C:\Users\defaultuser0
Genesis (S-1-5-21-2224706485-2247944354-2070470572-1001 - Administrator - Enabled) => C:\Users\Genesis
Guest (S-1-5-21-2224706485-2247944354-2070470572-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdventureQuest 3D (HKLM\...\Steam App 429790) (Version:  - Artix Entertainment, LLC)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ArtMoney SE v7.45.1 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.45.1 - System SoftLab)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Auto Clicker v3.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 3.1 - MurGee.com)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703820}) (Version: 3.8.2.0 - Betternet Technologies Inc.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Boring Man - Online Tactical Stickman Combat (HKLM\...\Steam App 346120) (Version:  - Spasman Games)
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version:  - Treyarch)
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CloudExtender (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\CloudExtender) (Version:  - AltoCloud) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CrossFire NA (HKLM-x32\...\CrossFire_is1) (Version:  - Z8Games.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{C6A49D2B-7359-4ED1-BC9F-F76A1957BC7A}) (Version: 12.5.4019 - Blackmagic Design)
Discord (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
DragonBoost (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Flux) (Version:  - )
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
FireAlpaca 1.7.0 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.7.0 - firealpaca.com)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Happy Room (HKLM\...\Steam App 550010) (Version:  - Mana Potion Studios)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
Horizon (HKLM-x32\...\{6b384f34-10c8-4c10-ba08-345168bda7e8}) (Version: 2.9.0 - Daring Development Inc.)
Horizon (HKLM-x32\...\{6BCA2AC7-7BC2-4011-BE10-143BDFD43D6C}) (Version: 2.9.0 - Daring Development Inc.) Hidden
Icecream Screen Recorder version 4.71 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.71 - Icecream Apps)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KSH (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\b1d1249b2bee82bb) (Version: 1.0.0.5 - KSH)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash MX 2004 (HKLM-x32\...\{2F353D44-73BB-4971-B31D-F7642E9E9531}) (Version: 7 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.126 - MediatekWiFi)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mortal Kombat X (HKLM\...\Steam App 307780) (Version:  - NetherRealm Studios)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mr.President! (HKLM\...\Steam App 507010) (Version:  - Game Developer X)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
My.com Game Center (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\MyComGames) (Version: 3.201 - My.com B.V.)
NBA 2K17 (HKLM\...\Steam App 385760) (Version:  - Visual Concepts)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
oCam version 370.0 (HKLM-x32\...\oCam_is1) (Version: 370.0 - hxxp://ohsoft.net/)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
osu! (HKLM-x32\...\{21a31abd-1a85-4dc1-be24-d6a89b9e1eea}) (Version: latest - ppy Pty Ltd)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PokeMMO (HKLM\...\PokeMMO_is1) (Version:  - PokeMMO)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
ROBLOX Player for Genesis (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Skyforge MyCom (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Skyforge MyCom) (Version: 1.140 - My.com B.V.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter X Tekken (HKLM\...\Steam App 209120) (Version:  - Capcom U.S.A., Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Tom Clancy's The Division PTS (HKLM-x32\...\Uplay Install 3502) (Version:  - Ubisoft)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-7 - Wacom Technology Corp.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\WinDirStat) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2224706485-2247944354-2070470572-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {AB25CA9A-F05F-4527-8BEE-D099A6C464DE} => C:\Windows\system32\cbfsMntNtf6.dll [2016-08-03] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [EldosIconOverlay-cbfs6] -> {AB25CA9A-F05F-4527-8BEE-D099A6C464DE} => C:\Windows\system32\cbfsMntNtf6.dll [2016-08-03] (/n software, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2016-10-01] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {012D84D4-9181-4E61-BA09-D027FC5B770C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {1B82669D-C923-41C0-ACF4-F6CF4D8BB5A2} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {25B8D6A2-D8CD-419D-A318-253B13EABF51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
Task: {66AF35FB-E522-48CC-906A-9B2232F9AFDB} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {72494BED-2AD6-4589-BE49-8E8BAEC67E35} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {7A52E951-FBEE-4132-A7D9-F814351C718F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {7B4776A2-9BDC-483C-9B57-DCFF859C7E1E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
Task: {7C7FAB4D-5C9C-4319-9802-A87B975985ED} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {959893B5-163B-45C3-9F8F-5D3D254DBBCB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {9944D16B-9197-49A9-BF8E-E1349E3FECBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {A65DE13F-CDD7-412E-9423-FA188BE02702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.)
Task: {DEAFB69D-7496-43B0-9D65-F7D25341CD48} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {E66B717F-E424-4340-8191-FC74CB4289E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {EE2A94BF-A53B-4BF4-9AD5-AEFF9AAF26F9} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {EE74FACF-7418-4443-8183-C85D0AE0434C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {F13957B7-BBAB-4090-B406-F15F6E739C2C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {F4EC615C-3483-417E-A647-FF06D18B6306} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Genesis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Genesis\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-05-10 18:20 - 2017-04-27 19:49 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-18 01:05 - 2016-11-18 01:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-02-17 18:16 - 2017-02-02 19:01 - 001658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-17 13:22 - 2017-05-17 13:22 - 000689152 ____N () C:\Users\Genesis\AppData\Local\ajvdscq\ct.exe
2017-04-21 15:37 - 2017-04-21 15:37 - 000884224 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2016-10-31 14:45 - 2016-10-31 14:45 - 000592384 _____ () C:\Users\Genesis\AppData\Local\MEGAsync\ShellExtX64.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-29 01:06 - 2016-09-06 23:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 12:51 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 12:52 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 12:52 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 12:52 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-10 18:19 - 2017-04-27 18:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-10 18:19 - 2017-04-27 18:36 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-10 18:19 - 2017-04-27 18:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-17 08:19 - 2017-07-17 08:19 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-17 08:19 - 2017-07-17 08:19 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-17 08:19 - 2017-07-17 08:19 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-17 08:19 - 2017-07-17 08:19 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-12 21:09 - 2017-05-09 04:13 - 003767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-12 21:09 - 2017-05-09 04:13 - 000100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-09-14 23:25 - 2016-09-14 23:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2017-07-30 21:39 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
37.139.50.192 www.gstatic.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Genesis\Desktop\Razer-Hd-Wallpaper-Games-1080p.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Avira.ServiceHost => 2
HKLM\...\StartupApproved\StartupFolder: => "Mediatek Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\StartupApproved\Run: => "Chromium"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8CC6CFD9-76EC-4B84-A81A-AA64756098E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D6BBAF09-BA4C-4175-83F6-E5EE1624340F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D44AB4C1-7622-4297-A4EF-2931DE5ABFA0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{365849C0-6379-4C3F-A51C-D2E018DAC452}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5DBCA836-EAA2-4023-9FB0-F0D4170E5C7F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{42AF0AC2-3A3B-43AA-93AB-2F3862F693A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{24A7604C-9894-4998-9DFA-5801695A13D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{2ABC4DC3-379C-4830-8A79-F4AFB79A995D}C:\program files (x86)\2k games\nba 2k17\nba2k17.exe] => (Allow) C:\program files (x86)\2k games\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{6FDB1C09-919A-4701-922C-EB6449F46C19}C:\program files (x86)\2k games\nba 2k17\nba2k17.exe] => (Allow) C:\program files (x86)\2k games\nba 2k17\nba2k17.exe
FirewallRules: [{47CA7DEE-6177-41DE-92B9-EEB822F79DA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr.President!\Mr.Prez.exe
FirewallRules: [{3CF39B5B-6C2C-4259-A799-0A7717EC941D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr.President!\Mr.Prez.exe
FirewallRules: [{120D3E7C-0E81-4683-9402-9C1930189170}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{34F7D838-237B-4B21-A6CD-6D988F28C50B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{5F00A684-C14E-49F0-92F2-CD38773790FC}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D0964EDF-91FC-42F0-881A-EABC4ACC2CDE}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D88523AD-F165-4A03-9D12-BC89A53B8568}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{17D150BC-28E9-46A6-BC44-F42343C5362C}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{932A760B-3012-4194-A92F-D90203C8E4B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{3EFB42CD-9A16-4A5C-A042-81E6A3121E07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{92722257-05E9-40E3-B4E0-A1CF525B21E4}C:\games\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe] => (Allow) C:\games\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe
FirewallRules: [UDP Query User{38553A7D-C11B-4379-BA11-0CC7A9CAB623}C:\games\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe] => (Allow) C:\games\street fighter v\streetfighterv\binaries\win64\streetfighterv.exe
FirewallRules: [{7ED05A0C-2369-491B-826D-82355A3A7619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Room\Happy Room.exe
FirewallRules: [{D83F850A-9797-4D45-BEAB-3499B6AF9FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Room\Happy Room.exe
FirewallRules: [TCP Query User{90354415-CA07-4B51-97C5-0FAB3E6ADA0F}C:\program files\call of duty infinite warfare\iw7_ship.exe] => (Allow) C:\program files\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{A04A6058-5728-4D61-85DC-2EC20C55AAF2}C:\program files\call of duty infinite warfare\iw7_ship.exe] => (Allow) C:\program files\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [TCP Query User{EC807714-7730-49E0-BD30-9AB219F5481A}C:\users\genesis\appdata\local\citra\app-0.1.136\citra-qt.exe] => (Allow) C:\users\genesis\appdata\local\citra\app-0.1.136\citra-qt.exe
FirewallRules: [UDP Query User{708F3493-AE91-42A4-A921-98126136E122}C:\users\genesis\appdata\local\citra\app-0.1.136\citra-qt.exe] => (Allow) C:\users\genesis\appdata\local\citra\app-0.1.136\citra-qt.exe
FirewallRules: [TCP Query User{F73C3514-3A65-41F7-B4C2-26A56FFD34B8}C:\users\genesis\desktop\citra\citra-qt.exe] => (Allow) C:\users\genesis\desktop\citra\citra-qt.exe
FirewallRules: [UDP Query User{4A145D1B-B577-45EC-AE5A-D0EDF949416F}C:\users\genesis\desktop\citra\citra-qt.exe] => (Allow) C:\users\genesis\desktop\citra\citra-qt.exe
FirewallRules: [{2DAE8F9D-CA3C-4948-882F-652A3C6B9E4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{189AF231-E942-4BF7-8E59-46B934A3BE17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{14EC7F25-0B85-433C-8E50-0C8F456E2188}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{27B2C9E3-294A-4D93-AFD1-A74AE35782B4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{64F7772E-D2A1-46A6-86D5-56A6831F3244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{CFBC78C2-D6B1-43B9-8B1F-DD84FFB99F98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{2DB150F6-1B9B-4DC0-8515-ED7FD37190AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{51596C91-8228-452C-82BF-B86E2E5A0B6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{CDABAF57-23E0-42D0-9100-A3664C65EDDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division PTS\TheDivision.exe
FirewallRules: [TCP Query User{93C70349-717E-4CE6-9A3F-87C9C7BA7D7C}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's the division\thedivision.exe
FirewallRules: [{33CEDFD5-F035-4E2E-98B3-4C54F30C2001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{3D4FDF67-599F-4ED4-B3ED-294055DD8920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Street Fighter X Tekken\SFTK.exe
FirewallRules: [TCP Query User{5103C45B-534A-42E7-8CB5-2184CAE303B3}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{F9949844-6C79-46D7-98B7-F40F940CBD02}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{FE50EEDF-9FD4-4E43-B73F-E869F3B1DC56}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{1B7AC0BA-9686-49A5-B0DD-F66CFCBEC5FF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{E8F0CB7C-C502-4BE0-813C-BB69320130DB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{0F734AB7-A7FF-42E9-A526-0FD9CF451505}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{BBA1098D-FD2B-4AA3-BA69-8F7C1D24F106}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{0BAE9300-9182-4B31-ADA0-13FE97D0128E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{DEC8A54F-902A-4CCC-BBEC-70C53D8AB010}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{CD0A9570-CE14-45EF-ACF7-56A95B21F37E}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{019A738D-DD78-425C-A62D-38DA72EB0416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{98BBADA6-AEA0-4BA5-979D-35422663B584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [TCP Query User{61AA0677-6016-4E99-A1B9-7F867718F8B3}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{19BCADA7-90E5-440F-88E4-9379D1F927AD}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe
FirewallRules: [{CE0583F9-A015-4D32-8872-D43C4C5878C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0112D519-EB75-4A8A-965C-4A132D59B143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B2C2DD6A-E746-4EB9-A3EE-F373D2D0F572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K17\NBA2K17.exe
FirewallRules: [{766370EF-695B-4BAC-9683-6CDDDE347885}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K17\NBA2K17.exe
FirewallRules: [{E9D180B2-01FB-4DD1-8FB3-789E82C33ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{A2784332-5508-420C-800B-F2A879AA69FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{C41AFA7F-69BB-4727-AF35-1336DCEDDBAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{1F80543C-049C-43C8-9C39-B4C14C21047D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringManGame.exe
FirewallRules: [{F3478AFF-0F31-4EE7-BBF6-CFDC81A5D289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{FFE9EF40-E1DD-4554-B7A4-8A890837A0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Boring Man - Online Tactical Stickman Combat\BoringEditor\BoringEditor.exe
FirewallRules: [{6844BFD8-4FFD-4275-A0AC-80388B935DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E18E87DA-660A-4FCD-BE62-23B539451EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B9540B71-C9B6-401A-B625-4729B3D525DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8C74BA81-73D1-4AF2-B55B-0CD3BA351F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{BC62E8D2-487C-4F7A-A8F2-D8FBFBD2608D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{F3885190-526E-440A-B2C6-A49D8F014B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{C4E6B024-08F7-4A2A-89F3-2976EDB72FD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{226D1928-E5DE-4C8C-94D6-15471382C79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [TCP Query User{A6E2F513-4790-4A1A-B0C7-3C58B7BCAAC0}C:\users\genesis\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\genesis\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{145F7CA2-E74D-474E-AFF4-DA1BFB2B0C23}C:\users\genesis\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\genesis\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{B184D5DD-CF10-42D5-8AD9-7447E8829A45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F59F781D-33E4-4B90-BE24-33AFF20EAA47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2979821D-C2A7-4B8C-AD16-FA99106AE93E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0C483F60-E31F-486B-96CC-7BE6264A4A7D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{BD0099A0-4C2A-429B-B234-40A39D5A8A8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7ED919B4-A28A-4DA6-8582-4447FDAE6558}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C87E58AE-513D-4D1F-B801-FECE725640B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AE00B474-F161-40F9-8E73-DADAF24E0516}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{401C8216-D6B3-4FFA-8FE2-0A5A3CE03363}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{FC908B12-6E26-47A4-94E1-5DEECBA7E8B2}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{BD45100F-8D5C-43EB-8B2B-082D59B39082}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{42B1A0C4-458B-4171-8E8B-CDD85F3755DA}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{C35D7B10-AADE-495C-A3D4-BAFFC0ECC500}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{59291422-9CF5-4576-8030-C72CD167049F}] => (Allow) C:\Users\Genesis\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{4D30F5F9-908B-4F1C-A468-7435C7936A54}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{EA236527-6024-474B-B4F1-EDE18D404951}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{245A7B4A-4A85-4BAD-B29C-757B65929F4A}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{8AFA6A39-DCAC-4E4D-A919-06BFF8639BDE}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{A0A537E6-9616-4A75-B9B2-DB0A54517CFB}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{1766AF77-CCFB-4AFD-85E8-245A59B41B4B}] => (Allow) C:\Users\Genesis\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{8E8BF96C-C102-46A4-82CF-E2BB11B5D626}] => (Allow) C:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{22B42A21-BE19-4CFD-B2B3-5EDF5AAF0B9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{84CED877-57F0-4994-9F9C-3DB6FF365AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{36154F7C-25A1-4BA1-8929-54E2296C4FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D1CBE7A0-C45D-449D-AFAC-97A7613C17F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0AD527E2-05C8-4744-812E-2AB610169904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{47C71494-A454-4B51-9AAB-02642F36839A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{28D84FC9-6451-4050-9E65-2599FA3F0D1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B4BF15E6-1C70-4545-BB51-D38EACC63DB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{82D2F063-AA7C-42E3-B7DB-6EB7B7360DA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3587C1CC-B143-439E-AA24-186D87B382E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6CCFB6AB-40C7-43A9-A4AD-158E6A1D48CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{18E6DA4A-82BC-4713-8BAB-24122EC6A931}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
 
==================== Restore Points =========================
 
14-07-2017 19:18:33 Windows Update
18-07-2017 08:45:12 Windows Update
24-07-2017 13:19:17 Windows Update
27-07-2017 15:36:16 Windows Update
27-07-2017 15:36:55 Windows Update
30-07-2017 17:10:21 Windows Update
30-07-2017 17:11:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/31/2017 09:56:05 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/30/2017 11:26:28 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/30/2017 11:14:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amddvr.exe, version: 10.1.1.1666, time stamp: 0x58583c1a
Faulting module name: amddvr.exe, version: 10.1.1.1666, time stamp: 0x58583c1a
Exception code: 0xc0000409
Fault offset: 0x0000000000092538
Faulting process id: 0x1544
Faulting application start time: 0x01d309b37300e9c2
Faulting application path: C:\Program Files\AMD\CNext\CNext\amddvr.exe
Faulting module path: C:\Program Files\AMD\CNext\CNext\amddvr.exe
Report Id: 63146e42-119c-4feb-b6eb-ba722a44ca95
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/30/2017 11:13:48 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/30/2017 11:12:57 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (07/30/2017 10:44:47 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
 
Error: (07/30/2017 10:44:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/30/2017 10:44:46 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/30/2017 10:44:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (07/30/2017 10:44:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
 
System errors:
=============
Error: (07/31/2017 09:57:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/31/2017 09:55:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/31/2017 01:36:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a91: Microsoft .NET Framework 4.7 for Windows 10 Version 1607 and Windows Server 2016 for x64 (KB3186568).
 
Error: (07/31/2017 01:35:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a91: 2017-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4025376).
 
Error: (07/30/2017 11:39:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a91: Microsoft .NET Framework 4.7 for Windows 10 Version 1607 and Windows Server 2016 for x64 (KB3186568).
 
Error: (07/30/2017 11:38:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80071a91: 2017-07 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4025376).
 
Error: (07/30/2017 11:33:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (07/30/2017 11:29:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The requested resource is in use.
 
Error: (07/30/2017 11:26:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000109 (0xa39febde30a8b862, 0xb3b6f8648329d0c0, 0x0000000100000000, 0x0000000000000015). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 8cb33ec2-8eca-4424-8548-6bc54431f245.
 
Error: (07/30/2017 11:26:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
The requested resource is in use.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-25 18:26:59.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-16 14:00:43.858
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 21:54:40.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 12:05:33.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 11:59:51.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 11:59:45.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-28 22:22:30.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-28 21:10:46.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7500 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8144.44 MB
Available physical RAM: 5128.29 MB
Total Virtual: 9552.44 MB
Available Virtual: 5912.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:321.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 31 July 2017 - 03:25 PM

Welcome :)

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 04:04 PM

Im not home yet but I mentioned I cant run MBAR it says requested resource in use

#4 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 04:37 PM

Ah I was able to run it idk why I couldnt



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 31 July 2017 - 04:44 PM

This is a version that it is updated at all times to remove this infection. Do not use the computer while it is scanning.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 05:17 PM

Its currently not responding at over a thousand malware found o.O should I just leave it? Im using my phone to post this

#7 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 05:25 PM

It jumped to 3300

#8 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 05:41 PM

Still not responding

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 31 July 2017 - 06:44 PM

Allow it to run. One user had to allow it to run overnight. Just don't use the computer while scanning.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 31 July 2017 - 06:47 PM

Really tempted to play games lol why though

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 31 July 2017 - 07:28 PM

The tool is like Combofix, Very aggressive, but any mouse movement, and it  will stop.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Stealthality

Stealthality
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 01 August 2017 - 09:27 AM

File is too big I had 24k malware on scan

 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 01 August 2017 - 03:11 PM

That's ok.

 

Remove these programs if they still available:

 

CloudExtender
DragonBoost

 

 

 

  • Highlight the entire content of the quote box below.

Start::
S2 EraserSvc11710; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe" /h ccCommon [X]
S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [X] <==== ATTENTION
S2 srcsrv2; C:\Windows\src_srv_2\winsrcsrv.exe [X]
C:\Program Files\ntuserlitelist
C:\Users\Genesis\AppData\Local\ajvdscq
2017-05-31 01:25 - 2017-05-31 01:25 - 000000047 _____ () C:\Users\Genesis\AppData\Roaming\WB.CFG
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Genesis\AppData\Local\report
2017-05-31 14:13 - 2017-05-31 14:13 - 000002048 _____ () C:\Users\Genesis\AppData\Local\uninstallro.exe
2016-12-28 22:42 - 2016-12-28 22:42 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-12 11:01 - 2017-06-12 11:01 - 000000016 _____ () C:\ProgramData\mntemp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM-x32\...\Run: [cpx] => "C:\Program Files\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Genesis\AppData\Roaming\Microsoft\Protect\b0a364-e7d368-d8cb4076-fbe2b1-6cc0.rs" <==== ATTENTION
HKU\S-1-5-21-2224706485-2247944354-2070470572-1001\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Genesis\AppData\Roaming\Microsoft\Protect\b0a364-e7d368-d8cb4076-fbe2b1-6cc0.rs" <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
C:\Windows\System32\Drivers\drmkpro64.sys
R2 Dataup; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Genesis\AppData\Local\ajvdscq\ct.exe [689152 2017-05-17] () [File not signed] <==== ATTENTION
S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [X] <==== ATTENTION
Task: {1B82669D-C923-41C0-ACF4-F6CF4D8BB5A2} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {1B82669D-C923-41C0-ACF4-F6CF4D8BB5A2} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
2017-07-30 20:44 - 2016-11-11 05:13 - 001886344 _____ (Microsoft Corporation) C:\Users\Genesis\AppData\Local\Temp\dllnt_dump.dll
2017-07-26 18:05 - 2017-07-26 18:05 - 000933288 _____ (AMD) C:\Windows\system32\SET1E3F.tmp
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::
 

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 03 August 2017 - 03:41 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,571 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:10 PM

Posted 05 August 2017 - 09:34 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users