Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64b- Infected with Rootkit(I know where it is) I just can't remove it.


  • This topic is locked This topic is locked
18 replies to this topic

#1 relleke

relleke

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 01:15 PM

Hello! Last night I made the awful mistake of getting infected by a Rootkit. Thus far I have done the following:

Installed Malwarebytes (Scans for Rootkit, can't remove it.)

Installed GMER (Found the Rootkit again, still cant delete or disable it)

Downloaded Malwarebytes Anti Rootkit tool (Can't even open in, even in safemode)

Downloaded Combofix (Also can't open, even in safemode)

Downloaded Kaspersky TDSSKiller (Also cannot run even in safemode)

Downloaded aswMBR it worked. (It told me where the rootkit was, just like Malwarebytes did.

 

I've located the Rootkit at System32\drivers\srvknrux.sys

It created another folder in C:\Users\James\AppData\Local\   called imehwvn.

 

No matter what I do, I cannot get the permissions to remove or disable or remove either. Even in safemode.]

I have however gotten the imehwvn folder removed by starting in last known working boot. But it came back and I can't do it again.

 

At this point I have no idea what else to do. Currently I am making this post through my tablet, as my internet with the Rootkit has dropped to crippling speeds.

 

Any help would be so appreciated!


Edited by britechguy, 14 September 2017 - 01:57 PM.
Moved to MRL forum per assistant's request


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 September 2017 - 01:24 PM

Hi relleke :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 01:50 PM

Hello! Thank you for responding so quickly! Here are the logs you asked for! 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02
Ran by James (administrator) on JAMES-PC (14-09-2017 14:40:58)
Running from C:\Users\James\Downloads
Loaded Profiles: James &  (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\mszvldesrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(MSI) C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(apexpsvc Inc.) C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-11-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [48565944 2016-07-25] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5780256 2017-07-20] (IObit)
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Run: [Discord] => C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {1ca354b9-eb19-11e5-935a-806e6f6e6963} - F:\DVDSetup.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {e97f64ea-eb1c-11e5-a051-806e6f6e6963} - F:\Msetup4.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {f9d4bfe1-966a-11e6-9e8d-448a5b9a7c0e} - H:\setup.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\Run: [Discord] => C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\MountPoints2: {1ca354b9-eb19-11e5-935a-806e6f6e6963} - F:\DVDSetup.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\MountPoints2: {e97f64ea-eb1c-11e5-a051-806e6f6e6963} - F:\Msetup4.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\MountPoints2: {f9d4bfe1-966a-11e6-9e8d-448a5b9a7c0e} - H:\setup.exe
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.233.222.2 64.233.222.7
Tcpip\..\Interfaces\{53E42D51-456E-4BDE-B255-7BCCC0A33238}: [DhcpNameServer] 64.233.222.2 64.233.222.7
 
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (BetterTTV) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-22]
CHR Extension: (Honey) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-11]
CHR Extension: (Adblock for Youtube™) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Tampermonkey) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-10]
CHR Extension: (Adobe Acrobat) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (AdBlock) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-09]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-04]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-06]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 apexpsvc; C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe [245760 2017-09-03] (apexpsvc Inc.) [File not signed] <==== ATTENTION
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-06-20] ()
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-08-26] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [1768736 2017-07-18] (IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-07-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-07-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-05-20] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2016-11-07] (Asmedia Technology)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-20] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2017-01-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [183576 2016-10-27] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-07] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-11-07] (Intel Corporation)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-17] (IObit.com)
S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2017-01-06] (IObit)
S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-06-30] (IObit.com)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2017-01-27] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-14] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2017-01-31] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-18] (NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-12-15] (IObit.com)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2017-04-27] () [File not signed]
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-22] (The OpenVPN Project)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2016-05-18] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-05-18] (Windows ® Win 7 DDK provider)
S3 xhunter1; no ImagePath
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 14:40 - 2017-09-14 14:40 - 002398208 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2017-09-14 14:40 - 2017-09-14 14:40 - 000018655 _____ C:\Users\James\Downloads\FRST.txt
2017-09-14 14:40 - 2017-09-14 14:40 - 000000000 ____D C:\FRST
2017-09-14 14:37 - 2017-09-14 14:37 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-14 13:34 - 2017-09-14 13:34 - 000115536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvknrux.sys
2017-09-14 13:12 - 2017-09-14 13:12 - 000003352 ____N C:\bootsqm.dat
2017-09-14 06:44 - 2017-09-14 06:45 - 000115536 _____ C:\Windows\system32\Drivers\srvuxaeh.sys
2017-09-14 06:22 - 2017-09-14 06:22 - 000085504 _____ C:\Users\James\Desktop\Inherit.exe
2017-09-14 06:16 - 2017-09-14 14:16 - 000002034 _____ C:\Users\James\Desktop\Rkill.txt
2017-09-14 06:16 - 2017-09-14 06:16 - 005198336 _____ (AVAST Software) C:\Users\James\Downloads\aswMBR.exe
2017-09-14 06:15 - 2017-09-14 06:15 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2017-09-14 06:00 - 2017-04-18 04:36 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Desktop\qfwrghryj.cmd.exe
2017-09-14 05:59 - 2017-09-14 05:59 - 000000000 ____D C:\Users\James\Downloads\KasperskyTDSSKillerPortable
2017-09-14 05:58 - 2017-09-14 05:58 - 000331504 _____ (PortableApps.com) C:\Users\James\Downloads\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
2017-09-14 05:56 - 2017-09-14 05:56 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Desktop\iexplorer.exe.exe
2017-09-14 05:55 - 2017-09-14 05:59 - 004830473 _____ C:\Users\James\Downloads\tdsskiller.zip
2017-09-14 05:54 - 2017-09-14 05:54 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Downloads\tdsskiller.exe
2017-09-14 05:53 - 2017-09-14 05:53 - 004830473 _____ C:\Users\James\Downloads\Unconfirmed 146011.crdownload
2017-09-14 05:35 - 2017-09-14 05:35 - 016563352 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.09.3.1001.exe
2017-09-14 05:29 - 2017-09-14 05:34 - 000000021 _____ C:\Users\James\Downloads\63i9ed0u.bat
2017-09-14 05:17 - 2017-09-14 05:38 - 000000000 ____D C:\Users\James\Desktop\mbar
2017-09-14 05:14 - 2017-09-14 14:36 - 000696720 _____ C:\Windows\ntbtlog.txt
2017-09-14 05:00 - 2017-09-14 05:01 - 016563352 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\explorer.exe.exe
2017-09-14 04:52 - 2017-09-14 04:52 - 000000000 ____D C:\Users\James\AppData\Local\imehwvn
2017-09-14 04:24 - 2017-09-14 04:24 - 000380928 _____ C:\Users\James\Downloads\63i9ed0u.exe
2017-09-14 04:22 - 2009-08-13 11:14 - 000472064 _____ ( ) C:\Users\James\Downloads\RootRepeal.exe
2017-09-14 04:21 - 2017-09-14 04:21 - 000465298 _____ C:\Users\James\Downloads\RootRepeal.rar
2017-09-14 03:32 - 2017-09-14 03:32 - 005659851 _____ (Swearware) C:\Users\James\Downloads\ComboFix.exe
2017-09-14 03:30 - 2017-09-14 03:30 - 005659851 _____ (Swearware) C:\Users\James\Desktop\ComboFix.exe
2017-09-14 03:02 - 2017-09-14 03:03 - 000000000 ____D C:\Program Files\Unlocker
2017-09-14 03:02 - 2017-09-14 03:02 - 000346112 _____ C:\Users\James\Downloads\Unlocker x64 1.9.2.msi
2017-09-14 03:02 - 2017-09-14 03:02 - 000001845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2017-09-14 02:48 - 2017-09-14 02:48 - 000000000 __SHD C:\found.001
2017-09-13 23:54 - 2017-09-13 23:54 - 000001177 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-09-13 23:54 - 2017-09-13 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-09-13 23:54 - 2017-03-17 12:31 - 000026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-09-13 23:52 - 2017-09-13 23:53 - 040997504 _____ (IObit ) C:\Users\James\Downloads\imfv5-setup-trial.exe
2017-09-13 23:14 - 2017-09-14 14:37 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 23:14 - 2017-09-14 14:37 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-13 23:14 - 2017-09-14 13:34 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-13 23:14 - 2017-09-14 03:57 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-13 23:14 - 2017-09-13 23:14 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-13 23:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-13 23:12 - 2017-09-13 23:13 - 066347240 _____ (Malwarebytes ) C:\Users\James\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-13 22:48 - 2017-09-13 22:48 - 000000000 ____D C:\Windows\SysWOW64\lsaczbt
2017-09-13 22:48 - 2017-09-13 22:48 - 000000000 ____D C:\Windows\system32\lsaczbt
2017-09-12 13:34 - 2017-09-12 13:34 - 002391732 _____ ( ) C:\Users\James\Downloads\Setup Project64 v2.3.2-202-g57a221e.exe
2017-09-12 13:34 - 2017-09-12 13:34 - 000000848 _____ C:\Users\Public\Desktop\Project64.lnk
2017-09-12 13:34 - 2017-09-12 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2017-09-12 13:26 - 2017-09-12 13:26 - 000621969 _____ C:\Users\James\Downloads\Super_Mario_64_Online_1.2.rar
2017-09-12 12:41 - 2017-09-14 00:08 - 000000000 ____D C:\Users\James\AppData\Roaming\.minecraft
2017-09-12 12:40 - 2017-09-14 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-12 12:40 - 2017-09-12 12:40 - 002314240 _____ C:\Users\James\Downloads\MinecraftInstaller.msi
2017-09-11 22:27 - 2017-09-11 22:27 - 000002417 _____ C:\Users\James\Desktop\ES File Explorer.lnk
2017-09-11 22:03 - 2017-09-11 22:03 - 000005200 _____ C:\Users\James\Downloads\Cube_UC_[unknowncheats.me]_.rar
2017-09-11 19:13 - 2017-09-11 19:13 - 000000000 ____D C:\ProgramData\LogiShrd
2017-09-11 19:12 - 2017-09-11 19:12 - 000000000 ____D C:\Users\James\AppData\Local\Logitech
2017-09-11 19:10 - 2017-09-11 19:11 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-09-11 19:10 - 2017-09-11 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-09-11 19:09 - 2017-09-11 19:09 - 120742160 _____ (Logitech Inc.) C:\Users\James\Downloads\LGS_8.96.81_x64_Logitech.exe
2017-09-11 19:09 - 2017-09-11 19:09 - 000000000 ____D C:\Users\James\AppData\Roaming\Logitech
2017-09-11 19:09 - 2017-09-11 19:09 - 000000000 ____D C:\Users\James\AppData\Roaming\Logishrd
2017-09-10 17:47 - 2017-09-10 17:47 - 001620442 _____ (Picroma ) C:\Users\James\Downloads\CubeSetup3 (1).exe
2017-09-10 17:47 - 2017-09-10 17:47 - 000000000 ____D C:\ProgramData\Picroma
2017-09-10 17:47 - 2017-09-10 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
2017-09-08 23:26 - 2017-09-08 23:26 - 000000000 ____D C:\Users\James\Documents\System Files
2017-09-08 23:25 - 2017-09-08 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yu-Gi-Oh! The Dawn of a New Era
2017-09-08 23:24 - 2017-09-08 23:24 - 000000000 ____D C:\Yu-Gi-Oh! The Dawn of a New Era
2017-09-08 12:44 - 2017-09-08 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-06 06:29 - 2017-09-06 06:29 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-06 06:29 - 2017-09-06 06:29 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-06 06:29 - 2017-09-06 06:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-06 06:29 - 2017-09-06 06:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-01 19:47 - 2017-09-01 19:47 - 000002331 _____ C:\Users\James\Desktop\Duel Links.lnk
2017-08-28 19:11 - 2017-08-28 19:11 - 000000000 ____D C:\Users\James\AppData\Roaming\Bungie
2017-08-27 22:14 - 2017-08-27 22:14 - 000000000 ____D C:\Users\James\AppData\Roaming\OBS
2017-08-27 18:39 - 2017-08-27 18:39 - 076242992 _____ (Ubisoft) C:\Users\James\Downloads\UplayInstaller.exe
2017-08-27 18:39 - 2017-08-27 18:39 - 000000775 _____ C:\Users\James\Desktop\Uplay.lnk
2017-08-27 18:39 - 2017-08-27 18:39 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-08-26 23:59 - 2017-08-26 23:58 - 000383016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-08-26 20:04 - 2017-08-26 20:04 - 006476367 _____ C:\Users\James\Downloads\WD0116.wmv
2017-08-25 19:27 - 2017-08-25 19:27 - 000000000 ____D C:\Users\James\AppData\Roaming\BluestacksCN
2017-08-24 17:18 - 2017-08-24 17:18 - 007163256 _____ C:\Users\James\Documents\Steve Dance.flv
2017-08-24 17:14 - 2017-08-24 17:21 - 003235218 _____ C:\Users\James\Documents\Steve Dance.mp4
2017-08-24 12:18 - 2017-08-24 12:18 - 000749666 _____ C:\Users\James\Downloads\Sonic The Hedgehog 2 (World) (Rev A).zip
2017-08-24 12:14 - 2017-08-24 12:14 - 002174815 _____ C:\Users\James\Downloads\Sonic & Knuckles + Sonic the Hedgehog 2 (World).zip
2017-08-23 19:54 - 2017-08-23 19:54 - 000838984 _____ C:\Users\James\Downloads\soundboard.zip
2017-08-22 22:03 - 2017-09-12 13:54 - 000000000 ___RD C:\Users\James\Dropbox
2017-08-22 22:03 - 2017-08-22 22:03 - 000001230 _____ C:\Users\James\Desktop\Dropbox.lnk
2017-08-22 22:02 - 2017-09-14 14:37 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-22 22:02 - 2017-09-14 06:07 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-22 22:02 - 2017-09-14 01:07 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-22 22:02 - 2017-08-25 19:29 - 000000000 ____D C:\Users\James\AppData\Local\Dropbox
2017-08-22 22:02 - 2017-08-22 22:02 - 000690080 _____ (Dropbox, Inc.) C:\Users\James\Downloads\DropboxInstaller.exe
2017-08-22 22:02 - 2017-08-22 22:02 - 000003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-22 22:02 - 2017-08-22 22:02 - 000003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-22 22:02 - 2017-08-22 22:02 - 000000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2017-08-22 22:02 - 2017-08-22 22:02 - 000000000 ____D C:\ProgramData\Dropbox
2017-08-22 17:12 - 2017-08-23 01:12 - 000000000 ____D C:\Users\James\AppData\Roaming\obs-studio
2017-08-22 17:12 - 2017-08-22 17:12 - 000000728 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-08-22 17:12 - 2017-08-22 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-08-22 16:35 - 2017-08-22 16:35 - 101899104 _____ (obsproject.com) C:\Users\James\Downloads\OBS-Studio-20.0.1-Full-Installer.exe
2017-08-22 16:23 - 2017-08-22 16:23 - 000002383 _____ C:\Users\James\Desktop\Wallet.lnk
2017-08-22 16:21 - 2017-08-22 16:21 - 000002245 _____ C:\Users\James\Desktop\Kik.lnk
2017-08-22 16:14 - 2017-08-22 16:14 - 001821192 _____ (Microsoft Corporation) C:\Users\James\Downloads\vcredist_x86.exe
2017-08-22 16:11 - 2017-09-14 02:27 - 000000000 ____D C:\Users\James\AppData\Roaming\BlueStacksFriends
2017-08-22 16:11 - 2017-09-13 22:53 - 000000000 ____D C:\Users\James\AppData\Local\BlueStacksFriends
2017-08-22 16:11 - 2017-08-22 16:11 - 000002379 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacksFriends.lnk
2017-08-22 16:11 - 2017-08-22 16:11 - 000002371 _____ C:\Users\James\Desktop\BlueStacksFriends.lnk
2017-08-22 16:10 - 2017-08-22 16:10 - 000001545 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-08-22 16:10 - 2017-08-22 16:10 - 000001545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\Users\James\AppData\Local\Bluestacks
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\ProgramData\BlueStacks
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-08-22 02:31 - 2017-08-22 02:31 - 000000000 ____D C:\Users\James\Documents\BioshockHD
2017-08-22 02:26 - 2017-08-27 19:13 - 000000000 ____D C:\Users\James\Documents\My Games
2017-08-22 01:54 - 2017-08-22 01:54 - 000016424 _____ C:\Users\James\Downloads\crash_a_like.zip
2017-08-22 01:22 - 2017-08-22 01:22 - 000076984 _____ C:\Users\James\Downloads\LithosPro-Black.otf
2017-08-20 23:47 - 2017-08-20 23:47 - 000000000 ____D C:\Users\James\Documents\Info Memes
2017-08-18 05:01 - 2017-08-18 05:01 - 000067736 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys
2017-08-18 05:01 - 2017-08-18 05:01 - 000036496 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys
2017-08-18 05:01 - 2017-08-18 05:01 - 000026008 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 14:37 - 2009-07-14 00:45 - 000005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-14 14:37 - 2009-07-14 00:45 - 000005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-14 14:37 - 2009-07-13 22:34 - 019922944 _____ C:\Windows\system32\config\HARDWARE
2017-09-14 14:36 - 2016-03-15 22:44 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-14 14:36 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 13:40 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-14 13:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-14 13:26 - 2016-11-07 21:35 - 000002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (James)
2017-09-14 06:04 - 2016-03-16 01:40 - 000000000 ____D C:\Users\James\AppData\Local\CrashDumps
2017-09-14 05:24 - 2016-09-13 17:13 - 000000000 ____D C:\Users\James\.Origin
2017-09-14 05:24 - 2016-03-15 21:51 - 000000000 ____D C:\Users\James
2017-09-14 03:56 - 2016-09-29 18:41 - 000000000 ____D C:\Users\James\AppData\Roaming\Audacity
2017-09-14 02:52 - 2016-08-25 00:15 - 000000000 ____D C:\Users\James\AppData\Roaming\discord
2017-09-14 02:27 - 2017-08-03 23:18 - 000000000 ____D C:\Users\James\AppData\Roaming\Twitch
2017-09-14 02:27 - 2016-03-15 21:56 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-14 02:26 - 2017-02-13 20:07 - 088223744 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 044236800 _____ C:\Windows\system32\config\components.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000274432 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000024576 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2017-09-14 02:00 - 2016-03-16 05:10 - 000000000 ____D C:\Users\James\AppData\Local\Adobe
2017-09-14 01:17 - 2016-03-19 00:44 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc
2017-09-14 00:16 - 2016-03-15 23:19 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-14 00:07 - 2017-08-01 12:47 - 000000000 ____D C:\Program Files (x86)\Canon
2017-09-14 00:07 - 2017-05-17 19:57 - 000000000 ____D C:\Fraps
2017-09-14 00:07 - 2016-09-27 18:06 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-14 00:06 - 2017-07-04 22:44 - 000000000 ____D C:\Users\James\AppData\Local\FalloutShelter
2017-09-14 00:06 - 2016-03-15 22:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-14 00:00 - 2017-04-12 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall New Dawn
2017-09-14 00:00 - 2016-10-20 02:05 - 000000000 ____D C:\Users\James\AppData\Roaming\DAEMON Tools Lite
2017-09-13 23:54 - 2016-03-15 22:16 - 000000000 ____D C:\ProgramData\ProductData
2017-09-13 23:54 - 2016-03-15 21:55 - 000000000 ____D C:\Users\James\AppData\Roaming\IObit
2017-09-13 23:16 - 2017-04-09 20:47 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-09-13 23:16 - 2016-04-10 18:13 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5
2017-09-13 23:01 - 2016-09-27 15:29 - 000003546 _____ C:\Windows\System32\Tasks\IR7
2017-09-13 22:54 - 2017-04-12 20:08 - 000000000 ____D C:\Users\James\AppData\Local\Battle.net
2017-09-13 17:25 - 2017-01-26 20:17 - 000000000 ____D C:\Users\James\AppData\Local\Ubisoft Game Launcher
2017-09-12 13:41 - 2017-04-01 19:10 - 000000000 ____D C:\Users\James\AppData\Roaming\DS4Windows
2017-09-11 22:23 - 2017-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-11 08:34 - 2016-07-13 00:36 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-08 23:01 - 2017-01-18 04:17 - 000000000 ____D C:\Users\James\Desktop\YGO Pro 2
2017-09-02 00:22 - 2017-06-28 22:55 - 000000000 ____D C:\Users\James\AppData\Roaming\Origin
2017-09-02 00:14 - 2017-06-28 22:54 - 000000000 ____D C:\ProgramData\Origin
2017-09-02 00:07 - 2017-06-28 22:55 - 000000000 ____D C:\Program Files (x86)\Origin
2017-08-31 20:27 - 2017-05-25 17:21 - 000000000 ____D C:\Program Files\IPVanish
2017-08-29 18:16 - 2017-01-25 15:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-27 19:13 - 2016-03-15 22:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-25 19:28 - 2009-07-14 00:45 - 004979000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-24 21:29 - 2016-03-17 22:58 - 000001456 _____ C:\Users\James\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-24 21:19 - 2016-03-17 22:55 - 000000132 _____ C:\Users\James\AppData\Roaming\Adobe GIF Format CS6 Prefs
2017-08-23 22:18 - 2016-03-17 03:33 - 000000132 _____ C:\Users\James\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-22 14:58 - 2016-03-15 21:56 - 000068104 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-21 23:57 - 2017-08-10 12:38 - 000000727 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-08-20 23:53 - 2017-05-03 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NARUTO SHIPPUDEN Ultimate Ninja STORM 4
2017-08-20 23:52 - 2017-08-04 13:31 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2017-08-20 23:52 - 2017-04-19 23:32 - 000000000 ____D C:\ProgramData\Jagex
2017-08-20 23:52 - 2017-03-25 23:57 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magestorm
2017-08-20 23:52 - 2016-06-21 23:26 - 000000000 ____D C:\Users\James\AppData\Local\Jagex
2017-08-20 23:51 - 2016-05-17 04:51 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-20 23:49 - 2017-05-14 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-08-20 23:49 - 2016-04-26 18:39 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
 
==================== Files in the root of some directories =======
 
2016-03-17 22:55 - 2017-08-24 21:19 - 000000132 _____ () C:\Users\James\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-03-17 03:33 - 2017-08-23 22:18 - 000000132 _____ () C:\Users\James\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-19 00:14 - 2016-09-29 19:57 - 000003390 _____ () C:\Users\James\AppData\Roaming\VoiceMeeterDefault.xml
2016-03-17 22:58 - 2017-08-24 21:29 - 000001456 _____ () C:\Users\James\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-08 12:50 - 2016-12-08 12:50 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-03-15 22:13 - 2016-03-15 22:13 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-17 05:01 - 2016-05-17 05:01 - 000012763 _____ () C:\ProgramData\mptmqteo.hmi
 
Some files in TEMP:
====================
2017-09-13 22:41 - 2017-09-13 22:41 - 000024576 _____ (Note8 Simulator) C:\Users\James\AppData\Local\Temp\instac.exe
2017-09-12 16:29 - 2017-09-12 16:29 - 000024576 _____ (noOrg) C:\Users\James\AppData\Local\Temp\pinkflowexe.exe
2017-09-13 22:41 - 2017-09-13 22:41 - 000507904 _____ () C:\Users\James\AppData\Local\Temp\SetupInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-10 02:52
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by James (14-09-2017 14:41:27)
Running from C:\Users\James\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-16 01:51:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934211394-2414287417-2802539243-500 - Administrator - Disabled)
Guest (S-1-5-21-2934211394-2414287417-2802539243-501 - Limited - Disabled)
James (S-1-5-21-2934211394-2414287417-2802539243-1000 - Administrator - Enabled) => C:\Users\James
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: IObit Malware Fighter (Disabled - Up to date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Advanced SystemCare Ultimate (Disabled - Up to date) {91A1210C-78DD-A71C-E865-63DB27C767EE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 10 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 10.1.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
AutoHotkey 1.1.24.03 (HKLM\...\AutoHotkey) (Version: 1.1.24.03 - Lexikos)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.50.50197 - Electronic Arts)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
BlueStacksFriends 11.0.2 (only current user) (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\d7102876-3e3d-5287-80d2-e4af8b7891ff) (Version: 11.0.2 - BlueStack Systems, Inc.)
BlueStacksFriends 11.0.2 (only current user) (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\d7102876-3e3d-5287-80d2-e4af8b7891ff) (Version: 11.0.2 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Citra Edge (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\citra) (Version: 0.1.234 - Citra Development Team)
Citra Edge (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\citra) (Version: 0.1.234 - Citra Development Team)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Darkfall New Dawn (HKLM-x32\...\{18FF06D6-8AE3-4B94-A5D8-70E18D63E9F1}) (Version: 0.0.1 - Ub3rgames)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
DriverNavigator 3.6.9 (HKLM\...\DriverNavigator_is1) (Version: 3.6.9.0 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Fallout 2 Unofficial Patch 1.02.31 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version:  - killap)
FORTIFY (HKLM\...\Steam App 505040) (Version:  - RTK Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
IPVanish (HKLM\...\A57226AD-BDAF-4860-BD4E-EDA6BC546189_is1) (Version: 3.0.6.0 - IPVANISH)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JDs Auto Speed Tester (HKLM-x32\...\JDs Auto Speed Tester) (Version:  - )
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Direct OC (HKLM-x32\...\{E39DE1F0-0A95-4AE8-B9D7-37C5AF360D35}_is1) (Version: 1.0.0.10 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{1A2426F5-4FA9-443A-B910-A182EE18687F}) (Version: 2.42.4 - The Pokémon Company International)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Sonic Mania (HKLM\...\Steam App 584400) (Version:  - Christian Whitehead)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Tt eSPORTS VENTUS Mouse (HKLM-x32\...\{766BD494-B1C8-4491-BBA7-1AABF9BF0660}) (Version: 1.0.0 - Tt eSPORTS)
TubeDigger 5.6.6 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 5.6.6 - TubeDigger)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Yu-Gi-Oh! The Dawn of a New Era version 5.4.1.4024 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.4.1.4024 - Kaiba Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCExtMenu_64.dll [2016-11-18] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-01-01] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCExtMenu_64.dll [2016-11-18] (IObit)
ContextMenuHandlers3: [GB3ContextMenu] -> {3A488FE8-9916-4F36-BDFF-3DED559142E5} => C:\Program Files (x86)\IObit\Game Booster\GBV3ContextMenu.dll [2011-11-29] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCExtMenu_64.dll [2016-11-18] (IObit)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F281E85-4E33-4D10-8986-2E4DEFFFA67B} - System32\Tasks\AdobeAAMUpdater-1.0-James-PC-James => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {15C0A707-2B3E-4235-B4EC-FBE505D5EB35} - System32\Tasks\IR7 => "C:\Windows\system32\cmd.exe" /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm && net stop sppsvc && net start sppsvc
Task: {16CEDC0C-E762-4E13-8C28-062FBFA5277F} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {1C9FCF8D-FC3A-40C9-A3E1-0C61ACE38462} - System32\Tasks\Hybrid3 => taskkill [Argument = /f /im slui.exe]
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe
Task: {3868EA67-5507-4219-B8E5-AB1BB8C44AFD} - System32\Tasks\Driver Booster SkipUAC (James) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe [2017-01-10] (IObit)
Task: {5389DC73-3D06-4E5D-A1C7-A303A1576FE6} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2016-12-12] (Easeware)
Task: {673735DA-B59D-4B43-AD77-A5E2BFE14A20} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {6ECDE7DC-CA2A-45BB-9B2C-ECDB41D29132} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe [2016-12-14] (IObit)
Task: {78262C05-5E12-4DCF-B61F-AC3E50644E1F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-18] (NVIDIA Corporation)
Task: {7ABFCE91-D7C3-4AC5-B4F5-E388A4D9356B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {7C634A3B-36B9-4434-B124-92454EB28028} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-18] (NVIDIA Corporation)
Task: {7F4DAEF4-5FD3-45EE-8C91-BEEB6F481B94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {80D25BDB-B1A8-415F-82AD-EC3ED40F98DE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-18] (NVIDIA Corporation)
Task: {819EABCD-C5E2-45D1-A82E-3F4E51EB894F} - System32\Tasks\Hybrid2 => C:\Trial\IR7\IR7.vbs [2016-09-27] ()
Task: {824F05A9-1E0D-47C0-BC3D-CB28B5510792} - System32\Tasks\Hybrid4 => taskkill [Argument = /f /im sppsvc.exe]
Task: {82D66E90-DB63-42E6-BF49-08F7AC241AE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {86F361E2-CE0C-494E-AF20-6B5947626C55} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {86F361E2-CE0C-494E-AF20-6B5947626C55} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {8EB2906C-9860-4554-9E0B-C3EA727E1159} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {92FDF133-D2FD-407F-A957-F0DA1EDC3E33} - System32\Tasks\ASCU10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2016-12-14] (IObit)
Task: {A1B76C8D-44E9-4E91-8CE8-D5AA96073B45} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-22] (Dropbox, Inc.)
Task: {B6020C3B-1940-4FE9-80D6-7C98B2CD6C1C} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {BB1ACE73-C954-4BBC-816D-1319AF9338B5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2016-09-08] ()
Task: {BC0D139C-56E0-46AC-8366-36BF6D1E69C5} - System32\Tasks\ASCU10_SkipUac_James => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
Task: {C349B7F7-D035-4E9F-BC38-DF07D60040C0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-18] (NVIDIA Corporation)
Task: {C8E5E152-DBD7-4FFD-A234-B645E8ED231E} - System32\Tasks\{3129081C-6822-4F2A-B4B6-9F313B1E8505} => C:\Windows\system32\pcalua.exe -a "C:\GAMES\Doom (Shareware) Installer for Windows x64.exe" -d C:\GAMES
Task: {CD2F9691-3DAF-4D0F-909E-7E4EA62DD4B3} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {CE94CF12-284A-42C1-8814-023AFDF13257} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-18] (NVIDIA Corporation)
Task: {E4F5CDDC-4ABD-4048-881B-830D15A7A735} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-22] (Dropbox, Inc.)
Task: {F8109BCD-1CF5-48D4-8749-FE5BE7C15AAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\Visit Web Site.lnk -> hxxp://
 
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-20 16:04 - 2016-05-20 16:04 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-08-18 05:01 - 2017-08-18 05:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-08-18 05:01 - 2017-08-18 05:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-08-28 19:21 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 19:21 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-09-04 00:21 - 2016-01-11 18:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-09-04 00:21 - 2016-01-11 18:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-05-25 06:15 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2017-05-25 06:15 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2017-05-25 06:15 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2017-05-25 06:15 - 2016-11-01 10:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\GetProcessDLL.dll
2017-08-08 20:14 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-09-08 12:43 - 2017-09-06 06:29 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-08 12:43 - 2017-09-06 06:29 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-22 22:02 - 2017-09-06 06:29 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-22 22:02 - 2017-09-06 06:29 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-08 12:43 - 2017-09-06 06:29 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-22 22:02 - 2017-09-06 06:34 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:44 - 2017-09-06 06:35 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-08 12:43 - 2017-09-06 06:29 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-08 12:43 - 2017-09-06 06:31 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-22 22:02 - 2017-09-06 06:34 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-09-08 12:43 - 2017-09-06 06:32 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-22 22:02 - 2017-09-06 06:35 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-08-08 20:14 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 20:14 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-11 20:56 - 2017-08-31 03:00 - 009622008 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 20:56 - 2017-08-11 20:56 - 001440248 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-14 14:37 - 2017-09-14 14:37 - 000148992 _____ () \\?\C:\Users\James\AppData\Local\Temp\CF11.tmp.node
2017-08-11 20:56 - 2017-08-11 20:56 - 002658296 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-02-23 02:47 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-02-23 02:47 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-02-23 02:47 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-02-23 02:47 - 2015-12-28 14:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-02-23 02:47 - 2016-11-09 15:35 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\James\AppData\Local\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ASCAntivirusSrv => "@"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-03-17 00:16 - 000001035 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09142017143943973\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.233.222.2 - 64.233.222.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => 
MSCONFIG\startupreg: BlueStacks Agent => 
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => 
MSCONFIG\startupreg: Gyazo => c:\program files (x86)\gyazo\gystation.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => 
MSCONFIG\startupreg: Skype => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: XboxStat => "c:\program files\microsoft xbox 360 accessories\xboxstat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1FF70637-BCF9-490E-8249-8B4150CCE20F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E90F3636-4FA1-45D2-B38E-E5BC922DFF8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ECD602DE-F29D-4CFF-993A-A2ED0E1B2722}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D894EFA6-3A43-421D-B282-4957DC6C4B3E}] => (Allow) D:\SteamLibrary\steamapps\common\Damned\Damned.exe
FirewallRules: [{D7CD520A-41EB-418F-87C0-78EDB03D9C40}] => (Allow) D:\SteamLibrary\steamapps\common\Damned\Damned.exe
FirewallRules: [{C33379F6-C1E1-4957-9656-B57D616647A3}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2402BDB3-A1A3-4CA8-9D59-FA32AD9B519F}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7819E844-32BA-408E-BFD4-BFE55C9314A8}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E6B04A9A-08FC-457C-A05F-40021460EF05}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3F1F8DB1-6492-4E25-9D74-34FE06E9F3F3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B44CCFC5-ADAD-471A-A0FC-AAC79844AE87}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{79C7D3CE-B410-4073-955E-82F0B98AE27E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C9FBDFD3-6779-4F93-BF48-0887F727EA27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EBA801BE-9EB3-40B1-BBD5-1E6CEAA274FD}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{BA50203C-10DF-42DA-B325-179FBDD9FC13}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1A10509E-CAAD-4F89-BF82-AAA3AE887CDA}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{364D8CE0-41B3-4402-BF52-A9190198BFBE}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{38A6255C-69EB-49D2-BCCE-032C75EEC410}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D17E8B53-0373-48D1-A8AD-C64ACE79FB24}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3B9F759-2B54-44D7-A9F2-69D84F4057C3}] => (Allow) Z:\Steam Library\steamapps\common\Rust\Rust.exe
FirewallRules: [{A5F539B9-9AC1-471A-BDCE-6C868E12FBCD}] => (Allow) Z:\Steam Library\steamapps\common\Rust\Rust.exe
FirewallRules: [{98A1C881-36C3-4D46-ADD4-6C1EE5DA2631}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{AC9C3094-1D16-4EED-AE82-89D6CF1D46C9}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{60DAC291-30F7-4D1D-AF44-B0164C18C11E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E585F304-A88A-4E82-91F3-AB644884BFAD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{179B2FA7-E116-4D54-8746-71BB5CCC54E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{76034BAB-B9A1-49CF-B0A2-92F13B50C820}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{731BBEB6-8DE1-4EA9-BDDF-F02C285B25C6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{BE527205-CBF5-43A4-B938-CC3110EB8252}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{E69419DA-4241-4E7F-AB7D-46E5BBD015C0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{E79191BB-DE0D-4162-AAD9-15E461A729C3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{25404D8F-9926-40D5-87BC-AEC77267953A}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [{9736E024-7CFC-49B0-962D-E9E1855745F6}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [{217773B8-89B0-4DA4-965B-3D4C6CBA5137}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{54FABE71-BDEA-41FF-998E-81C1BC53EB9C}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{D7FB77B8-80B9-4802-ABDD-F787798CC78D}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{CA6B2A51-58AE-41A3-8ECC-7D476927962B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [TCP Query User{8D3E8D50-06DD-4A81-9495-9F13CEBD9EEB}Z:\program files (x86)\overwatch\overwatch\overwatch.exe] => (Allow) Z:\program files (x86)\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{69C9C727-E1A6-4F5A-8268-514D503C5E35}Z:\program files (x86)\overwatch\overwatch\overwatch.exe] => (Allow) Z:\program files (x86)\overwatch\overwatch\overwatch.exe
FirewallRules: [{0AB9180B-F4FF-4228-89A5-83F3C26FDBDB}] => (Allow) Z:\Steam Library\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{DE77456D-E590-48F0-BDF5-2F35FB158D09}] => (Allow) Z:\Steam Library\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{BCB57F65-AFCB-435D-8CD6-11D8CE60E668}] => (Block) LPort=445
FirewallRules: [{688AE14A-99DD-47FD-BF1B-6EC630285E68}] => (Block) LPort=445
FirewallRules: [{E5420D71-BD89-4FD7-854F-18C29D14079E}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{91FF3948-C7CB-441B-9487-57E26E69B07E}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{BB869774-E03A-4824-8CD8-3A0D101FEEDC}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{7EA6B919-DBAF-463F-9111-617C8C524346}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{49507680-6A1F-4A3F-B056-00F0354B771D}] => (Allow) C:\Program Files (x86)\TubeDigger\TubeDigger.exe
FirewallRules: [TCP Query User{802E8136-61EF-42E1-9879-B54AA16410A5}Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{14F7D2A1-B8E4-4522-A011-218B4C59A019}Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A476426B-A086-4BFA-A46C-329AE7026400}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1Trial.exe
FirewallRules: [{51B558DE-538D-4778-93F9-9E76A0CB0844}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1Trial.exe
FirewallRules: [{1530E252-B77F-4193-97F0-10DFE4E94552}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1.exe
FirewallRules: [{50CAD03D-7272-422C-AA98-BE972F04D8C1}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1.exe
FirewallRules: [{8C2247C5-24C7-4F3F-A740-70E13AE84F84}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{1CA04D24-12C7-4F93-A0A3-6CA57DF33FBE}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{276A2A76-4523-4488-83BD-A0A01D2F72E8}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{B81824A7-BB40-45FC-BAFB-1F3F3FDC412D}Z:\program files (x86)\overwatch\destiny 2\destiny2.exe] => (Allow) Z:\program files (x86)\overwatch\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{6BC0E594-23F3-41AF-8250-3B6F449E8545}Z:\program files (x86)\overwatch\destiny 2\destiny2.exe] => (Allow) Z:\program files (x86)\overwatch\destiny 2\destiny2.exe
FirewallRules: [{0ED845B6-F581-4ACB-9A67-D67BC1FF4C24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DED6628-8ECC-4D93-9F98-D19FF5D224D7}] => (Allow) Z:\Steam Library\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{2FBF0302-61C9-4664-815A-60B12A98B2D8}] => (Allow) Z:\Steam Library\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [TCP Query User{65D9D71E-BEEB-4580-ACF6-D53E90315F61}Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{93BC1C65-9C47-4FFF-B9B2-624BAA5970BD}Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [{91AA1D28-6A0B-41A5-BEFD-6D68FFDF01A3}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{3B98B85A-09A9-4534-9462-4471DCC766E7}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{1CD2F69D-253F-443C-8658-557C23FBE8EE}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{EBA76C1C-C072-4F20-B9BF-F91D7B5E38E7}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{186EA184-D19E-4602-A01F-4B4C200CE95E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{BFEEBD5A-8329-4EE3-B3DD-5A1BF10D3881}C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{85833855-530F-4CFC-87D1-F0CFE9A066AB}C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [TCP Query User{CEDEE753-6ED1-4DD8-946F-87A108C9B32F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{43C5894A-F3E3-4015-86A5-2882D19ABE9D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{6225DBF8-397C-43D6-9C80-4F95CF4B2101}Z:\program files (x86)\super mario 64 online\sm64o.exe] => (Allow) Z:\program files (x86)\super mario 64 online\sm64o.exe
FirewallRules: [UDP Query User{3AD52308-83E3-4799-BF8F-5C9C2ECFFC1E}Z:\program files (x86)\super mario 64 online\sm64o.exe] => (Allow) Z:\program files (x86)\super mario 64 online\sm64o.exe
FirewallRules: [{9A2C798D-3490-43E5-B29F-C26C74D7D085}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{B9E1B171-8509-41BE-B0F8-E8A16B90C2CA}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{820D8C6D-3BD5-46AE-90CC-069F89CBB526}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{06ADABC2-A8E2-4B53-A918-EE5FD1FB4592}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{7F0FF049-F23C-4618-9D3D-3D6FCEB72C71}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2017 02:37:11 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/14/2017 02:37:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/14/2017 01:36:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/14/2017 01:22:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/14/2017 01:21:57 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/14/2017 01:17:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/14/2017 01:16:01 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/14/2017 01:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/14/2017 01:13:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/14/2017 06:04:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000003d50fd8
Faulting process id: 0x990
Faulting application start time: 0x01d32d408b4b915a
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: 1e29eac1-9934-11e7-aed8-448a5b9a7c0e
 
 
System errors:
=============
Error: (09/14/2017 02:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/14/2017 02:37:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/14/2017 01:35:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-08 19:39:24.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:17.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:17.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:16.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:16.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 03:18:49.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 03:18:48.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16330.02 MB
Available physical RAM: 12322.3 MB
Total Virtual: 32658.21 MB
Available Virtual: 28135.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.02 GB) (Free:23.78 GB) NTFS
Drive d: (Steam Drive) (Fixed) (Total:223.57 GB) (Free:131.99 GB) NTFS
Drive e: (Media Drive) (Fixed) (Total:931.51 GB) (Free:477.34 GB) NTFS
Drive f: (CANON_IJ) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
Drive z: (Dragon Ball) (Fixed) (Total:3725.9 GB) (Free:3424.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 727E9E97)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D4C97E74)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 September 2017 - 01:57 PM

Good :) Now follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • A file called fixlog.txt will be on your desktop. Attach it in your next post so I can review it

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 02:13 PM

Alrighty, done! :)

Attached Files



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 September 2017 - 03:01 PM

Thank you :) Now, for the removal. Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 03:14 PM

Done! It said it removed them, but also prompted me to reboot. I haven't done that yet. Just wanted to get the log up here first.

 

Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org
 
Database version:
  main:    v2017.09.13.02
  rootkit: v2017.08.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18537
James :: JAMES-PC [administrator]
 
9/14/2017 4:03:13 PM
mbar-log-2017-09-14 (16-03-13).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 296364
Time elapsed: 5 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\WINDOWS\SYSTEM32\drivers\srvknrux.sys (Rootkit.Agent.PUA) -> Replace on reboot. [cc0bf12d5da9876fd5d64c23e2f57a6b]
C:\WINDOWS\SYSTEM32\drivers\srvuxaeh.sys (Rootkit.Agent.PUA) -> Delete on reboot. [42b0a85551fd7077b493032bf672fb45]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 September 2017 - 06:23 PM

You can reboot your computer :) Afterwards, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 07:59 PM

Alright! Sorry that took so long, had to leave for a bit.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/14/17
Scan Time: 8:57 PM
Log File: cedcd474-99b0-11e7-8a0d-00ff037c4cd3.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2806
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James-PC\James
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344725
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.WinResSync.Generic, C:\USERS\JAMES\APPDATA\ROAMING\MICROSOFT\PROTECT\e97db049-f453-44b1-a911-a91ce75b944e.rs, Delete-on-Reboot, [1483], [337554],1.0.2806
Generic.Malware/Suspicious, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\PINKFLOWEXE.EXE, Delete-on-Reboot, [0], [392686],1.0.2806
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
I don't know what that Pinkflowexe.exe is, I've never seen it before.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 September 2017 - 08:02 PM

No worries, it's all good :) Not sure of what it is either, but Malwarebytes took care of it. Time for a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 September 2017 - 09:53 PM

Alright, finally got it all done.

 

RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : James [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/14/2017 22:34:29 (Duration : 00:12:10)
 
¤¤¤ Processes : 2 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] apexpsvc.exe(8164) -- C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe[-] -> Killed [TermProc]
[VT.TrojanProxy:Win32/Wonknod.A] (SVC) apexpsvc -- "C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe" /svc[-] -> ERROR [6d]
 
¤¤¤ Registry : 2 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\apexpsvc ("C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe" /svc) -> Deleted
[VT.TrojanProxy:Win32/Wonknod.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\apexpsvc ("C:\Users\James\AppData\Local\Temp\enb\apexpsvc.exe" /svc) -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 20 ¤¤¤
[PUP.Gen1][File] C:\Users\Public\Desktop\DriverNavigator.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\JDast Service Control.lnk [LNK@] C:\PROGRA~2\JDAST\JDAST_~2.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\JDNetmon.lnk [LNK@] C:\PROGRA~2\JDAST\JDNetMon.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\JDs Auto Speed Tester.lnk [LNK@] C:\PROGRA~2\JDAST\JDAUTO~1.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\Request Help.lnk [LNK@] C:\PROGRA~2\JDAST\REQUES~1.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\Send Debugging Log.lnk [LNK@] C:\PROGRA~2\JDAST\DATASE~1.EXE -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\2ctbdtmw.ays -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\3d42jskx.333 -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\4aevljnt.fa4 -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\4cnpme3a.wdl -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\d0aa44xv.fu5 -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\dg12oay0.wvq -> Deleted
[PUP.Gen1][File] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\DownloadDrivers.data -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\gxnzfjfm.flf -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\jeuwvjxi.ktl -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\mfnvvvyp.nqb -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\rujrqbie.d5y -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers\yl03zb5z.a2y -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\drivers -> Deleted
[PUP.Gen1][File] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\partner.xml -> Deleted
[PUP.Gen1][File] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator\settings.dat -> Deleted
[PUP.Gen1][Folder] C:\Users\James\AppData\Roaming\Easeware\DriverNavigator -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverNavigator\DriverNavigator.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverNavigator\Uninstall DriverNavigator.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\ar\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\ar\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\ar -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\da\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\da\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\da -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\de\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\de\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\de -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Backup.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Core.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.DriverInstall.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Easeware.DriverInstall.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\es-AR\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\es-AR\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\es-AR -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\fr\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\fr\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\fr -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\hu\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\hu\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\hu -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\Interop.WUApiLib.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\it\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\it\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\it -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\partner.xml -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\pt-BR\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\pt-BR\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\pt-BR -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\uk\DriverNavigator.resources.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\uk\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\uk -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\unins000.dat -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\unins000.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\unins000.msg -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\UnRAR.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\UnRAR_license.txt -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\ar\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\ar -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\da\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\da -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\de\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\de -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\Easeware.Driver.Backup.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\Easeware.Driver.Core.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\Easeware.DriverInstall.exe -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\Easeware.DriverInstall.exe.config -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\es-AR\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\es-AR -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\fr\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\fr -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\hu\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\hu -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\Interop.WUApiLib.dll -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\it\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\it -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\pt-BR\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\pt-BR -> Deleted
[PUP.Gen1][File] C:\Program Files\Easeware\DriverNavigator\x64\uk\Easeware.DriverInstall.resources.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64\uk -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator\x64 -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware\DriverNavigator -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\DataSendAdmin.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\JDast_Service.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\JDast_service_control.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\JDAutoSpeedTester.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\JDNetMon.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\RequestHelp.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\restart_jdast.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\update.exe -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files (x86)\JDAST\Upload_child.exe -> Deleted
[PUP.Gen1][File] C:\Users\Public\Desktop\DriverNavigator.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Removed at reboot [2]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA HDWE140 SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 PRO Seri SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 121875 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: TOSHIBA MK1059GSM SCSI Disk Device +++++
--- User ---
[MBR] ff5e8c3816ae125e35a7bd7d7b36815c
[BSP] 842cabacb149e39c6f86fbf54a48012d : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: SSD2SC24 0G1CS2754D117-48 SCSI Disk Device +++++
--- User ---
[MBR] d760b8c5d81439d7867132e2f21d1523
[BSP] 5d06b3d494a4c94aab9da1bec01a4ce3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
# AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 15 02:51:04 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\James\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\James\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverNavigator
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: Driver Booster Scheduler
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{217773B8-89B0-4DA4-965B-3D4C6CBA5137}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{54FABE71-BDEA-41FF-998E-81C1BC53EB9C}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D7FB77B8-80B9-4802-ABDD-F787798CC78D}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CA6B2A51-58AE-41A3-8ECC-7D476927962B}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3693 B] - [2017/9/15 2:50:22]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 15 September 2017 - 07:04 AM

Awesome :) Now, let's run a new scan with FRST to get a fresh set of logs and see what's left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 September 2017 - 07:59 AM

Got it!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2017 01
Ran by James (administrator) on JAMES-PC (15-09-2017 08:58:18)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(MSI) C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
( ) G:\setup.exe
() C:\Users\James\AppData\Local\Temp\is-08VC1.tmp\setup.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-11-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [48565944 2016-07-25] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5780256 2017-07-20] (IObit)
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Run: [Discord] => C:\Users\James\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {1ca354b9-eb19-11e5-935a-806e6f6e6963} - F:\DVDSetup.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {e97f64ea-eb1c-11e5-a051-806e6f6e6963} - F:\Msetup4.exe
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\MountPoints2: {f9d4bfe1-966a-11e6-9e8d-448a5b9a7c0e} - G:\setup.exe
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.233.222.2 64.233.222.7
Tcpip\..\Interfaces\{53E42D51-456E-4BDE-B255-7BCCC0A33238}: [DhcpNameServer] 64.233.222.2 64.233.222.7
 
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2017-09-15]
CHR Extension: (Google Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-14]
CHR Extension: (BetterTTV) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-22]
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-14]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-14]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-14]
CHR Extension: (Honey) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-14]
CHR Extension: (Adblock for Youtube™) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Tampermonkey) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-10]
CHR Extension: (Adobe Acrobat) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Google Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-14]
CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-14]
CHR Extension: (AdBlock) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-09]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-14]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-06]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-13] ()
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-08-26] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [1768736 2017-07-18] (IObit)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-07-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-07-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-09-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-09-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-05-20] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2016-11-07] (Asmedia Technology)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-20] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2017-01-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [183576 2016-10-27] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-07] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-11-07] (Intel Corporation)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-17] (IObit.com)
S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2017-01-06] (IObit)
S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-06-30] (IObit.com)
R0 lakshg; C:\Windows\System32\drivers\srvknrux.sys [7168 2017-09-14] (Microsoft Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2017-01-27] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-15] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2017-01-31] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-18] (NVIDIA Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-12-15] (IObit.com)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2017-04-27] () [File not signed]
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-22] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-09-14] ()
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2016-05-18] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-05-18] (Windows ® Win 7 DDK provider)
S3 xhunter1; no ImagePath
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-15 08:56 - 2017-09-15 08:56 - 000000000 ____D C:\Users\James\Downloads\FRST-OlderVersion
2017-09-15 08:46 - 2017-09-15 08:46 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-09-15 08:46 - 2017-09-15 08:46 - 000000000 ____D C:\Users\James\AppData\Roaming\ModLauncherWPF
2017-09-14 22:52 - 2017-09-14 22:52 - 008182736 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner (1).exe
2017-09-14 22:50 - 2017-09-14 22:50 - 000027202 _____ C:\Users\James\Desktop\rk_F99B.tmp.txt
2017-09-14 22:49 - 2017-09-14 22:51 - 000000000 ____D C:\AdwCleaner
2017-09-14 22:49 - 2017-09-14 22:49 - 008182736 _____ (Malwarebytes) C:\Users\James\Downloads\AdwCleaner.exe
2017-09-14 22:34 - 2017-09-14 22:34 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-14 22:33 - 2017-09-14 22:33 - 035835424 _____ (Adlice Software ) C:\Users\James\Downloads\setup.exe
2017-09-14 22:33 - 2017-09-14 22:33 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-14 22:33 - 2017-09-14 22:33 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-14 22:33 - 2017-09-14 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-14 22:33 - 2017-09-14 22:33 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-14 17:08 - 2017-09-15 01:18 - 000000000 ____D C:\Users\James\AppData\Roaming\BitTorrent
2017-09-14 17:08 - 2017-09-14 17:08 - 000000813 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-09-14 17:07 - 2017-09-14 17:07 - 003311064 _____ (BitTorrent Inc.) C:\Users\James\Downloads\BitTorrent.exe
2017-09-14 17:01 - 2017-09-14 17:01 - 000000562 _____ C:\TDSSKiller.3.1.0.15_14.09.2017_17.01.46_log.txt
2017-09-14 16:03 - 2017-09-14 16:03 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\431157DE.sys
2017-09-14 16:02 - 2017-09-14 21:00 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-14 16:02 - 2017-09-14 16:02 - 013290179 _____ C:\Users\James\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-14 15:10 - 2017-09-14 15:10 - 000022675 _____ C:\Users\James\Downloads\Fixlog.txt
2017-09-14 14:41 - 2017-09-14 14:41 - 000074087 _____ C:\Users\James\Downloads\Addition.txt
2017-09-14 14:40 - 2017-09-15 08:58 - 000018922 _____ C:\Users\James\Downloads\FRST.txt
2017-09-14 14:40 - 2017-09-15 08:58 - 000000000 ____D C:\FRST
2017-09-14 14:40 - 2017-09-15 08:56 - 002398208 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2017-09-14 14:37 - 2017-09-15 08:45 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-14 13:34 - 2017-09-14 13:34 - 000007168 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\srvknrux.sys
2017-09-14 06:22 - 2017-09-14 06:22 - 000085504 _____ C:\Users\James\Desktop\Inherit.exe
2017-09-14 06:16 - 2017-09-14 14:16 - 000002034 _____ C:\Users\James\Desktop\Rkill.txt
2017-09-14 06:16 - 2017-09-14 06:16 - 005198336 _____ (AVAST Software) C:\Users\James\Downloads\aswMBR.exe
2017-09-14 06:15 - 2017-09-14 06:15 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2017-09-14 06:00 - 2017-04-18 04:36 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Desktop\qfwrghryj.cmd.exe
2017-09-14 05:59 - 2017-09-14 05:59 - 000000000 ____D C:\Users\James\Downloads\KasperskyTDSSKillerPortable
2017-09-14 05:58 - 2017-09-14 05:58 - 000331504 _____ (PortableApps.com) C:\Users\James\Downloads\KasperskyTDSSKillerPortable_2.8.16_English_online.paf.exe
2017-09-14 05:56 - 2017-09-14 05:56 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Desktop\iexplorer.exe.exe
2017-09-14 05:55 - 2017-09-14 05:59 - 004830473 _____ C:\Users\James\Downloads\tdsskiller.zip
2017-09-14 05:54 - 2017-09-14 05:54 - 004922400 _____ (AO Kaspersky Lab) C:\Users\James\Downloads\tdsskiller.exe
2017-09-14 05:53 - 2017-09-14 05:53 - 004830473 _____ C:\Users\James\Downloads\Unconfirmed 146011.crdownload
2017-09-14 05:35 - 2017-09-14 05:35 - 016563352 _____ (Malwarebytes Corp.) C:\Users\James\Downloads\mbar-1.09.3.1001.exe
2017-09-14 05:29 - 2017-09-14 05:34 - 000000021 _____ C:\Users\James\Downloads\63i9ed0u.bat
2017-09-14 05:17 - 2017-09-14 16:11 - 000000000 ____D C:\Users\James\Desktop\mbar
2017-09-14 05:14 - 2017-09-14 14:36 - 000696720 _____ C:\Windows\ntbtlog.txt
2017-09-14 05:00 - 2017-09-14 05:01 - 016563352 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\explorer.exe.exe
2017-09-14 04:52 - 2017-09-14 04:52 - 000000000 ____D C:\Users\James\AppData\Local\imehwvn
2017-09-14 04:24 - 2017-09-14 04:24 - 000380928 _____ C:\Users\James\Downloads\63i9ed0u.exe
2017-09-14 04:22 - 2009-08-13 11:14 - 000472064 _____ ( ) C:\Users\James\Downloads\RootRepeal.exe
2017-09-14 04:21 - 2017-09-14 04:21 - 000465298 _____ C:\Users\James\Downloads\RootRepeal.rar
2017-09-14 03:32 - 2017-09-14 03:32 - 005659851 _____ (Swearware) C:\Users\James\Downloads\ComboFix.exe
2017-09-14 03:30 - 2017-09-14 03:30 - 005659851 _____ (Swearware) C:\Users\James\Desktop\ComboFix.exe
2017-09-14 03:02 - 2017-09-14 03:03 - 000000000 ____D C:\Program Files\Unlocker
2017-09-14 03:02 - 2017-09-14 03:02 - 000346112 _____ C:\Users\James\Downloads\Unlocker x64 1.9.2.msi
2017-09-14 03:02 - 2017-09-14 03:02 - 000001845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2017-09-14 02:48 - 2017-09-14 02:48 - 000000000 __SHD C:\found.001
2017-09-13 23:54 - 2017-09-13 23:54 - 000001177 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-09-13 23:54 - 2017-09-13 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-09-13 23:54 - 2017-03-17 12:31 - 000026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-09-13 23:52 - 2017-09-13 23:53 - 040997504 _____ (IObit ) C:\Users\James\Downloads\imfv5-setup-trial.exe
2017-09-13 23:14 - 2017-09-15 08:45 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 23:14 - 2017-09-15 08:45 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-13 23:14 - 2017-09-14 13:34 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-13 23:14 - 2017-09-14 03:57 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-13 23:14 - 2017-09-13 23:14 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-13 23:14 - 2017-09-13 23:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-13 23:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-13 23:12 - 2017-09-13 23:13 - 066347240 _____ (Malwarebytes ) C:\Users\James\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-13 22:48 - 2017-09-13 22:48 - 000000000 ____D C:\Windows\SysWOW64\lsaczbt
2017-09-13 22:48 - 2017-09-13 22:48 - 000000000 ____D C:\Windows\system32\lsaczbt
2017-09-12 13:34 - 2017-09-12 13:34 - 002391732 _____ ( ) C:\Users\James\Downloads\Setup Project64 v2.3.2-202-g57a221e.exe
2017-09-12 13:34 - 2017-09-12 13:34 - 000000848 _____ C:\Users\Public\Desktop\Project64.lnk
2017-09-12 13:34 - 2017-09-12 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2017-09-12 13:26 - 2017-09-12 13:26 - 000621969 _____ C:\Users\James\Downloads\Super_Mario_64_Online_1.2.rar
2017-09-12 12:41 - 2017-09-14 15:35 - 000000000 ____D C:\Users\James\AppData\Roaming\.minecraft
2017-09-12 12:40 - 2017-09-14 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-12 12:40 - 2017-09-12 12:40 - 002314240 _____ C:\Users\James\Downloads\MinecraftInstaller.msi
2017-09-11 22:27 - 2017-09-11 22:27 - 000002417 _____ C:\Users\James\Desktop\ES File Explorer.lnk
2017-09-11 22:03 - 2017-09-11 22:03 - 000005200 _____ C:\Users\James\Downloads\Cube_UC_[unknowncheats.me]_.rar
2017-09-11 19:13 - 2017-09-11 19:13 - 000000000 ____D C:\ProgramData\LogiShrd
2017-09-11 19:12 - 2017-09-11 19:12 - 000000000 ____D C:\Users\James\AppData\Local\Logitech
2017-09-11 19:10 - 2017-09-11 19:11 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-09-11 19:10 - 2017-09-11 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-09-11 19:09 - 2017-09-11 19:09 - 120742160 _____ (Logitech Inc.) C:\Users\James\Downloads\LGS_8.96.81_x64_Logitech.exe
2017-09-11 19:09 - 2017-09-11 19:09 - 000000000 ____D C:\Users\James\AppData\Roaming\Logitech
2017-09-11 19:09 - 2017-09-11 19:09 - 000000000 ____D C:\Users\James\AppData\Roaming\Logishrd
2017-09-10 17:47 - 2017-09-10 17:47 - 001620442 _____ (Picroma ) C:\Users\James\Downloads\CubeSetup3 (1).exe
2017-09-10 17:47 - 2017-09-10 17:47 - 000000000 ____D C:\ProgramData\Picroma
2017-09-10 17:47 - 2017-09-10 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
2017-09-08 23:26 - 2017-09-08 23:26 - 000000000 ____D C:\Users\James\Documents\System Files
2017-09-08 23:25 - 2017-09-08 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yu-Gi-Oh! The Dawn of a New Era
2017-09-08 23:24 - 2017-09-08 23:24 - 000000000 ____D C:\Yu-Gi-Oh! The Dawn of a New Era
2017-09-08 12:44 - 2017-09-08 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-06 06:29 - 2017-09-06 06:29 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-06 06:29 - 2017-09-06 06:29 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-06 06:29 - 2017-09-06 06:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-06 06:29 - 2017-09-06 06:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-01 19:47 - 2017-09-01 19:47 - 000002331 _____ C:\Users\James\Desktop\Duel Links.lnk
2017-08-28 19:11 - 2017-08-28 19:11 - 000000000 ____D C:\Users\James\AppData\Roaming\Bungie
2017-08-27 22:14 - 2017-08-27 22:14 - 000000000 ____D C:\Users\James\AppData\Roaming\OBS
2017-08-27 18:39 - 2017-08-27 18:39 - 076242992 _____ (Ubisoft) C:\Users\James\Downloads\UplayInstaller.exe
2017-08-27 18:39 - 2017-08-27 18:39 - 000000775 _____ C:\Users\James\Desktop\Uplay.lnk
2017-08-27 18:39 - 2017-08-27 18:39 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-08-26 23:59 - 2017-08-26 23:58 - 000383016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-08-26 20:04 - 2017-08-26 20:04 - 006476367 _____ C:\Users\James\Downloads\WD0116.wmv
2017-08-25 19:27 - 2017-08-25 19:27 - 000000000 ____D C:\Users\James\AppData\Roaming\BluestacksCN
2017-08-24 17:18 - 2017-08-24 17:18 - 007163256 _____ C:\Users\James\Documents\Steve Dance.flv
2017-08-24 17:14 - 2017-08-24 17:21 - 003235218 _____ C:\Users\James\Documents\Steve Dance.mp4
2017-08-24 12:18 - 2017-08-24 12:18 - 000749666 _____ C:\Users\James\Downloads\Sonic The Hedgehog 2 (World) (Rev A).zip
2017-08-24 12:14 - 2017-08-24 12:14 - 002174815 _____ C:\Users\James\Downloads\Sonic & Knuckles + Sonic the Hedgehog 2 (World).zip
2017-08-23 19:54 - 2017-08-23 19:54 - 000838984 _____ C:\Users\James\Downloads\soundboard.zip
2017-08-22 22:03 - 2017-09-12 13:54 - 000000000 ___RD C:\Users\James\Dropbox
2017-08-22 22:03 - 2017-08-22 22:03 - 000001230 _____ C:\Users\James\Desktop\Dropbox.lnk
2017-08-22 22:02 - 2017-09-15 08:44 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-22 22:02 - 2017-09-15 08:07 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-22 22:02 - 2017-09-14 01:07 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-22 22:02 - 2017-08-25 19:29 - 000000000 ____D C:\Users\James\AppData\Local\Dropbox
2017-08-22 22:02 - 2017-08-22 22:02 - 000690080 _____ (Dropbox, Inc.) C:\Users\James\Downloads\DropboxInstaller.exe
2017-08-22 22:02 - 2017-08-22 22:02 - 000003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-22 22:02 - 2017-08-22 22:02 - 000003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-22 22:02 - 2017-08-22 22:02 - 000000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2017-08-22 22:02 - 2017-08-22 22:02 - 000000000 ____D C:\ProgramData\Dropbox
2017-08-22 17:12 - 2017-09-14 17:14 - 000000000 ____D C:\Users\James\AppData\Roaming\obs-studio
2017-08-22 17:12 - 2017-08-22 17:12 - 000000728 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-08-22 17:12 - 2017-08-22 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-08-22 16:35 - 2017-08-22 16:35 - 101899104 _____ (obsproject.com) C:\Users\James\Downloads\OBS-Studio-20.0.1-Full-Installer.exe
2017-08-22 16:23 - 2017-08-22 16:23 - 000002383 _____ C:\Users\James\Desktop\Wallet.lnk
2017-08-22 16:21 - 2017-08-22 16:21 - 000002245 _____ C:\Users\James\Desktop\Kik.lnk
2017-08-22 16:14 - 2017-08-22 16:14 - 001821192 _____ (Microsoft Corporation) C:\Users\James\Downloads\vcredist_x86.exe
2017-08-22 16:11 - 2017-09-14 02:27 - 000000000 ____D C:\Users\James\AppData\Roaming\BlueStacksFriends
2017-08-22 16:11 - 2017-09-13 22:53 - 000000000 ____D C:\Users\James\AppData\Local\BlueStacksFriends
2017-08-22 16:11 - 2017-08-22 16:11 - 000002379 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacksFriends.lnk
2017-08-22 16:11 - 2017-08-22 16:11 - 000002371 _____ C:\Users\James\Desktop\BlueStacksFriends.lnk
2017-08-22 16:10 - 2017-08-22 16:10 - 000001545 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-08-22 16:10 - 2017-08-22 16:10 - 000001545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\Users\James\AppData\Local\Bluestacks
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\ProgramData\BlueStacks
2017-08-22 16:09 - 2017-08-22 16:10 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-08-22 02:31 - 2017-08-22 02:31 - 000000000 ____D C:\Users\James\Documents\BioshockHD
2017-08-22 02:26 - 2017-08-27 19:13 - 000000000 ____D C:\Users\James\Documents\My Games
2017-08-22 01:54 - 2017-08-22 01:54 - 000016424 _____ C:\Users\James\Downloads\crash_a_like.zip
2017-08-22 01:22 - 2017-08-22 01:22 - 000076984 _____ C:\Users\James\Downloads\LithosPro-Black.otf
2017-08-20 23:47 - 2017-08-20 23:47 - 000000000 ____D C:\Users\James\Documents\Info Memes
2017-08-18 05:01 - 2017-08-18 05:01 - 000067736 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys
2017-08-18 05:01 - 2017-08-18 05:01 - 000036496 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys
2017-08-18 05:01 - 2017-08-18 05:01 - 000026008 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-15 08:49 - 2016-10-20 02:05 - 000000000 ____D C:\Users\James\AppData\Roaming\DAEMON Tools Lite
2017-09-15 08:49 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-15 08:49 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-15 08:45 - 2009-07-14 00:45 - 000005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-15 08:45 - 2009-07-14 00:45 - 000005872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-15 08:44 - 2016-03-15 22:44 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-15 08:44 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-15 08:37 - 2016-09-27 18:06 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-15 02:00 - 2016-03-16 05:10 - 000000000 ____D C:\Users\James\AppData\Local\Adobe
2017-09-14 22:51 - 2016-03-15 21:56 - 000000000 ____D C:\Users\James\AppData\LocalLow\IObit
2017-09-14 22:51 - 2016-03-15 21:56 - 000000000 ____D C:\ProgramData\IObit
2017-09-14 22:51 - 2016-03-15 21:56 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-14 22:51 - 2016-03-15 21:55 - 000000000 ____D C:\Users\James\AppData\Roaming\IObit
2017-09-14 22:47 - 2016-10-25 23:02 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester
2017-09-14 22:47 - 2016-10-25 23:02 - 000000000 ____D C:\Program Files (x86)\JDAST
2017-09-14 21:07 - 2017-01-26 20:17 - 000000000 ____D C:\Users\James\AppData\Local\Ubisoft Game Launcher
2017-09-14 21:05 - 2016-11-07 21:35 - 000002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (James)
2017-09-14 16:59 - 2009-07-13 22:34 - 019922944 _____ C:\Windows\system32\config\HARDWARE
2017-09-14 06:04 - 2016-03-16 01:40 - 000000000 ____D C:\Users\James\AppData\Local\CrashDumps
2017-09-14 05:24 - 2016-09-13 17:13 - 000000000 ____D C:\Users\James\.Origin
2017-09-14 05:24 - 2016-03-15 21:51 - 000000000 ____D C:\Users\James
2017-09-14 03:56 - 2016-09-29 18:41 - 000000000 ____D C:\Users\James\AppData\Roaming\Audacity
2017-09-14 02:52 - 2016-08-25 00:15 - 000000000 ____D C:\Users\James\AppData\Roaming\discord
2017-09-14 02:27 - 2017-08-03 23:18 - 000000000 ____D C:\Users\James\AppData\Roaming\Twitch
2017-09-14 02:26 - 2017-02-13 20:07 - 088223744 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 044236800 _____ C:\Windows\system32\config\components.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000274432 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2017-09-14 02:26 - 2017-02-13 20:07 - 000024576 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2017-09-14 01:17 - 2016-03-19 00:44 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc
2017-09-14 00:16 - 2016-03-15 23:19 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-14 00:07 - 2017-08-01 12:47 - 000000000 ____D C:\Program Files (x86)\Canon
2017-09-14 00:07 - 2017-05-17 19:57 - 000000000 ____D C:\Fraps
2017-09-14 00:06 - 2017-07-04 22:44 - 000000000 ____D C:\Users\James\AppData\Local\FalloutShelter
2017-09-14 00:06 - 2016-03-15 22:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-14 00:00 - 2017-04-12 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall New Dawn
2017-09-13 23:54 - 2016-03-15 22:16 - 000000000 ____D C:\ProgramData\ProductData
2017-09-13 23:16 - 2017-04-09 20:47 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2017-09-13 23:16 - 2016-04-10 18:13 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.5
2017-09-13 23:01 - 2016-09-27 15:29 - 000003546 _____ C:\Windows\System32\Tasks\IR7
2017-09-13 22:54 - 2017-04-12 20:08 - 000000000 ____D C:\Users\James\AppData\Local\Battle.net
2017-09-12 13:41 - 2017-04-01 19:10 - 000000000 ____D C:\Users\James\AppData\Roaming\DS4Windows
2017-09-11 22:23 - 2017-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-09-11 08:34 - 2016-07-13 00:36 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-08 23:01 - 2017-01-18 04:17 - 000000000 ____D C:\Users\James\Desktop\YGO Pro 2
2017-09-02 00:22 - 2017-06-28 22:55 - 000000000 ____D C:\Users\James\AppData\Roaming\Origin
2017-09-02 00:14 - 2017-06-28 22:54 - 000000000 ____D C:\ProgramData\Origin
2017-09-02 00:07 - 2017-06-28 22:55 - 000000000 ____D C:\Program Files (x86)\Origin
2017-08-31 20:27 - 2017-05-25 17:21 - 000000000 ____D C:\Program Files\IPVanish
2017-08-29 18:16 - 2017-01-25 15:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-27 19:13 - 2016-03-15 22:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-25 19:28 - 2009-07-14 00:45 - 004979000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-24 21:29 - 2016-03-17 22:58 - 000001456 _____ C:\Users\James\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-24 21:19 - 2016-03-17 22:55 - 000000132 _____ C:\Users\James\AppData\Roaming\Adobe GIF Format CS6 Prefs
2017-08-23 22:18 - 2016-03-17 03:33 - 000000132 _____ C:\Users\James\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-22 14:58 - 2016-03-15 21:56 - 000068104 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-21 23:57 - 2017-08-10 12:38 - 000000727 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-08-20 23:53 - 2017-05-03 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NARUTO SHIPPUDEN Ultimate Ninja STORM 4
2017-08-20 23:52 - 2017-08-04 13:31 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2017-08-20 23:52 - 2017-04-19 23:32 - 000000000 ____D C:\ProgramData\Jagex
2017-08-20 23:52 - 2017-03-25 23:57 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magestorm
2017-08-20 23:52 - 2016-06-21 23:26 - 000000000 ____D C:\Users\James\AppData\Local\Jagex
2017-08-20 23:51 - 2016-05-17 04:51 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-20 23:49 - 2017-05-14 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-08-20 23:49 - 2016-04-26 18:39 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
 
==================== Files in the root of some directories =======
 
2016-03-17 22:55 - 2017-08-24 21:19 - 000000132 _____ () C:\Users\James\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-03-17 03:33 - 2017-08-23 22:18 - 000000132 _____ () C:\Users\James\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-19 00:14 - 2016-09-29 19:57 - 000003390 _____ () C:\Users\James\AppData\Roaming\VoiceMeeterDefault.xml
2016-03-17 22:58 - 2017-08-24 21:29 - 000001456 _____ () C:\Users\James\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-08 12:50 - 2016-12-08 12:50 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-03-15 22:13 - 2016-03-15 22:13 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-17 05:01 - 2016-05-17 05:01 - 000012763 _____ () C:\ProgramData\mptmqteo.hmi
 
Some files in TEMP:
====================
2017-09-14 22:33 - 2017-02-09 12:33 - 001732864 _____ (Microsoft Corporation) C:\Users\James\AppData\Local\Temp\dllnt_dump.dll
2017-09-13 22:41 - 2017-09-13 22:41 - 000024576 _____ (Note8 Simulator) C:\Users\James\AppData\Local\Temp\instac.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-10 02:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017 01
Ran by James (15-09-2017 08:58:32)
Running from C:\Users\James\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-16 01:51:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934211394-2414287417-2802539243-500 - Administrator - Disabled)
Guest (S-1-5-21-2934211394-2414287417-2802539243-501 - Limited - Disabled)
James (S-1-5-21-2934211394-2414287417-2802539243-1000 - Administrator - Enabled) => C:\Users\James
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: IObit Malware Fighter (Disabled - Up to date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Advanced SystemCare Ultimate (Disabled - Up to date) {91A1210C-78DD-A71C-E865-63DB27C767EE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 10 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 10.1.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
AutoHotkey 1.1.24.03 (HKLM\...\AutoHotkey) (Version: 1.1.24.03 - Lexikos)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.50.50197 - Electronic Arts)
BitTorrent (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
BlueStacksFriends 11.0.2 (only current user) (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\d7102876-3e3d-5287-80d2-e4af8b7891ff) (Version: 11.0.2 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Citra Edge (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\citra) (Version: 0.1.234 - Citra Development Team)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Darkfall New Dawn (HKLM-x32\...\{18FF06D6-8AE3-4B94-A5D8-70E18D63E9F1}) (Version: 0.0.1 - Ub3rgames)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
DriverNavigator 3.6.9 (HKLM\...\DriverNavigator_is1) (Version: 3.6.9.0 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Fallout 2 Unofficial Patch 1.02.31 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version:  - killap)
FORTIFY (HKLM\...\Steam App 505040) (Version:  - RTK Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
IPVanish (HKLM\...\A57226AD-BDAF-4860-BD4E-EDA6BC546189_is1) (Version: 3.0.6.0 - IPVANISH)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JDs Auto Speed Tester (HKLM-x32\...\JDs Auto Speed Tester) (Version:  - )
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSI Direct OC (HKLM-x32\...\{E39DE1F0-0A95-4AE8-B9D7-37C5AF360D35}_is1) (Version: 1.0.0.10 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{1A2426F5-4FA9-443A-B910-A182EE18687F}) (Version: 2.42.4 - The Pokémon Company International)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.14.0 - Adlice Software)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Sonic Mania (HKLM\...\Steam App 584400) (Version:  - Christian Whitehead)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Tt eSPORTS VENTUS Mouse (HKLM-x32\...\{766BD494-B1C8-4491-BBA7-1AABF9BF0660}) (Version: 1.0.0 - Tt eSPORTS)
TubeDigger 5.6.6 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 5.6.6 - TubeDigger)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Uplay (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Yu-Gi-Oh! The Dawn of a New Era version 5.4.1.4024 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.4.1.4024 - Kaiba Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCExtMenu_64.dll [2016-11-18] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-01-01] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [GB3ContextMenu] -> {3A488FE8-9916-4F36-BDFF-3DED559142E5} => C:\Program Files (x86)\IObit\Game Booster\GBV3ContextMenu.dll [2011-11-29] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-06] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F281E85-4E33-4D10-8986-2E4DEFFFA67B} - System32\Tasks\AdobeAAMUpdater-1.0-James-PC-James => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {10F4FA37-4F06-400B-BF1D-671E60547005} - System32\Tasks\Driver Booster SkipUAC (James) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe [2017-01-10] (IObit)
Task: {15C0A707-2B3E-4235-B4EC-FBE505D5EB35} - System32\Tasks\IR7 => "C:\Windows\system32\cmd.exe" /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm && net stop sppsvc && net start sppsvc
Task: {16CEDC0C-E762-4E13-8C28-062FBFA5277F} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {1C9FCF8D-FC3A-40C9-A3E1-0C61ACE38462} - System32\Tasks\Hybrid3 => taskkill [Argument = /f /im slui.exe]
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {26F97D03-6508-4163-ABE8-1F7C0B08A935} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe
Task: {5389DC73-3D06-4E5D-A1C7-A303A1576FE6} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {673735DA-B59D-4B43-AD77-A5E2BFE14A20} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {78262C05-5E12-4DCF-B61F-AC3E50644E1F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-18] (NVIDIA Corporation)
Task: {7ABFCE91-D7C3-4AC5-B4F5-E388A4D9356B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {7C634A3B-36B9-4434-B124-92454EB28028} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-18] (NVIDIA Corporation)
Task: {7F4DAEF4-5FD3-45EE-8C91-BEEB6F481B94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {80D25BDB-B1A8-415F-82AD-EC3ED40F98DE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-18] (NVIDIA Corporation)
Task: {819EABCD-C5E2-45D1-A82E-3F4E51EB894F} - System32\Tasks\Hybrid2 => C:\Trial\IR7\IR7.vbs [2016-09-27] ()
Task: {824F05A9-1E0D-47C0-BC3D-CB28B5510792} - System32\Tasks\Hybrid4 => taskkill [Argument = /f /im sppsvc.exe]
Task: {82D66E90-DB63-42E6-BF49-08F7AC241AE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {86F361E2-CE0C-494E-AF20-6B5947626C55} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {86F361E2-CE0C-494E-AF20-6B5947626C55} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {8EB2906C-9860-4554-9E0B-C3EA727E1159} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {92FDF133-D2FD-407F-A957-F0DA1EDC3E33} - System32\Tasks\ASCU10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2016-12-14] (IObit)
Task: {A1B76C8D-44E9-4E91-8CE8-D5AA96073B45} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-22] (Dropbox, Inc.)
Task: {B6020C3B-1940-4FE9-80D6-7C98B2CD6C1C} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {BB1ACE73-C954-4BBC-816D-1319AF9338B5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2016-09-08] ()
Task: {BC0D139C-56E0-46AC-8366-36BF6D1E69C5} - System32\Tasks\ASCU10_SkipUac_James => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
Task: {C349B7F7-D035-4E9F-BC38-DF07D60040C0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-18] (NVIDIA Corporation)
Task: {C8E5E152-DBD7-4FFD-A234-B645E8ED231E} - System32\Tasks\{3129081C-6822-4F2A-B4B6-9F313B1E8505} => C:\Windows\system32\pcalua.exe -a "C:\GAMES\Doom (Shareware) Installer for Windows x64.exe" -d C:\GAMES
Task: {CD2F9691-3DAF-4D0F-909E-7E4EA62DD4B3} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {CE94CF12-284A-42C1-8814-023AFDF13257} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-18] (NVIDIA Corporation)
Task: {E4F5CDDC-4ABD-4048-881B-830D15A7A735} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-22] (Dropbox, Inc.)
Task: {F8109BCD-1CF5-48D4-8749-FE5BE7C15AAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDs Auto Speed Tester\Visit Web Site.lnk -> hxxp://
 
ShortcutWithArgument: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-01 15:30 - 2017-01-01 15:30 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-08-18 05:01 - 2017-08-18 05:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-08-18 05:01 - 2017-08-18 05:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-05-20 16:04 - 2016-05-20 16:04 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-08-28 19:21 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 19:21 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-15 08:49 - 2017-09-15 08:49 - 001560064 _____ () C:\Users\James\AppData\Local\Temp\is-08VC1.tmp\setup.tmp
2016-09-04 00:21 - 2016-01-11 18:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-09-04 00:21 - 2016-01-11 18:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-05-25 06:15 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2017-05-25 06:15 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2017-05-25 06:15 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2017-05-25 06:15 - 2016-11-01 10:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\GetProcessDLL.dll
2017-08-08 20:14 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-09-08 12:43 - 2017-09-06 06:29 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-08 12:43 - 2017-09-06 06:29 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-22 22:02 - 2017-09-06 06:29 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-22 22:02 - 2017-09-06 06:29 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-08 12:43 - 2017-09-06 06:29 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-08 12:44 - 2017-09-06 06:29 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-22 22:02 - 2017-09-06 06:34 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:44 - 2017-09-06 06:35 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-08 12:43 - 2017-09-06 06:31 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-22 22:02 - 2017-09-06 06:29 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-22 22:02 - 2017-09-06 06:35 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-08 12:43 - 2017-09-06 06:29 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-08 12:43 - 2017-09-06 06:31 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-22 22:02 - 2017-09-06 06:34 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-08 12:43 - 2017-09-06 06:32 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-09-08 12:43 - 2017-09-06 06:32 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-22 22:02 - 2017-09-06 06:35 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-22 22:02 - 2017-09-06 06:34 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-08 12:44 - 2017-09-06 06:32 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-08-08 20:14 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 20:14 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\James\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-11 20:56 - 2017-08-31 03:00 - 009622008 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 20:56 - 2017-08-11 20:56 - 001440248 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-15 08:44 - 2017-09-15 08:44 - 000148992 _____ () \\?\C:\Users\James\AppData\Local\Temp\5EF0.tmp.node
2017-08-11 20:56 - 2017-08-11 20:56 - 002658296 _____ () \\?\C:\Users\James\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-02-23 02:47 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-02-23 02:47 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-02-23 02:47 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-02-23 02:47 - 2015-12-28 14:50 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-02-23 02:47 - 2016-06-15 18:20 - 000130336 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\PluginHelper.dll
2017-02-23 02:47 - 2016-11-09 15:35 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-09-15 08:49 - 2015-09-30 05:32 - 002039808 _____ () C:\Users\James\AppData\Local\Temp\is-SK526.tmp\VclStylesInno.dll
2017-09-15 08:49 - 2013-11-22 16:09 - 000132608 _____ () C:\Users\James\AppData\Local\Temp\is-SK526.tmp\bp.dll
2017-09-15 08:50 - 2015-03-02 13:42 - 000376832 _____ () C:\Users\James\AppData\Local\Temp\is-SK526.tmp\unarc.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\James\AppData\Local\Temp:$DATA [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ASCAntivirusSrv => "@"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-03-17 00:16 - 000001035 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.233.222.2 - 64.233.222.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => 
MSCONFIG\startupreg: BlueStacks Agent => 
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => 
MSCONFIG\startupreg: Gyazo => c:\program files (x86)\gyazo\gystation.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => 
MSCONFIG\startupreg: Skype => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: XboxStat => "c:\program files\microsoft xbox 360 accessories\xboxstat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1FF70637-BCF9-490E-8249-8B4150CCE20F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E90F3636-4FA1-45D2-B38E-E5BC922DFF8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ECD602DE-F29D-4CFF-993A-A2ED0E1B2722}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D894EFA6-3A43-421D-B282-4957DC6C4B3E}] => (Allow) D:\SteamLibrary\steamapps\common\Damned\Damned.exe
FirewallRules: [{D7CD520A-41EB-418F-87C0-78EDB03D9C40}] => (Allow) D:\SteamLibrary\steamapps\common\Damned\Damned.exe
FirewallRules: [{C33379F6-C1E1-4957-9656-B57D616647A3}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2402BDB3-A1A3-4CA8-9D59-FA32AD9B519F}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7819E844-32BA-408E-BFD4-BFE55C9314A8}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E6B04A9A-08FC-457C-A05F-40021460EF05}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3F1F8DB1-6492-4E25-9D74-34FE06E9F3F3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B44CCFC5-ADAD-471A-A0FC-AAC79844AE87}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{79C7D3CE-B410-4073-955E-82F0B98AE27E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C9FBDFD3-6779-4F93-BF48-0887F727EA27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EBA801BE-9EB3-40B1-BBD5-1E6CEAA274FD}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{BA50203C-10DF-42DA-B325-179FBDD9FC13}] => (Allow) D:\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1A10509E-CAAD-4F89-BF82-AAA3AE887CDA}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{364D8CE0-41B3-4402-BF52-A9190198BFBE}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{38A6255C-69EB-49D2-BCCE-032C75EEC410}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D17E8B53-0373-48D1-A8AD-C64ACE79FB24}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{578BA624-075A-443E-9CB5-B5BFABB9D120}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{14E28450-E478-4670-82E1-54FC46BDCAF3}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9D975F17-4455-4B07-B57C-DD04B6FA2CAC}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{20AC509C-E89C-4A47-A485-8CCD09F2986D}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{59C75317-434B-4B3A-B2D9-7013B4499CE3}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8AEB7BDA-0BE2-441F-B945-C10810859B33}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C3B9F759-2B54-44D7-A9F2-69D84F4057C3}] => (Allow) Z:\Steam Library\steamapps\common\Rust\Rust.exe
FirewallRules: [{A5F539B9-9AC1-471A-BDCE-6C868E12FBCD}] => (Allow) Z:\Steam Library\steamapps\common\Rust\Rust.exe
FirewallRules: [{98A1C881-36C3-4D46-ADD4-6C1EE5DA2631}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{AC9C3094-1D16-4EED-AE82-89D6CF1D46C9}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{60DAC291-30F7-4D1D-AF44-B0164C18C11E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E585F304-A88A-4E82-91F3-AB644884BFAD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{179B2FA7-E116-4D54-8746-71BB5CCC54E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{76034BAB-B9A1-49CF-B0A2-92F13B50C820}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{731BBEB6-8DE1-4EA9-BDDF-F02C285B25C6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{BE527205-CBF5-43A4-B938-CC3110EB8252}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{E69419DA-4241-4E7F-AB7D-46E5BBD015C0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{E79191BB-DE0D-4162-AAD9-15E461A729C3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{25404D8F-9926-40D5-87BC-AEC77267953A}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [{9736E024-7CFC-49B0-962D-E9E1855745F6}] => (Allow) D:\SteamLibrary\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe
FirewallRules: [TCP Query User{8D3E8D50-06DD-4A81-9495-9F13CEBD9EEB}Z:\program files (x86)\overwatch\overwatch\overwatch.exe] => (Allow) Z:\program files (x86)\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{69C9C727-E1A6-4F5A-8268-514D503C5E35}Z:\program files (x86)\overwatch\overwatch\overwatch.exe] => (Allow) Z:\program files (x86)\overwatch\overwatch\overwatch.exe
FirewallRules: [{0AB9180B-F4FF-4228-89A5-83F3C26FDBDB}] => (Allow) Z:\Steam Library\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{DE77456D-E590-48F0-BDF5-2F35FB158D09}] => (Allow) Z:\Steam Library\steamapps\common\FORTIFY\Fortify.exe
FirewallRules: [{BCB57F65-AFCB-435D-8CD6-11D8CE60E668}] => (Block) LPort=445
FirewallRules: [{688AE14A-99DD-47FD-BF1B-6EC630285E68}] => (Block) LPort=445
FirewallRules: [{E5420D71-BD89-4FD7-854F-18C29D14079E}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{91FF3948-C7CB-441B-9487-57E26E69B07E}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{BB869774-E03A-4824-8CD8-3A0D101FEEDC}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{7EA6B919-DBAF-463F-9111-617C8C524346}] => (Allow) C:\Users\James\AppData\Local\Discord\Update.exe
FirewallRules: [{49507680-6A1F-4A3F-B056-00F0354B771D}] => (Allow) C:\Program Files (x86)\TubeDigger\TubeDigger.exe
FirewallRules: [TCP Query User{802E8136-61EF-42E1-9879-B54AA16410A5}Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{14F7D2A1-B8E4-4522-A011-218B4C59A019}Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) Z:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A476426B-A086-4BFA-A46C-329AE7026400}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1Trial.exe
FirewallRules: [{51B558DE-538D-4778-93F9-9E76A0CB0844}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1Trial.exe
FirewallRules: [{1530E252-B77F-4193-97F0-10DFE4E94552}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1.exe
FirewallRules: [{50CAD03D-7272-422C-AA98-BE972F04D8C1}] => (Allow) Z:\Program Files (x86)\Battlefield 1\bf1.exe
FirewallRules: [{8C2247C5-24C7-4F3F-A740-70E13AE84F84}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{1CA04D24-12C7-4F93-A0A3-6CA57DF33FBE}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{276A2A76-4523-4488-83BD-A0A01D2F72E8}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{B81824A7-BB40-45FC-BAFB-1F3F3FDC412D}Z:\program files (x86)\overwatch\destiny 2\destiny2.exe] => (Allow) Z:\program files (x86)\overwatch\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{6BC0E594-23F3-41AF-8250-3B6F449E8545}Z:\program files (x86)\overwatch\destiny 2\destiny2.exe] => (Allow) Z:\program files (x86)\overwatch\destiny 2\destiny2.exe
FirewallRules: [{0ED845B6-F581-4ACB-9A67-D67BC1FF4C24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DED6628-8ECC-4D93-9F98-D19FF5D224D7}] => (Allow) Z:\Steam Library\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{2FBF0302-61C9-4664-815A-60B12A98B2D8}] => (Allow) Z:\Steam Library\steamapps\common\Sonic Mania\SonicMania.exe
FirewallRules: [TCP Query User{65D9D71E-BEEB-4580-ACF6-D53E90315F61}Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{93BC1C65-9C47-4FFF-B9B2-624BAA5970BD}Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) Z:\program files (x86)\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [{91AA1D28-6A0B-41A5-BEFD-6D68FFDF01A3}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{3B98B85A-09A9-4534-9462-4471DCC766E7}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{1CD2F69D-253F-443C-8658-557C23FBE8EE}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{EBA76C1C-C072-4F20-B9BF-F91D7B5E38E7}] => (Allow) Z:\Program Files (x86)\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{186EA184-D19E-4602-A01F-4B4C200CE95E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{BFEEBD5A-8329-4EE3-B3DD-5A1BF10D3881}C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{85833855-530F-4CFC-87D1-F0CFE9A066AB}C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) C:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [TCP Query User{CEDEE753-6ED1-4DD8-946F-87A108C9B32F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{43C5894A-F3E3-4015-86A5-2882D19ABE9D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{6225DBF8-397C-43D6-9C80-4F95CF4B2101}Z:\program files (x86)\super mario 64 online\sm64o.exe] => (Allow) Z:\program files (x86)\super mario 64 online\sm64o.exe
FirewallRules: [UDP Query User{3AD52308-83E3-4799-BF8F-5C9C2ECFFC1E}Z:\program files (x86)\super mario 64 online\sm64o.exe] => (Allow) Z:\program files (x86)\super mario 64 online\sm64o.exe
FirewallRules: [{9A2C798D-3490-43E5-B29F-C26C74D7D085}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{B9E1B171-8509-41BE-B0F8-E8A16B90C2CA}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{820D8C6D-3BD5-46AE-90CC-069F89CBB526}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{98BB0805-FC13-4F74-91B8-A45C0ED17274}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{E98447F1-4559-436E-A08E-424C12CE5E06}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{459BA0C4-512E-49EB-BA6F-A62BE8DCE3AD}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9A25A424-4E5E-4BF3-AC03-C41CC52F4B65}] => (Allow) C:\Users\James\AppData\Roaming\BitTorrent\BitTorrent.exe
 
==================== Restore Points =========================
 
14-09-2017 16:11:39 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2017 08:57:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.9.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1604
 
Start Time: 01d32e220fcaf8ad
 
Termination Time: 1
 
Application Path: C:\Users\James\Downloads\FRST64.exe
 
Report Id: 630acf46-9a15-11e7-9615-448a5b9a7c0e
 
Error: (09/15/2017 08:45:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/15/2017 08:44:46 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/15/2017 08:39:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/15/2017 08:38:46 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (09/15/2017 08:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (09/15/2017 07:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (09/15/2017 06:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (09/15/2017 05:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (09/15/2017 04:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (09/15/2017 08:45:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/15/2017 08:45:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/15/2017 08:39:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/15/2017 08:39:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/14/2017 11:37:33 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding
 
Error: (09/14/2017 10:52:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/14/2017 10:52:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/14/2017 10:51:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/14/2017 10:51:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/14/2017 10:51:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-08 19:39:24.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-08 19:39:24.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:17.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:17.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:16.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 13:10:16.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcp100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 03:18:49.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-07 03:18:48.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Andy\msvcr100.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 30%
Total physical RAM: 16330.02 MB
Available physical RAM: 11402.38 MB
Total Virtual: 32658.21 MB
Available Virtual: 27997.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.02 GB) (Free:22.62 GB) NTFS
Drive d: (Steam Drive) (Fixed) (Total:223.57 GB) (Free:131.99 GB) NTFS
Drive e: (Media Drive) (Fixed) (Total:931.51 GB) (Free:477.34 GB) NTFS
Drive f: (CANON_IJ) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
Drive g: (XCOM 2 War of the Chosen) (CDROM) (Total:56.58 GB) (Free:0 GB) UDF
Drive z: (Dragon Ball) (Fixed) (Total:3725.9 GB) (Free:3284.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 727E9E97)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D4C97E74)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ======================


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 15 September 2017 - 08:10 AM

Almost done :)

LdH4gmf.pngGoogle Chrome - Remove Extension/App
  • In Google Chrome, enter chrome://extensions in the address bar and press on Enter
  • In the Extensions page, uninstall these (by clicking on the little garbage can icon on their right)
    • Hotspot Shield VPN Free Proxy Unblock Sites
    • Honey - Lots of controversy regarding. Up to you if you want to keep or remove it
  • If you don't see the extension listed, it means that it's installed as an App. So enter chrome://apps in the address bar and press on Enter
  • From the Apps page, look for the app, right-click on it and select Remove from Chrome
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 relleke

relleke
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 September 2017 - 06:27 PM

Sorry for the late reply again, but as I'm sure you know, it's the weekend. Was out last night :P 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
Ran by James (16-09-2017 19:18:54) Run:2
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\...\Run: [AdobeBridge] => [X]
 
AlternateDataStreams: C:\Users\James\AppData\Local\Temp:$DATA [16]
 
C:\Windows\system32\lsaczbt
C:\Windows\SysWOW64\lsaczbt
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2934211394-2414287417-2802539243-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Users\James\AppData\Local\Temp => ":$DATA" ADS removed successfully.
C:\Windows\system32\lsaczbt => moved successfully
C:\Windows\SysWOW64\lsaczbt => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 127147991 B
Java, Flash, Steam htmlcache => 245832190 B
Windows/system/drivers => 5971349 B
Edge => 0 B
Chrome => 625294880 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 1310328 B
James => 518646571 B
 
RecycleBin => 808 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:19:10 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users