Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might be Infected with Malware


  • This topic is locked This topic is locked
53 replies to this topic

#1 ZeroX96

ZeroX96

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 19 September 2017 - 10:48 AM

Hi, I first posted in the BOSD section because I thought that was the issue, but I was redirected here and informed that I may still be infected after I tried removing the malware. Here is my original topic: https://www.bleepingcomputer.com/forums/t/657869/driver-irql-not-less-or-equal-iadimpsvsys-bosd/

 

Here's what happened. Last night I tried removing some malware that was on my computer, I thought I got it all gone and shut down my computer. After I turned it on in the morning it would crash every 3 minutes giving the error code, "DRIVER_IRQL_NOT_LESS_OR_EQUAL(iadimpsv.sys)". I run malware bytes and windows malware remover tool and those don't show anything up. If you guys know what I might can do I would greatly appreciate it. Thanks!

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
Ran by canga_000 (administrator) on DEXTERS-PC (19-09-2017 10:36:06)
Running from C:\Users\canga_000\Desktop
Loaded Profiles: canga_000 (Available Profiles: canga_000)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LavaWolfGMMouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\LAVAWOLF\lwmon.exe [3101696 2013-05-15] ()
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KinoniTask] => C:\Program Files (x86)\Kinoni\Remote Desktop\KinoniTask.exe [118416 2016-07-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-12] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2015-11-22] (Mobile Stream)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-06] (Valve Corporation)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [download.ninja] => C:\Program Files\Ninja Download Manager\download.ninja.exe
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste Esports Accelerator\Haste.exe
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [DSdeGlr6TY] => C:\DSdeGlr6TYDSdeGlr6TY\DSdeGlr6TY.vbs
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [untainted] => "C:\Program Files (x86)\trolled\untainted.exe"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [obsess] => "C:\Program Files (x86)\Electronics\doodad.exe"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\RunOnce: [Uninstall C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\MountPoints2: {47417238-928c-11e6-824c-806e6f6e6963} - "D:\SETUP.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-10-17]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-10-14]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prowled.lnk [2017-09-18]
ShortcutTarget: prowled.lnk -> C:\Program Files (x86)\Electronics\doodad.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.80.5.132
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0C182B59-B2A7-4BA3-8175-BAEB6893B94C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0DA5BDC7-40F7-4400-872C-4D67EA072034}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{116445CA-A2AA-4EA0-BACF-4B6DFD0E5C06}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{39E1E44C-B037-4636-8006-A068E743E534}: [DhcpNameServer] 10.80.5.132
Tcpip\..\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E967C34A-871D-46EC-8B38-BC009264F6B0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EB7DC12A-EDED-415C-9B66-0AB18C0107F6}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com/?cid=J13
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-24] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-17] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-24] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-19]
CHR Extension: (Google Slides) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-14]
CHR Extension: (hxxp://store.steampowered.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adkbdjbjeeaobgabhpkaljnnngokgifh [2016-10-14]
CHR Extension: (Nimbus Screenshot App) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-04-20]
CHR Extension: (Google Docs) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-14]
CHR Extension: (Google Drive) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-14]
CHR Extension: (Skype Calling) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-14]
CHR Extension: (YouTube) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-14]
CHR Extension: (Honey) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-08]
CHR Extension: (Facebook) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-10-14]
CHR Extension: (Adblock Plus) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Reaction Packs for Facebook) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfkadjljnkkbojdgocopcbdbnmpcan [2016-11-29]
CHR Extension: (hxxp://dinklebergsttt.enjin.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkeogpndamnfjbmglkfkancehcbemplo [2017-01-04]
CHR Extension: (Share on Rabbit) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2017-07-08]
CHR Extension: (Bamboo Spear) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakplngdcboeilofopihpjnoeclenhmn [2016-10-14]
CHR Extension: (Avast Passwords) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-09-18]
CHR Extension: (Google Play Music) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-09-01]
CHR Extension: (Google Sheets) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-14]
CHR Extension: (Downloads Router) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkboeogiiklpklnjgdiaghaiehcknjo [2016-11-02]
CHR Extension: (Highlight to Search) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2016-10-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-09]
CHR Extension: (HTTPS Everywhere) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-14]
CHR Extension: (Download Ninja) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklhnpfkcfpkjcihhjbgmhgkcajamlmd [2017-04-19]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15]
CHR Extension: (hxxp://anilinkz.com/search?q=sword+art+online) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgjgidbghipdfdpaieioekkpekncjob [2016-10-14]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-09-11]
CHR Extension: (hxxps://jsu.blackboard.com/webapps/portal/exe) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdkddimipnmlgjkhnnpclmjmopkcink [2016-10-21]
CHR Extension: (Crackle) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2016-10-14]
CHR Extension: (Google Play Music) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-10-14]
CHR Extension: (YouTube) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2016-10-14]
CHR Extension: (Emoji for Google Chrome™) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-09-11]
CHR Extension: (Black red shards) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-05-25]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-07]
CHR Extension: (Google Hangouts) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-05]
CHR Extension: (hxxp://www.neoseeker.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\laobedgmmmdponjggeekeehecchlbedh [2016-10-14]
CHR Extension: (Skype) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-30]
CHR Extension: (Google Search) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2017-09-19]
CHR Extension: (Ghostery) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-10]
CHR Extension: (Google Hangouts) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (My Chrome Theme) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-10-14]
CHR Extension: (Google Quick Scroll) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2016-10-14]
CHR Extension: (hxxp://www.ultimate-guitar.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfgifpflcfeaigbdlegohfjmboddjeom [2016-10-14]
CHR Extension: (Gmail) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-15] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
S2 ETGMGlcsSrv; C:\Program Files (x86)\REDRAGON GAMING MOUSE\LAVAWOLF\ETGMSrv.exe [1181544 2012-04-24] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-31] (GOG.com)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53168 2017-09-11] (AnchorFree Inc.)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 KinoniRemoteDesktop; C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe [81920 2016-07-04] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-06-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 apexpsvc; "C:\Users\CANGA_~1\AppData\Local\Temp\xis\apexpsvc.exe" /svc [X] <==== ATTENTION
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NIS.exe" /h ccCommon [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.3; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_3_64.sys [64912 2017-09-07] (AnchorFree Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29696 2016-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-03-02] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-03-02] (LG Electronics Inc.)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [627208 2016-11-30] (C-MEDIA)
R3 easytether; C:\Windows\system32\DRIVERS\easytthrx.sys [22728 2015-11-22] (Mobile Stream)
R3 Kinonih; C:\Windows\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [192960 2017-09-19] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-19] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-19] (Malwarebytes)
S3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-09-06] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-04] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2016-10-04] (Splashtop Inc.)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2017-02-09] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 TTDrv; C:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
S3 usbglcs1100301; C:\Windows\system32\drivers\usbglcs1100301.sys [25600 2012-04-24] (Windows ® Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-23] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation)
S1 MpKsldbe7a3cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00648F89-50D9-4FA4-B531-CD261B0E10F0}\MpKsldbe7a3cd.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\EX64.SYS [X]
S3 RTSUER; \SystemRoot\system32\Drivers\RtsUer.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-19 10:36 - 2017-09-19 10:36 - 000026475 _____ C:\Users\canga_000\Desktop\FRST.txt
2017-09-19 10:36 - 2017-09-19 10:36 - 000000000 ____D C:\FRST
2017-09-19 10:35 - 2017-09-19 10:35 - 002399744 _____ (Farbar) C:\Users\canga_000\Desktop\FRST64.exe
2017-09-19 10:19 - 2017-09-19 10:19 - 001685521 _____ C:\Users\canga_000\Documents\SysnativeFileCollectionApp.zip
2017-09-19 10:15 - 2017-09-19 10:15 - 000000808 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-09-19 10:15 - 2017-09-19 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-09-19 10:15 - 2017-09-19 10:15 - 000000000 ____D C:\Program Files\Speccy
2017-09-19 10:14 - 2017-09-19 10:14 - 006299336 _____ (Piriform Ltd) C:\Users\canga_000\Desktop\spsetup131.exe
2017-09-19 10:13 - 2017-09-19 10:13 - 000231539 _____ C:\Users\canga_000\Desktop\Using_Speccy.pdf
2017-09-19 10:03 - 2017-09-19 10:05 - 000000000 ____D C:\Users\canga_000\Documents\SysnativeFileCollectionApp
2017-09-19 10:03 - 2017-09-19 10:03 - 000158720 _____ (Sysnative) C:\Users\canga_000\Documents\SysnativeBSODCollectionApp.exe
2017-09-19 09:59 - 2017-09-19 09:59 - 001192656 _____ (Microsoft Corporation) C:\Users\canga_000\Desktop\winsdksetup.exe
2017-09-19 09:41 - 2017-09-19 09:41 - 000000000 ____D C:\ProgramData\Realtek
2017-09-19 09:38 - 2017-09-19 09:39 - 057364720 _____ (Lenovo Group Limited ) C:\Users\canga_000\Desktop\j4bm05ww.exe
2017-09-19 09:33 - 2017-09-19 09:33 - 000115024 ____N C:\Windows\system32\Drivers\iadilosv.sys
2017-09-19 09:32 - 2017-09-19 09:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-09-19 09:28 - 2017-09-19 09:29 - 000285176 _____ C:\Windows\Minidump\091917-45078-01.dmp
2017-09-19 09:28 - 2017-09-19 09:28 - 588156685 _____ C:\Windows\MEMORY.DMP
2017-09-19 09:27 - 2017-09-19 09:27 - 000001327 _____ C:\ProgramData\agent.1505831257.4588.bin
2017-09-19 09:15 - 2017-09-19 09:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-19 09:13 - 2017-09-19 09:13 - 000030598 _____ C:\ProgramData\agent.update.1505830412.bdinstall.bin
2017-09-19 09:12 - 2017-09-19 09:14 - 162135728 _____ (Kaspersky Lab) C:\Users\canga_000\Desktop\kav18.0.0.405aben_es_fr_12609.exe
2017-09-19 09:10 - 2017-09-19 09:10 - 000048873 _____ C:\ProgramData\agent.1505830195.bdinstall.bin
2017-09-19 09:09 - 2017-09-19 09:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-19 09:09 - 2017-09-19 09:09 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-09-19 09:08 - 2017-09-19 09:08 - 009932672 _____ C:\Users\canga_000\Desktop\bitdefender_online.exe
2017-09-19 08:52 - 2017-09-19 09:35 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-19 08:52 - 2017-09-19 09:35 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-19 08:51 - 2017-09-19 09:35 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-19 08:51 - 2017-09-19 08:51 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-19 08:51 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-19 08:46 - 2017-09-19 08:48 - 068408664 _____ (Malwarebytes ) C:\Users\canga_000\Desktop\mb3-setup-consumer-3.2.2.2029.exe
2017-09-19 08:33 - 2017-09-19 08:33 - 000285176 _____ C:\Windows\Minidump\091917-81312-01.dmp
2017-09-19 07:04 - 2017-09-19 07:04 - 000285344 _____ C:\Windows\Minidump\091917-52531-01.dmp
2017-09-18 20:42 - 2017-09-18 20:42 - 000285400 _____ C:\Windows\Minidump\091817-75546-01.dmp
2017-09-18 20:40 - 2017-09-18 20:44 - 000000000 ____D C:\Windows\pss
2017-09-18 20:37 - 2017-09-18 20:37 - 000285400 _____ C:\Windows\Minidump\091817-58125-01.dmp
2017-09-18 20:32 - 2017-09-18 20:33 - 000285400 _____ C:\Windows\Minidump\091817-84250-01.dmp
2017-09-18 20:25 - 2017-09-18 20:25 - 000285400 _____ C:\Windows\Minidump\091817-60656-01.dmp
2017-09-18 20:18 - 2017-09-18 20:18 - 000285400 _____ C:\Windows\Minidump\091817-67140-01.dmp
2017-09-18 19:30 - 2017-09-18 19:30 - 000000000 ____D C:\Users\canga_000\AppData\Local\AVAST Software
2017-09-18 19:18 - 2017-09-18 19:18 - 000001084 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2017-09-18 19:18 - 2017-09-18 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2017-09-18 18:15 - 2017-09-18 19:52 - 000000000 ____D C:\Users\canga_000\AppData\Local\dtrocbv
2017-09-18 18:14 - 2017-09-18 18:15 - 000000000 ____D C:\Users\canga_000\AppData\Local\nvrimgp
2017-09-18 17:42 - 2017-09-18 17:49 - 044592848 _____ (Microsoft Corporation) C:\Users\canga_000\Desktop\Windows-KB890830-x64-V5.52.exe
2017-09-18 17:12 - 2017-09-18 20:56 - 000000000 ____D C:\Program Files (x86)\s5
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Windows\SysWOW64\semcurl
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Windows\system32\semcurl
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\et
2017-09-18 17:11 - 2017-09-18 17:11 - 000021538 _____ C:\Windows\System32\Tasks\hzZHrYjsXbJ2
2017-09-18 17:11 - 2017-09-18 17:11 - 000000020 _____ C:\Windows\b50808833
2017-09-18 16:26 - 2017-09-18 16:26 - 000885528 _____ (zebNet Ltd ) C:\Users\canga_000\Desktop\windows_keyfinder.exe
2017-09-18 12:59 - 2017-09-18 13:00 - 000000000 ___RD C:\Users\canga_000\OneDrive - Jacksonville State University 1
2017-09-18 12:31 - 2017-09-18 12:31 - 000000000 ___HD C:\$AV_ASW
2017-09-18 12:29 - 2017-09-18 12:29 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-18 12:25 - 2017-09-19 09:02 - 000000000 ____D C:\Users\canga_000\DSdeGlr6TY
2017-09-18 12:25 - 2017-09-18 20:25 - 000000000 __SHD C:\DSdeGlr6TYDSdeGlr6TY
2017-09-18 12:23 - 2017-09-18 17:02 - 000000000 ____D C:\Users\canga_000\Desktop\KMSpico Install
2017-09-18 12:23 - 2017-09-18 12:23 - 004874302 _____ C:\Users\canga_000\Desktop\KMSpico Install.rar
2017-09-18 09:23 - 2017-09-18 09:23 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-18 09:23 - 2017-09-18 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-18 09:23 - 2017-09-18 09:23 - 000000000 ____D C:\Program Files\iPod
2017-09-18 09:21 - 2017-09-18 09:23 - 000000000 ____D C:\Program Files\iTunes
2017-09-18 09:18 - 2017-09-18 09:18 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-09-18 09:17 - 2017-09-18 09:17 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-18 09:16 - 2017-09-18 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-09-18 00:32 - 2017-09-18 00:32 - 000012288 _____ (Doodad) C:\Windows\attainability.exe
2017-09-17 18:21 - 2017-09-17 18:21 - 000022482 _____ C:\Users\canga_000\Desktop\Citador.plugin.js
2017-09-17 18:20 - 2017-09-17 18:20 - 000230847 _____ C:\Users\canga_000\Desktop\latency.plugin.js
2017-09-16 19:29 - 2017-09-16 19:29 - 000288421 _____ C:\Users\canga_000\Desktop\Shinzou wo Sasageyo.pdf
2017-09-13 18:45 - 2017-09-13 18:46 - 000285344 _____ C:\Windows\Minidump\091317-250312-01.dmp
2017-09-13 09:13 - 2017-08-19 12:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 09:13 - 2017-08-19 11:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 09:13 - 2017-08-17 17:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-13 09:13 - 2017-08-17 17:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-13 09:13 - 2017-08-17 17:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-13 09:13 - 2017-08-17 17:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-13 09:13 - 2017-08-15 09:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 09:13 - 2017-08-15 08:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 09:13 - 2017-08-13 13:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 09:13 - 2017-08-13 12:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 09:13 - 2017-08-13 12:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 09:13 - 2017-08-13 12:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 09:13 - 2017-08-13 11:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 09:13 - 2017-08-13 11:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 09:13 - 2017-08-13 11:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 09:13 - 2017-08-13 11:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 09:13 - 2017-08-13 11:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 09:13 - 2017-08-13 11:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 09:13 - 2017-08-13 11:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 09:13 - 2017-08-13 11:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-13 09:13 - 2017-08-13 11:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 09:13 - 2017-08-13 11:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 09:13 - 2017-08-13 11:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-13 09:13 - 2017-08-13 11:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-13 09:13 - 2017-08-13 11:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 09:13 - 2017-08-13 11:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 09:13 - 2017-08-13 11:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 09:13 - 2017-08-13 11:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 09:13 - 2017-08-13 11:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 09:13 - 2017-08-13 10:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-13 09:13 - 2017-08-13 10:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-13 09:13 - 2017-08-13 10:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-13 09:13 - 2017-08-13 10:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 09:13 - 2017-08-13 10:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 09:13 - 2017-08-13 10:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 09:13 - 2017-08-13 10:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 09:13 - 2017-08-13 10:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 09:13 - 2017-08-13 10:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 09:13 - 2017-08-13 10:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 09:13 - 2017-08-13 10:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-13 09:13 - 2017-08-13 10:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 09:13 - 2017-08-13 10:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 09:13 - 2017-08-13 10:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 09:13 - 2017-08-13 10:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 09:13 - 2017-08-13 10:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 09:13 - 2017-08-12 04:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 09:13 - 2017-08-12 04:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 09:13 - 2017-08-11 19:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-13 09:13 - 2017-08-11 18:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 09:13 - 2017-08-11 18:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 09:13 - 2017-08-11 18:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 09:13 - 2017-08-11 15:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-13 09:13 - 2017-08-11 15:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-13 09:13 - 2017-08-11 15:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-13 09:13 - 2017-08-10 22:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-09-13 09:13 - 2017-08-10 21:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-13 09:13 - 2017-08-10 21:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-13 09:13 - 2017-08-10 21:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-13 09:13 - 2017-08-10 21:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-13 09:13 - 2017-08-10 20:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-13 09:13 - 2017-08-10 20:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 09:13 - 2017-08-10 20:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 09:13 - 2017-08-10 20:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 09:13 - 2017-08-10 20:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 09:13 - 2017-08-06 16:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-13 09:13 - 2017-08-06 02:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-13 09:13 - 2017-07-22 13:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-09-13 09:13 - 2017-07-22 12:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-09-13 09:13 - 2017-07-17 14:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-13 09:13 - 2017-07-16 18:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 09:13 - 2017-07-13 18:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-13 09:13 - 2017-07-12 15:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2017-09-13 09:13 - 2017-07-12 15:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 09:13 - 2017-07-12 15:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2017-09-13 09:13 - 2017-07-12 15:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 09:13 - 2017-07-08 14:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 09:13 - 2017-07-08 13:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 09:13 - 2017-07-08 13:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 09:13 - 2017-07-08 13:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 09:13 - 2017-07-08 12:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 09:13 - 2017-07-08 12:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 09:13 - 2017-07-07 22:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-09-12 14:37 - 2017-09-12 14:37 - 000000000 ____D C:\Users\canga_000\Documents\Electronic Arts
2017-09-12 13:18 - 2017-09-12 13:18 - 000001611 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2017-09-12 13:18 - 2017-09-12 13:18 - 000001591 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-09-12 13:13 - 2017-09-12 13:13 - 000000218 _____ C:\Users\canga_000\AppData\Local\recently-used.xbel
2017-09-12 13:06 - 2017-09-17 18:28 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\BetterDiscord
2017-09-12 12:54 - 2017-09-12 12:55 - 000000000 ____D C:\Users\canga_000\Desktop\Better Discord
2017-09-11 18:02 - 2017-09-11 18:02 - 002502342 _____ C:\Users\canga_000\Desktop\Recording Background.psd
2017-09-11 16:04 - 2017-09-12 12:53 - 000000000 ____D C:\Users\canga_000\Desktop\Badges
2017-09-11 15:30 - 2017-09-11 15:30 - 000000000 ____D C:\Users\canga_000\AppData\Local\Lorenz_Cuno_Klopfenstein
2017-09-11 15:24 - 2017-09-11 15:24 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\OnTopReplica
2017-09-11 15:17 - 2017-09-11 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindowWatcher
2017-09-11 15:17 - 2017-09-11 15:17 - 000000000 ____D C:\Program Files (x86)\Airesoft
2017-09-11 14:52 - 2017-09-11 14:52 - 000000885 _____ C:\Users\canga_000\Desktop\DeSmuME_0.9.11.lnk
2017-09-11 14:51 - 2017-09-11 14:54 - 000000000 ____D C:\Users\canga_000\Documents\DeSmuME
2017-09-11 14:41 - 2017-09-11 14:43 - 000000000 ____D C:\Users\canga_000\Desktop\Emerald Base
2017-09-11 14:40 - 2017-09-11 19:35 - 000000000 ____D C:\Users\canga_000\Desktop\randomizer
2017-09-11 14:22 - 2017-09-11 14:23 - 006182980 _____ C:\Users\canga_000\Desktop\Emerald Base.rar
2017-09-05 13:48 - 2017-09-05 13:49 - 000000000 ____D C:\Program Files (x86)\Pokemon Showdown
2017-09-05 13:48 - 2017-09-05 13:48 - 000002076 _____ C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
2017-09-05 13:47 - 2017-09-05 13:47 - 035241294 _____ C:\Users\canga_000\Desktop\PokemonShowdownSetup.exe
2017-09-04 19:36 - 2017-09-04 19:36 - 017000694 _____ C:\Users\canga_000\Desktop\DarkRP Addons.zip
2017-09-04 19:32 - 2017-09-04 19:36 - 000000000 ____D C:\Users\canga_000\Desktop\DarkRP Addons
2017-09-04 19:30 - 2017-09-04 19:31 - 000299207 _____ C:\Users\canga_000\Desktop\the_taxi_teleporter_-_get_around_the_map-1.01.zip
2017-09-04 19:30 - 2017-09-04 19:31 - 000038948 _____ C:\Users\canga_000\Desktop\blackline_-_hud_+_f4_combo_for_darkrp-1.03.zip
2017-09-04 19:30 - 2017-09-04 19:31 - 000016473 _____ C:\Users\canga_000\Desktop\blobsparty-1.0.4.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000468469 _____ C:\Users\canga_000\Desktop\[lapis]_[darkrp_hud]_-_gemerosity_collection-1.1.0.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000362150 _____ C:\Users\canga_000\Desktop\[simphys_update]_william's_car_dealer_[7.2.0]-7.2.0.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000048416 _____ C:\Users\canga_000\Desktop\fresh_car_dealer_v3_-_prometheus-gextension_support!-3.1.3.zip
2017-09-04 19:29 - 2017-09-04 19:31 - 016190256 _____ C:\Users\canga_000\Desktop\vcmod_main_(lights,_seats,_damage,_exhaust,_..)-autoupdater_v8.zip
2017-09-04 19:09 - 2017-09-04 19:09 - 000000000 ____D C:\Windows\SysWOW64\Hotspot Shield
2017-09-01 12:42 - 2017-09-01 12:42 - 000000000 ____D C:\Users\canga_000\AppData\LocalLow\CulterStudio
2017-08-31 09:13 - 2017-08-31 09:19 - 750598670 _____ C:\Users\canga_000\Desktop\Fire Emblem Fates - All Cutscenes Blu-Ray Quality@60FPS [English Japanese].mp4
2017-08-28 12:53 - 2017-08-28 12:56 - 000000213 _____ C:\Users\canga_000\Desktop\Titles of Mushroomz.txt
2017-08-27 19:07 - 2017-08-27 19:07 - 002252474 _____ C:\Users\canga_000\Desktop\Dexter's Character.pdf
2017-08-27 18:47 - 2017-08-27 18:48 - 002252545 _____ C:\Users\canga_000\Desktop\character.pdf
2017-08-25 12:36 - 2017-08-25 12:36 - 029224118 _____ C:\Users\canga_000\Desktop\addons.zip
2017-08-25 12:26 - 2017-08-25 12:31 - 000000000 ____D C:\Users\canga_000\Desktop\addons
2017-08-23 08:48 - 2017-08-23 08:48 - 000061131 _____ C:\Users\canga_000\Desktop\syllabus-ms112-2017-fall.pdf
2017-08-23 08:48 - 2017-08-23 08:48 - 000054104 _____ C:\Users\canga_000\Downloads\Student_Getting_Started_Web.pdf
2017-08-20 21:01 - 2017-08-20 21:31 - 000000000 ____D C:\Users\canga_000\Desktop\poinshop bleep
2017-08-20 19:51 - 2017-08-20 19:51 - 000000052 _____ C:\Users\canga_000\Desktop\Virus.virus
2017-08-20 14:41 - 2017-08-20 14:41 - 000596227 _____ C:\Users\canga_000\Downloads\Crawling Fingerstyle.pdf
2017-08-20 14:39 - 2017-08-20 14:39 - 001067500 _____ C:\Users\canga_000\Desktop\Never Gonna Give You Up (Fingerstyle).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-19 10:16 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2017-09-19 10:01 - 2016-10-14 22:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-19 09:33 - 2013-08-22 08:25 - 014680064 _____ C:\Windows\system32\config\HARDWARE
2017-09-19 09:32 - 2017-07-24 23:15 - 000000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-09-19 09:32 - 2016-10-14 16:09 - 000000000 ____D C:\Users\canga_000
2017-09-19 09:32 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-19 09:28 - 2016-10-16 17:39 - 000000000 ____D C:\Windows\Minidump
2017-09-19 09:26 - 2016-10-14 16:14 - 000000000 __RDO C:\Users\canga_000\SkyDrive
2017-09-19 09:23 - 2016-10-17 15:28 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-19 09:02 - 2016-10-19 16:29 - 000000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=-
2017-09-19 08:44 - 2016-10-17 11:25 - 000000000 ____D C:\Users\canga_000\AppData\Local\ElevatedDiagnostics
2017-09-18 21:46 - 2016-10-17 14:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-18 19:35 - 2017-06-25 03:17 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-18 19:23 - 2016-10-14 16:33 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4034607680-3824418392-2138971786-1001
2017-09-18 19:18 - 2017-02-09 21:17 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2017-09-18 19:16 - 2017-02-09 21:17 - 000000000 ____D C:\ProgramData\Hotspot Shield
2017-09-18 19:12 - 2017-08-17 18:37 - 000001283 _____ C:\Users\canga_000\Desktop\nativelog.txt
2017-09-18 19:12 - 2016-11-04 16:52 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\.minecraft
2017-09-18 19:12 - 2016-10-18 00:35 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\obs-studio
2017-09-18 18:45 - 2016-10-14 22:38 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-18 17:01 - 2016-10-14 16:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-18 16:18 - 2016-10-14 16:33 - 000872716 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-18 16:18 - 2016-10-14 16:31 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F12B3F88-A4CC-4CD4-9E42-5BB8C21C80E1}
2017-09-18 16:16 - 2016-12-08 22:05 - 000000000 ___RD C:\Users\canga_000\iCloudDrive
2017-09-18 13:15 - 2016-10-14 17:04 - 000000000 ____D C:\Users\canga_000\AppData\Local\Pokemon Showdown
2017-09-18 12:55 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-18 12:17 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\NDF
2017-09-18 11:55 - 2016-11-17 15:21 - 000000000 ____D C:\Users\canga_000\AppData\Local\CrashDumps
2017-09-18 09:17 - 2016-11-02 10:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-18 09:16 - 2017-07-18 17:47 - 000887114 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-18 08:58 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-18 08:40 - 2016-10-17 21:57 - 000000000 ____D C:\Users\canga_000\AppData\Local\Adobe
2017-09-17 20:41 - 2016-11-18 15:09 - 000000000 ____D C:\Users\canga_000\AppData\Local\Battle.net
2017-09-17 12:51 - 2016-11-18 15:08 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-16 12:13 - 2017-07-21 18:37 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4034607680-3824418392-2138971786-1001
2017-09-16 12:13 - 2016-10-14 17:09 - 000002314 _____ C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-09-15 18:07 - 2016-11-18 15:11 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-15 16:33 - 2017-04-03 21:05 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\vlc
2017-09-14 17:19 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
2017-09-13 18:44 - 2013-08-22 09:44 - 005238160 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-13 18:39 - 2016-10-17 14:03 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 18:39 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-13 18:35 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-12 14:24 - 2017-04-19 13:27 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-09-12 14:24 - 2017-04-19 13:27 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-09-12 13:18 - 2016-10-24 11:16 - 000000000 ____D C:\Games
2017-09-12 13:14 - 2016-10-19 16:24 - 000000000 ____D C:\Users\canga_000\Downloads\Torrents
2017-09-12 13:13 - 2016-10-17 15:15 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\deluge
2017-09-12 09:31 - 2017-03-09 14:22 - 000001916 _____ C:\Windows\Sandboxie.ini
2017-09-11 19:07 - 2016-10-24 15:44 - 000000000 ____D C:\Program Files (x86)\DS4
2017-09-11 18:48 - 2016-10-17 15:33 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-11 15:42 - 2016-11-02 18:46 - 000000000 ____D C:\Users\canga_000\Downloads\images
2017-09-09 21:36 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-05 10:04 - 2017-03-17 21:10 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-05 10:04 - 2016-10-30 16:14 - 000000000 ____D C:\ProgramData\Skype
2017-09-04 19:21 - 2017-04-07 13:27 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\audacity
2017-09-03 13:35 - 2017-01-12 18:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-01 18:54 - 2017-06-15 19:08 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-01 18:54 - 2017-06-15 19:08 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 09:44 - 2017-03-14 16:25 - 000000000 ____D C:\Users\canga_000\AppData\LocalLow\DefaultCompany
2017-09-01 08:45 - 2016-10-20 16:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-31 20:36 - 2016-10-24 10:13 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-28 16:34 - 2016-10-14 16:34 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 15:40 - 2017-08-11 21:03 - 000000000 ____D C:\Users\canga_000\AppData\Local\Warframe
2017-08-26 23:23 - 2017-06-25 14:40 - 000000936 _____ C:\Users\canga_000\.lmmsrc.xml
2017-08-25 13:27 - 2016-12-25 22:58 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\FileZilla
2017-08-25 12:57 - 2017-08-09 18:41 - 000000000 ____D C:\Users\canga_000\Desktop\gmod
2017-08-20 11:51 - 2017-04-19 13:27 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\DownloadNinja
 
==================== Files in the root of some directories =======
 
2017-05-23 18:51 - 2017-05-23 18:51 - 000004549 _____ () C:\Users\canga_000\AppData\Roaming\VoiceMeeterDefault.xml
2016-12-25 22:47 - 2016-12-25 22:47 - 000000600 _____ () C:\Users\canga_000\AppData\Roaming\winscp.rnd
2016-12-11 14:48 - 2016-12-11 14:48 - 000001456 _____ () C:\Users\canga_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-25 23:18 - 2017-07-03 16:24 - 000000600 _____ () C:\Users\canga_000\AppData\Local\PUTTY.RND
2017-09-12 13:13 - 2017-09-12 13:13 - 000000218 _____ () C:\Users\canga_000\AppData\Local\recently-used.xbel
2017-01-21 19:57 - 2017-01-21 19:58 - 000007600 _____ () C:\Users\canga_000\AppData\Local\Resmon.ResmonCfg
2017-09-19 09:10 - 2017-09-19 09:10 - 000048873 _____ () C:\ProgramData\agent.1505830195.bdinstall.bin
2017-09-19 09:27 - 2017-09-19 09:27 - 000001327 _____ () C:\ProgramData\agent.1505831257.4588.bin
2017-09-19 09:13 - 2017-09-19 09:13 - 000030598 _____ () C:\ProgramData\agent.update.1505830412.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-16 12:32
 
==================== End of FRST.txt ============================
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by canga_000 (19-09-2017 10:37:26)
Running from C:\Users\canga_000\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-14 21:12:33)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4034607680-3824418392-2138971786-500 - Administrator - Disabled)
canga_000 (S-1-5-21-4034607680-3824418392-2138971786-1001 - Administrator - Enabled) => C:\Users\canga_000
Guest (S-1-5-21-4034607680-3824418392-2138971786-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.45 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.45 - Datel Design & Development)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Blood and Bacon (HKLM\...\Steam App 434570) (Version:  - Big Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CastleMiner Z (HKLM\...\Steam App 253430) (Version:  - DigitalDNA Games LLC)
Citra Edge (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\citra) (Version: 0.1.44 - Citra Development Team)
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{E3B264CE-D9CF-448B-960F-4F832FB1F990}) (Version: 15.2.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.4 - Corel Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
DaVinci Resolve (HKLM\...\{0AD19E45-B885-4EB1-AC13-A481724BB52D}) (Version: 12.5.6017 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{6A8DCCDF-BC76-4964-B429-D74E5FC11E98}) (Version: 1.1.1.0 - Blackmagic Design)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
DocLock (HKLM-x32\...\DocLock) (Version: 2.1.1.1 - Large Software)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
EasyTether (HKLM\...\{1B7DB4DD-B70D-4FE4-B909-E3D2AC7A17DD}) (Version: 1.3.3 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{6f3b40d5-c81b-469b-a7a2-b560f8561a8c}) (Version: 1.3.3 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{767071E2-19B8-45D0-B283-776A6403C9BC}) (Version: 1.0.6 - Mobile Stream)
FileZilla Client 3.27.0.1 (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGA WRECKER (HKLM\...\Steam App 454410) (Version:  - GAME FREAK inc.)
GitHub (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.3.0 - GitHub, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HackingToolkit3DS version 9 (HKLM-x32\...\{DFCCDD37-4B7E-4E7D-ABAC-06AA7C1DEFB5}_is1) (Version: 9 - Asia81)
HandBrake 1.0.2 (HKLM-x32\...\HandBrake) (Version: 1.0.2 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotspot Shield 7.1.2 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C137CD26}) (Version: 7.1.2.10755 - AnchorFree Inc.) Hidden
Hotspot Shield 7.1.2 (HKLM-x32\...\{ddcf3c73-2b97-4dc5-bdf5-ab48869082b3}) (Version: 7.1.2.10755 - AnchorFree Inc.)
Hotspot Shield 7.1.2 (HKLM-x32\...\HotspotShield) (Version: 7.1.2 - AnchorFree Inc.) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kinoni Streamer 1.51 (HKLM-x32\...\Kinoni Remote Desktop) (Version: 1.51 - Kinoni)
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.1.1 - LG Electronics)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
midi2style 6.8 (HKLM-x32\...\midi2style_is1) (Version: 6.8 - www.jososoft.dk)
MidiEditor (HKLM-x32\...\D4338446-FFE6-1A12-ACFF-CB6F6A6A70A1) (Version: 3.0.0 - Markus Schwenk)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Move or Die (HKLM\...\Steam App 323850) (Version:  - Those Awesome Guys)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.6 - Black Tree Gaming)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.1.16 (HKLM\...\{8834A1E1-4C15-431B-9268-3463F726AB13}) (Version: 5.1.16 - Oracle Corporation)
osu! (HKLM-x32\...\{8d3b6c53-5c40-4066-be08-21d251fa8c25}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Pokémon Uranium (HKLM-x32\...\{C50F06DC-BC8C-44C3-B510-EA0735E5B7E9}) (Version: 1.1 - TTGJailbreak)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.712 - Razer Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.28.2013.0912 - REALTEK Semiconductor Corp) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.28.2013.0912 - REALTEK Semiconductor Corp)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REDRAGON GAMING MOUSE (HKLM-x32\...\{B813639F-D6DF-40CB-A92A-C602548440E1}_is1) (Version: 1.1 - redragonzone)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
RWBY: Grimm Eclipse (HKLM\...\Steam App 418340) (Version:  - Rooster Teeth Games)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.1.0.2 - Splashtop Inc.)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Customizer (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Steam Customizer) (Version: 1.00.00.00 - Blumont)
Sublime Text Build 3126 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Subnautica (HKLM\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Super Star (HKLM\...\Steam App 503300) (Version:  - SakuraGame)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=- v1.9.32.0 (HKLM-x32\...\The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=- v1.9.32.0) (Version:  - )
The Escapists (HKLM\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WindowWatcher (HKLM-x32\...\WindowWatcher) (Version: 1.0 - Airesoft)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinImage (HKLM\...\WinImage) (Version:  - )
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\Musicsoft Downloader 5) (Version: 5.7.3 - Yamaha Corporation)
Yamaha USB-MIDI Driver (HKLM\...\{2D488455-3E89-49EF-BA6E-92C2503DC89D}) (Version: 3.1.4.1 - Yamaha Corporation) Hidden
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{2D488455-3E89-49EF-BA6E-92C2503DC89D}) (Version: 3.1.4.1 - Yamaha Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4034607680-3824418392-2138971786-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-01-16] ()
ContextMenuHandlers1: [DocLock Context Menu] -> {FDAA5C88-14D2-11DF-8D8B-239B55D89593} => C:\Program Files (x86)\DocLock\DocLock_ext64.dll [2010-07-01] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DocLock Context Menu] -> {FDAA5C88-14D2-11DF-8D8B-239B55D89593} => C:\Program Files (x86)\DocLock\DocLock_ext64.dll [2010-07-01] ()
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1545A509-F271-475D-A387-557D5FFB927C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-18] (Microsoft Corporation)
Task: {1CEA0CCB-7302-4CEE-843E-9D239AA8AFC2} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper)
Task: {20273CC9-3EBF-4CEB-8CF5-5FBED7788AC5} - System32\Tasks\hzZHrYjsXbJ2 => hzzhryjsxbj2.exe
Task: {28D439DB-CACE-454A-9E26-649CA59D2E76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {2A17C178-D4C4-4232-9AAF-7A53BAC72721} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {2C98B8DA-73E4-41E4-BF04-A789939955FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {31B38123-3B5E-4DAC-B5CC-6390104D0D75} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {37D3C3D5-A5CA-4B24-887E-878865B59373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-18] (Microsoft Corporation)
Task: {39048138-04E5-49FB-A2DA-40576DD83305} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {61C816C4-2DAE-46F1-99EA-08C769CB3BC9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6535F731-424A-4701-AC0D-2439FB2E2844} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2017-09-18] (Microsoft Corporation)
Task: {7C360AD4-877C-4AEA-A7FD-14FFE3B558CF} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {86B0CB29-BFB4-4FB8-B220-EB5E83EF3134} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {92CA81F4-B39D-4C21-990E-594BB03EF379} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-18] (Microsoft Corporation)
Task: {AF3D7E37-56F2-4974-B283-A88C83D67F7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C8EBAC9F-C9F1-4592-A2E4-A22263D74D28} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {D69B0098-0B7F-454D-AAD6-82D7E834EAB9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-18] ()
Task: {DB7989F3-D863-4DD7-8B7C-ACAB5B0B9AB3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-18] ()
Task: {E28090B0-D71F-44DD-BDCA-D9D350D91B31} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-canga60@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {F68D9559-4374-4EB4-90B5-DD37D2C86C2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\canga_000\AppData\Local\Microsoft\Windows\RoamingTiles\12438324870.lnk -> hxxp://192.168.0.1
 
ShortcutWithArgument: C:\Users\canga_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\12438324870.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xbba6301a -pinnedTimeHigh 0x01ce21df -securityFlags 0x00000000 -url 0x00000013 hxxp://192.168.0.1/
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nimbus Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aecjogkncpbkjfobfnoaiepipllcadhe
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-18 05:45 - 2017-09-18 16:51 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-07-01 06:16 - 2010-07-01 06:16 - 000103936 _____ () C:\Program Files (x86)\DocLock\DocLock_ext64.dll
2017-08-28 16:34 - 2017-08-23 03:48 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libglesv2.dll
2017-08-28 16:34 - 2017-08-23 03:48 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:0facd4cdccd2b2b7607e486703f149d3 [214]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\sharepoint.com -> hxxps://jsu-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-09-19 09:02 - 000001053 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\canga_000\Downloads\images\Fuukawallpaper.jpg
DNS Servers: 10.80.5.132
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Manager.lnk"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\StartupFolder: => "prowled.lnk"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "EasyTether"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "download.ninja"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "obsess"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "DSdeGlr6TY"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Haste"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "untainted"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0328A21F-151B-4E84-9225-0A96A35BBC2B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{82AB8A7E-9F35-4D40-AF01-4702C5D26FFC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1A33BB99-4A23-45BF-832C-5EF0EED9C8DC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FCE50B9D-5098-4EE7-B97C-CE8E6D112F5F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{AC4B168E-0DE0-4166-9662-2F150E226103}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{2873D739-1FFA-4110-B52D-451D609775B9}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{15B77695-B002-4C9F-B9CF-6D7BCE8B4633}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF463A5C-D06B-4833-9F00-D0424A679799}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5C3F20D4-77CE-473E-BE9E-5EC09B8CB58C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4188098A-BF05-4224-A5B5-2FB4940F4E3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A28FAAC-55A4-4B2A-B683-414466295673}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{715B4EED-1AD6-44FF-92CE-5A59323D4A1B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{3F480966-7E22-47E8-9F77-CB8B3E848E33}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{618129B1-0EAA-4B3E-876F-BF300F26EA88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{24F3C761-D24E-4203-BDF0-C99CD9A34A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7DC59F85-54F8-4CD9-B9D5-B438B595186A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{AC9FEB82-1982-4DD9-9E73-B4B04D73103E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{4C989EE1-53E5-4F7B-BAF0-08212AFA8397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0E71B598-0C34-4C0C-9823-7E3FEA68A299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2DCEC9BD-9E31-4585-A0AA-D67E85562109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B1CC4282-E83B-4136-A69B-F914090DFE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F574B8F4-8DFB-4062-BE57-56B42D9E4E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D2270D07-80A0-435A-8BFE-0772E4812B0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{893C35AD-5D9C-4308-8CE8-9BEF816EEFD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{09B0AABD-AAF1-462B-A298-066AD08D46C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [TCP Query User{5C6B3CCA-CEC2-47A3-961D-D7E222E81CF9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{421B6634-D9ED-440F-853B-24F390E4B359}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{97775839-BF97-47FB-BBA8-A93CE8CD8709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{AECC2838-E904-4761-9738-57669E191946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{1C9CB214-3EC1-48C1-AB6A-6E6BEAC3FB0D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{52F96AE3-5B99-4EED-B192-697BDBBB5519}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D8A7B9BE-7880-4EEA-A4DB-393ED01A88FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{201A1910-7953-4C62-B3DE-EAF0D49091F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8B96EA6-5D09-417E-8225-6EC589DCB1CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{149DDC6A-30F1-444E-867D-AFA12341F6A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5B8D300C-3A33-4594-8732-61AEE46FBC7A}C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe] => (Allow) C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe
FirewallRules: [UDP Query User{0D036A35-3590-4782-8362-5782A6067772}C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe] => (Allow) C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe
FirewallRules: [TCP Query User{EC35A3A2-650C-40A5-8DCF-D316966DF24C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0D739C40-10FF-4806-A4D0-952F84B70B18}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{9FFCF07D-3675-4E72-8A31-626EC7E99AA7}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
FirewallRules: [{849C97F1-62BF-4446-AB89-9AF876B99864}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F9B394B6-918D-44CF-951F-9E3C4261FA1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{992C3DC7-FFDA-40EB-AC3F-6C48CB5DF9D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{64EF0E27-EFBB-4C84-92F7-F71FC11A601D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F1BAD3BE-1992-4C43-A02E-BD58804734A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{D6F746DB-D204-40B7-B23D-440FCBCC0E66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{CC9359E5-750E-45B7-A994-BE531C115503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{70C1D6D3-4451-468E-BBF4-93216030340F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{20B36736-2543-40DE-8682-B9D766381FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{CE53B5B1-0299-4874-AD53-26C1124D4C2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B4547F53-6645-4658-B3A4-68D945B03264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8768B950-6705-4A4A-AD27-EECC6BCEEA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{AAC1C0DB-EE2C-4423-B24B-CC9B5A1953E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{3C915267-E8B6-4351-83B9-C70867C84E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{FE32DE5B-C253-4A41-B577-0F1A15F3D270}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3215F80F-4FF5-4241-8DB5-118677641316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C1D4A4A-A86E-43CD-96D6-C0EAC5260EA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60037226-3D1E-4CAA-9A02-5AB3E9986A6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FA2A37DF-95BA-4636-A8EB-D5B26D9CF7D4}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{9B29E96E-7965-4432-A5AF-242E2678F1B3}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{933A899C-267D-41A2-8BEA-136502DCF43B}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{D8D27D58-4443-4936-8FC1-6718FCAFE84E}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{EFBDD3F0-2F27-4F73-8B46-517DB26F3598}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{EAF7E56E-CCB3-497B-8476-D763BADB863C}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{C951FE32-C5EF-450C-9905-8434430F1D11}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{1F4A7E4D-43C2-4F28-8836-843EC9DA261E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{C898D6E5-B48C-479B-9DAA-FB54564B39C0}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{6F0B6799-18D6-4799-B94F-7996CEBE6A12}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{4F0F0F40-DA97-49F0-961E-8A9F961F5C7B}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{BE47A36B-DA7D-4C59-A1ED-7C6E2E49244A}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{CA213419-8C72-42F7-BE26-2A7BE3DF6E14}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{25B69F94-F30B-4BBA-AC7A-A97BCA9962E7}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{84831CCF-C30E-4A46-8D2C-36079590AE10}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{AA9AC0AA-A457-46B1-80BD-F3907B3ADB6E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A930B03D-27E0-4936-9629-4DAE5A21F9D7}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{9F1E0A11-7B82-4B75-BC0C-D8F4ACBB6191}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{62E84148-9092-4F0D-A79B-D41ED961E6A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{46FC5794-8E08-463B-852B-FB4FA00EEBC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{182F2122-2AF7-4D81-8D95-0AAE113B0F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Star\game.exe
FirewallRules: [{642A8578-BC5B-4B11-841A-4E5871B42A73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Star\game.exe
FirewallRules: [{64A207E3-E5EF-4AED-8926-E6123ECE749E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{BE04E576-5922-4CF0-BECA-B8B46A470050}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E74F1792-8C2E-4FD0-BD09-55EF4197E013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{E1747981-DB6F-4856-AF41-6A96340DB983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6E71697C-1541-4DE0-8EB3-8ABD56EBAE54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{5F52EA35-DA14-48EF-997C-59AF1D190B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{877900FC-E541-46C5-AC2C-55E7291AAC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{8F37DBBC-FEB6-47C8-BF4A-A5B3D3189880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{AB25038D-B32A-485F-9FBB-23C8C01AE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{ED83DC07-D75B-4354-87DD-BF2A9F465B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9AC27168-F017-41B8-B1C6-9ED766E782DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{9C789A5F-7450-40AB-8962-983E61C0CB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{0DDA5481-7A86-4FF5-AC8D-720A96F85860}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{03B2A190-1B96-45A5-B77B-C4A09B78EA9B}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{5A013035-C1C0-4B24-8C96-708B6C03FAD6}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{352188BB-977C-4764-9100-EB35EAA58656}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{D76DD7C7-5AE7-4DE3-B3BC-54EE9650C22C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{BDF6973A-F50F-48AB-9091-5BE99B0078C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [TCP Query User{1CBA010C-D49C-4B56-A363-66717772D429}C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{9C399E52-26F5-4316-88BF-2EFC195FA760}C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{BD3B4D2A-EF44-4DD0-A005-127EF38F22B4}C:\koplayer\download\minithunderplatform.exe] => (Allow) C:\koplayer\download\minithunderplatform.exe
FirewallRules: [UDP Query User{46B0AE2C-93B3-4F25-8A95-AB138C6076C4}C:\koplayer\download\minithunderplatform.exe] => (Allow) C:\koplayer\download\minithunderplatform.exe
FirewallRules: [{2F265679-EF25-42EE-9465-C30591C9A9F1}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{47237BE0-E5F8-46E2-8D26-FB3B0DC6A3A2}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [TCP Query User{DFE51F1B-F067-4F46-A4C4-0803780FEF90}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{CAC81EAC-DF9D-462F-8ADE-172E749BF325}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1BA5C1B4-7885-4698-8E3E-6783BC0A7868}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{94200C16-F3E3-47E4-BEE3-C1FD1E1C2383}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2EFF3230-C06E-4F86-A8E6-0C5C00D1CD48}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C8E19FBE-039B-4722-82B6-28D5356A8AC8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{1440B137-985A-4AC4-A4F2-1C11BD8D16FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{32C28C39-F392-4BE1-840F-3B08C23B3316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{66BB91E9-3967-4A9C-8B60-4FF5055C52BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{60ADE245-8A9D-4E7A-803D-883D615C3395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [TCP Query User{711B430D-DAB5-43E3-877B-EC7277F90A73}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [UDP Query User{F094EA04-855C-41F6-B186-27B5E498E07A}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [{736D1816-D478-4149-8395-7CAFE36AA176}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{04C81790-2227-460B-8D42-E73B0D060D23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5E9FFA24-1ED7-4680-AD83-C73815D2A440}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GigaWrecker\GigaWrecker.exe
FirewallRules: [{CAE7FDDC-9590-4897-B19D-5BFF90C1E514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GigaWrecker\GigaWrecker.exe
FirewallRules: [{4C611157-6D46-4000-A917-60836152ADAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RWBY_GE\rwby-ge.exe
FirewallRules: [{0B2A2B65-D361-4A0A-8784-5A253B0A9D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RWBY_GE\rwby-ge.exe
FirewallRules: [{FEC85D39-2A4A-4318-9B05-822A268E21F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [{6FCF20A2-E276-4CCF-BDF3-3E6C2651CC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [{24775D84-C49D-4907-A5B9-7B8E81D283AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{0C274325-CED0-4D90-BF55-9935DAD79CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D3E390B0-24B3-43F8-8ECB-1319ECD7C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{46763F97-DE73-440D-AE3F-1B50AB68C2B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{9C58238E-7854-4202-A39D-AA3436233124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{29F23941-CEA3-4959-BB89-3B2BBA1F8580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{908BFE10-0C01-47A2-B79C-32C4E121C8C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6827CB9E-4844-45E7-BAA2-81D3D851659B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3DF418CE-5E35-409E-BA6E-AD002910E997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{FAF12A4B-32A0-464E-870E-97DB5328E718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E6295415-CBF7-4D43-88CD-057BE31E95EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{EC9C977D-7622-4FE5-A487-52C089C8654E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{16C52252-84F7-4816-BFFB-D25B7AA12193}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{2D5F0138-2B21-4FB7-8EF1-C5B393056485}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{5F19A76E-8241-4278-80C5-C783559EBBEB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{69F41B7B-9CB0-4A2C-B88F-074B69018ED4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{E31B532A-92B4-48E4-94E1-2434E3053E57}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{8CC956FC-A49B-4B41-9B53-D3ECA5059F30}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{77C1B824-278F-4327-AAF9-429088B81CC1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{D9968B02-F506-476E-9838-A665B86D1185}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{E3CEB318-6377-41D7-966C-4D16359266B4}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{92774665-20EE-4721-8027-462B977C5C08}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{B0E7F4F0-1C82-41C3-934A-A2EA1645D1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E2CCC7CE-C222-4CFA-9E8C-438B6ADB413D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B74EC84F-7ACF-4185-A191-C57D221C1A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{00AC4935-DDE6-4F76-B19B-008652FCE8D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{077D0DDE-7DA1-4738-9D55-57B2BA317121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C7A9808C-D03D-401B-BF37-298D49041180}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5A749118-BD30-4477-A6CD-9D99E71BA0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FF7F115F-5BFC-44CE-A0AB-1BB5F81AB47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1900849A-D0FF-45E8-AC41-7A0559DB99CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6FCC39FD-CDE9-4B0E-8C89-297A0764B76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{77AF0351-19C1-4ED1-B54E-D0590870ED6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5DD5164B-C8C4-421D-96B9-9F1EE2DE1EE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6C320E19-15A3-409D-9192-F94448FC524C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DD7020E8-2E42-4202-BB5A-795984530B7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{34A2EB70-B417-4109-8330-2E78B745C108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7ABE51B0-5401-4C39-960D-3B3AC7757CBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA1F086E-BA97-4480-8BD1-BD260DFB16B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60A6FFA2-0BE0-4423-9205-0441AC2CDF50}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{D68CB62D-B66D-4FFB-8F58-880CF1749426}] => (Allow) C:\Program Files (x86)\Electronics\doodad.exe
FirewallRules: [{2855596F-22DF-48FE-A9DA-59705968ECDF}] => (Allow) C:\Program Files (x86)\Bogeys\doodad.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth USB Controller-15 from TOSHIBA
Description: Bluetooth USB Controller-15 from TOSHIBA
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: Toshiba
Service: tosrfusb
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2017 10:34:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:34:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:32:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:24:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:18:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:18:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:16:22 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:00:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\canga_000\Desktop\winsdksetup.exe ; Description = Windows Software Development Kit - Windows 10.0.15063.468; Error = 0x8007043c).
 
Error: (09/19/2017 09:15:59 AM) (Source: MsiInstaller) (EventID: 11719) (User: DEXTERS-PC)
Description: Application: Kaspersky Anti-Virus -- Error 1719. Windows Installer service could not be accessed. Verify that it is properly registered and enabled or contact Technical Support.<<31719>><<31709>>
 
Error: (09/19/2017 06:56:07 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (09/19/2017 10:38:18 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/19/2017 10:37:27 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:37:27 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:37:24 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:37:24 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:36:45 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:36:45 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:36:08 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:36:08 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/19/2017 10:36:05 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-09-02 23:11:35.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8076.22 MB
Available physical RAM: 5166.04 MB
Total Virtual: 16268.22 MB
Available Virtual: 13500.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.12 GB) (Free:17.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 19 September 2017 - 11:15 AM

Hi ZeroX96 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 19 September 2017 - 01:35 PM

Alright, thanks! I did a virus scan with Malwarebytes this morning and deleted everything that showed up after it quarantined them. Here's the log from then.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/19/17
Scan Time: 8:52 AM
Log File: cda34270-9d41-11e7-9ac2-00ffeb7dc12a.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2841
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DEXTERS-PC\canga_000
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341702
Threats Detected: 112
Threats Quarantined: 104
Time Elapsed: 9 min, 11 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 25
Adware.REOptimizer, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119, Quarantined, [7011], [417947],1.0.2841
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [22], [260247],1.0.2841
Adware.DotDo.DotPrx, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [8286], [-1],0.0.0
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9690], [246387],1.0.2841
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [22], [260247],1.0.2841
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9690], [246387],1.0.2841
Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hzZHrYjsXbJ2 Updater, Quarantined, [2247], [372679],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\37078062, Quarantined, [8286], [397745],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\50808833, Quarantined, [8286], [397745],1.0.2841
PUP.Optional.BlockAdsPro, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, Quarantined, [8773], [419770],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\75484143, Quarantined, [8286], [397745],1.0.2841
Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\k37078062, Quarantined, [1431], [402167],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sa3707806237078062, Quarantined, [8286], [409656],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sa5080883350808833, Quarantined, [8286], [409656],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sa7548414375484143, Quarantined, [8286], [409656],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Sak37078062k37078062, Quarantined, [8286], [397782],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C0E735B-B48A-4E2B-BC91-90C6BDFAC6BD}, Quarantined, [8286], [407483],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C593E5B-755E-4821-83C5-2F3D3E45BB6E}, Quarantined, [8286], [409657],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36A081E9-281E-4D6A-B4D8-3FA31307D0AC}, Quarantined, [8286], [409657],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{410ED08A-78CC-4B9E-830C-1383D3CFF8C4}, Quarantined, [8286], [407483],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9FD55627-68F0-4634-AD6C-775312A517A9}, Quarantined, [8286], [397783],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C26C8FDE-6EE1-4104-A9BE-80557A2A9F5C}, Quarantined, [8286], [409657],1.0.2841
Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E369B137-AC7A-4A2B-ACCA-26D67CA7FF4C}, Quarantined, [1431], [402166],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F114DDB6-524F-47DC-806D-31602C7818B8}, Quarantined, [8286], [407483],1.0.2841
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\hzZHrYjsXbJ2 Updater_is1, Quarantined, [1729], [422716],1.0.2841
 
Registry Value: 17
PUP.Optional.WinResSync.Generic, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINRESSYNC, Quarantined, [1484], [337570],1.0.2841
Adware.REOptimizer, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119|DISPLAYNAME, Quarantined, [7011], [417947],1.0.2841
Adware.DotDo.DotPrx, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8286], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8286], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [8286], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [8286], [-1],0.0.0
Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hzZHrYjsXbJ2 Updater|IMAGEPATH, Quarantined, [2247], [372679],1.0.2841
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{39E1E44C-B037-4636-8006-A068E743E534}|NAMESERVER, Quarantined, [5659], [260227],1.0.2841
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{B8507DAB-113D-4CB8-B66E-E5C7024CE8DB}|NAMESERVER, Quarantined, [5659], [260227],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C0E735B-B48A-4E2B-BC91-90C6BDFAC6BD}|PATH, Quarantined, [8286], [407483],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C593E5B-755E-4821-83C5-2F3D3E45BB6E}|PATH, Quarantined, [8286], [409657],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36A081E9-281E-4D6A-B4D8-3FA31307D0AC}|PATH, Quarantined, [8286], [409657],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{410ED08A-78CC-4B9E-830C-1383D3CFF8C4}|PATH, Quarantined, [8286], [407483],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9FD55627-68F0-4634-AD6C-775312A517A9}|PATH, Quarantined, [8286], [397783],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C26C8FDE-6EE1-4104-A9BE-80557A2A9F5C}|PATH, Quarantined, [8286], [409657],1.0.2841
Adware.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E369B137-AC7A-4A2B-ACCA-26D67CA7FF4C}|PATH, Quarantined, [1431], [402166],1.0.2841
Adware.DotDo.DotPrx, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F114DDB6-524F-47DC-806D-31602C7818B8}|PATH, Quarantined, [8286], [407483],1.0.2841
 
Registry Data: 14
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0C182B59-B2A7-4BA3-8175-BAEB6893B94C}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0DA5BDC7-40F7-4400-872C-4D67EA072034}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{116445CA-A2AA-4EA0-BACF-4B6DFD0E5C06}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{39E1E44C-B037-4636-8006-A068E743E534}|NameServer, Replaced, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{39E1E44C-B037-4636-8006-A068E743E534}|DhcpNameServer, Replaced, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}|DhcpNameServer, Replaced, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{B8507DAB-113D-4CB8-B66E-E5C7024CE8DB}|NameServer, Replaced, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{E967C34A-871D-46EC-8B38-BC009264F6B0}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EB7DC12A-EDED-415C-9B66-0AB18C0107F6}|NameServer, Removal Failed, [22], [-1],0.0.0
PUP.Optional.MySearchDial, HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SECONDARY START PAGES, Replaced, [1580], [293114],1.0.2841
 
Data Stream: 0
(No malicious items detected)
 
Folder: 7
PUP.Optional.BundleInstaller, C:\USERS\CANGA_000\APPDATA\LOCAL\TEMP\16832515, Quarantined, [20], [341983],1.0.2841
PUP.Optional.DriverFetch.Gen, C:\PROGRAMDATA\1505772747, Quarantined, [14670], [254645],1.0.2841
PUP.Optional.BlockAdsPro, C:\USERS\CANGA_000\APPDATA\ROAMING\MICROSOFT\BLOCKADSPRO, Quarantined, [8773], [421128],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\update, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\temp, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\HZZHRYJSXBJ2 UPDATER, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\HZZHRYJSXBJ2, Quarantined, [1729], [422713],1.0.2841
 
File: 49
PUP.Optional.BundleInstaller, C:\USERS\CANGA_000\APPDATA\LOCAL\TEMP\16832515\ic-0.322a469e3286f4.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\dlreport, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\ic-0.4f4e64232a871.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\ic-0.61aafde4a65f4.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\ic-0.688613c9ad461.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\ic-0.8688f64278f48.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.BundleInstaller, C:\Users\canga_000\AppData\Local\Temp\16832515\ic-0.c8c1ea917dd618.exe, Quarantined, [20], [341983],1.0.2841
PUP.Optional.DriverFetch.Gen, C:\PROGRAMDATA\1505772747\s9.zip.download, Quarantined, [14670], [254645],1.0.2841
PUP.Optional.BlockAdsPro, C:\Users\canga_000\AppData\Roaming\Microsoft\BlockAdsPro\BlockAdsPro.exe, Quarantined, [8773], [421128],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\Sak37078062k37078062, Quarantined, [8286], [397781],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\37078062, Quarantined, [8286], [410000],1.0.2841
Adware.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\k37078062, Quarantined, [1431], [402165],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\50808833, Quarantined, [8286], [410000],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\75484143, Quarantined, [8286], [410000],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\Sa3707806237078062, Quarantined, [8286], [409999],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\Sa5080883350808833, Quarantined, [8286], [409999],1.0.2841
PUP.Optional.REOptimizer, C:\USERS\CANGA_000\APPDATA\LOCAL\UNINSTALLCE.EXE, Quarantined, [7592], [412227],1.0.2841
Adware.DotDo.DotPrx, C:\WINDOWS\SYSTEM32\TASKS\Sa7548414375484143, Quarantined, [8286], [409999],1.0.2841
Adware.DNSUnlocker.Generic, C:\PROGRAM FILES (X86)\HZZHRYJSXBJ2 UPDATER\HZZHRYJSXBJ2 UPDATER.EXE, Quarantined, [2247], [372679],1.0.2841
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [2828], [352008],1.0.2841
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [2828], [352008],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365171],1.0.2841
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [323], [365175],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\HZZHRYJSXBJ2 UPDATER\CFG.INI, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\temp\response.ini, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\temp\setup.exe, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\temp\update.ini, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\unins000.dat, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\unins000.exe, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2 Updater\updateStatus.ini, Quarantined, [1729], [422716],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\HZZHRYJSXBJ2\SETTINGS.INI, Quarantined, [1729], [422713],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2\hzZHrYjsXbJ2.cer, Quarantined, [1729], [422713],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2\hzzhryjsxbj2.exe, Quarantined, [1729], [422713],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2\Info.rtf, Quarantined, [1729], [422713],1.0.2841
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\hzZHrYjsXbJ2\License.rtf, Quarantined, [1729], [422713],1.0.2841
Adware.IStartSurf, C:\USERS\CANGA_000\DESKTOP\KMSPICO V10.2.0.ZIP, Quarantined, [810], [435637],1.0.2841
CrackTool.Agent.Steam, C:\PROGRAM FILES (X86)\THE ELDER SCROLLS V SKYRIM FULL GAME+DLC-=AVIARA=-\STEAM_API.DLL, Quarantined, [2013], [352888],1.0.2841
Trojan.Clicker, C:\USERS\CANGA_000\APPDATA\LOCAL\TEMP\1505772747\S5M_INSTALL_325.ZIP, Quarantined, [21], [387412],1.0.2841
Trojan.BloCrypt, C:\WINDOWS\TEMP\_AVAST_\UNP98919111.TMP, Quarantined, [2407], [435721],1.0.2841
Trojan.Injector, C:\USERS\CANGA_000\DSDEGLR6TY\5GJP.DLL, Quarantined, [8], [381545],1.0.2841
PUP.Optional.InstallCore, C:\USERS\CANGA_000\DSDEGLR6TY\BIND0.EXE, Quarantined, [2], [380016],1.0.2841
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 19 September 2017 - 01:54 PM

Good :) Now let's see if RogueKiller and AdwCleaner detect anything.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 19 September 2017 - 04:18 PM

I couldn't get Rouge Killer installed since I'm having to run my computer in Safe Mode, but here's the other log.

 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 21:16:19 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-18-2017.1
# Running on Windows 8.1 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\canga_000\Favorites\StumbleUpon
PUP.Optional.Legacy, C:\Program Files (x86)\S5
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.mysearchdial.com
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, Plugin found: Highlight to Search - 
PUP.Optional.Legacy, Plugin found: Google Quick Scroll - 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 19 September 2017 - 06:07 PM

Are you able to boot normally, or are you somehow stuck in Safe Mode?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 19 September 2017 - 06:40 PM

When I boot normally it crashes after a minute or less so I can't get anything done.

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 19 September 2017 - 06:48 PM

How does it crash? With a BSOD?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 19 September 2017 - 07:00 PM

Yes, with this error code. "DRIVER_IRQL_NOT_LESS_OR_EQUAL(iadimpsv.sys)"

Edited by ZeroX96, 19 September 2017 - 07:02 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 19 September 2017 - 07:02 PM

Alright, let's continue with FRST then.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 20 September 2017 - 09:08 AM

FRST.txt Results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2017
Ran by canga_000 (administrator) on DEXTERS-PC (20-09-2017 09:00:56)
Running from C:\Users\canga_000\Desktop
Loaded Profiles: canga_000 (Available Profiles: canga_000)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LavaWolfGMMouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\LAVAWOLF\lwmon.exe [3101696 2013-05-15] ()
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KinoniTask] => C:\Program Files (x86)\Kinoni\Remote Desktop\KinoniTask.exe [118416 2016-07-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-07-12] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2015-11-22] (Mobile Stream)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-06] (Valve Corporation)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [download.ninja] => C:\Program Files\Ninja Download Manager\download.ninja.exe
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste Esports Accelerator\Haste.exe
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [DSdeGlr6TY] => C:\DSdeGlr6TYDSdeGlr6TY\DSdeGlr6TY.vbs
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [untainted] => "C:\Program Files (x86)\trolled\untainted.exe"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [obsess] => "C:\Program Files (x86)\Electronics\doodad.exe"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\RunOnce: [Uninstall C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\MountPoints2: {47417238-928c-11e6-824c-806e6f6e6963} - "D:\SETUP.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-10-17]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-10-14]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prowled.lnk [2017-09-18]
ShortcutTarget: prowled.lnk -> C:\Program Files (x86)\Electronics\doodad.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.80.5.132
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0C182B59-B2A7-4BA3-8175-BAEB6893B94C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0DA5BDC7-40F7-4400-872C-4D67EA072034}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{116445CA-A2AA-4EA0-BACF-4B6DFD0E5C06}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{39E1E44C-B037-4636-8006-A068E743E534}: [DhcpNameServer] 10.80.5.132
Tcpip\..\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48EA2736-404C-4908-B0AF-99C25337EE0A}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E967C34A-871D-46EC-8B38-BC009264F6B0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EB7DC12A-EDED-415C-9B66-0AB18C0107F6}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com/?cid=J13
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-24] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-17] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-24] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-20]
CHR Extension: (Google Slides) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-14]
CHR Extension: (hxxp://store.steampowered.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adkbdjbjeeaobgabhpkaljnnngokgifh [2016-10-14]
CHR Extension: (Nimbus Screenshot App) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-04-20]
CHR Extension: (Google Docs) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-14]
CHR Extension: (Google Drive) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-14]
CHR Extension: (Skype Calling) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-14]
CHR Extension: (YouTube) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-14]
CHR Extension: (Honey) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-08]
CHR Extension: (Facebook) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-10-14]
CHR Extension: (Adblock Plus) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Reaction Packs for Facebook) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfkadjljnkkbojdgocopcbdbnmpcan [2016-11-29]
CHR Extension: (hxxp://dinklebergsttt.enjin.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkeogpndamnfjbmglkfkancehcbemplo [2017-01-04]
CHR Extension: (Share on Rabbit) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2017-07-08]
CHR Extension: (Bamboo Spear) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakplngdcboeilofopihpjnoeclenhmn [2016-10-14]
CHR Extension: (Avast Passwords) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-09-18]
CHR Extension: (Google Play Music) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-09-01]
CHR Extension: (Google Sheets) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-14]
CHR Extension: (Downloads Router) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkboeogiiklpklnjgdiaghaiehcknjo [2016-11-02]
CHR Extension: (Highlight to Search) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2016-10-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-09]
CHR Extension: (HTTPS Everywhere) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-14]
CHR Extension: (Download Ninja) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklhnpfkcfpkjcihhjbgmhgkcajamlmd [2017-04-19]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15]
CHR Extension: (hxxp://anilinkz.com/search?q=sword+art+online) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgjgidbghipdfdpaieioekkpekncjob [2016-10-14]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-09-11]
CHR Extension: (hxxps://jsu.blackboard.com/webapps/portal/exe) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdkddimipnmlgjkhnnpclmjmopkcink [2016-10-21]
CHR Extension: (Crackle) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2016-10-14]
CHR Extension: (Google Play Music) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-10-14]
CHR Extension: (YouTube) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2016-10-14]
CHR Extension: (Emoji for Google Chrome™) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-09-11]
CHR Extension: (Black red shards) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-05-25]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-07]
CHR Extension: (Google Hangouts) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-05]
CHR Extension: (hxxp://www.neoseeker.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\laobedgmmmdponjggeekeehecchlbedh [2016-10-14]
CHR Extension: (Skype) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-30]
CHR Extension: (Google Search) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2017-09-20]
CHR Extension: (Ghostery) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-10]
CHR Extension: (Google Hangouts) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (My Chrome Theme) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-10-14]
CHR Extension: (Google Quick Scroll) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2016-10-14]
CHR Extension: (hxxp://www.ultimate-guitar.com/) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfgifpflcfeaigbdlegohfjmboddjeom [2016-10-14]
CHR Extension: (Gmail) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\canga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-07-15] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
S2 ETGMGlcsSrv; C:\Program Files (x86)\REDRAGON GAMING MOUSE\LAVAWOLF\ETGMSrv.exe [1181544 2012-04-24] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-31] (GOG.com)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53168 2017-09-11] (AnchorFree Inc.)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 KinoniRemoteDesktop; C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe [81920 2016-07-04] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
S2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-06-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 apexpsvc; "C:\Users\CANGA_~1\AppData\Local\Temp\xis\apexpsvc.exe" /svc [X] <==== ATTENTION
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NIS.exe" /h ccCommon [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.3; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_3_64.sys [64912 2017-09-07] (AnchorFree Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29696 2016-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-03-02] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-03-02] (LG Electronics Inc.)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [627208 2016-11-30] (C-MEDIA)
R3 easytether; C:\Windows\system32\DRIVERS\easytthrx.sys [22728 2015-11-22] (Mobile Stream)
R3 Kinonih; C:\Windows\System32\drivers\kinonih.sys [32256 2016-06-22] (Kinoni)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-19] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-20] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-20] (Malwarebytes)
S3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-09-06] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-04] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2016-10-04] (Splashtop Inc.)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2017-02-09] (Anchorfree Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 TTDrv; C:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
S3 usbglcs1100301; C:\Windows\system32\drivers\usbglcs1100301.sys [25600 2012-04-24] (Windows ® Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-23] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-03-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-03-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation)
S1 MpKsldbe7a3cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00648F89-50D9-4FA4-B531-CD261B0E10F0}\MpKsldbe7a3cd.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\EX64.SYS [X]
S3 RTSUER; \SystemRoot\system32\Drivers\RtsUer.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-20 08:59 - 2017-09-20 09:00 - 002399744 _____ (Farbar) C:\Users\canga_000\Desktop\FRST64.exe
2017-09-20 08:59 - 2017-09-20 08:59 - 001795584 _____ (Farbar) C:\Users\canga_000\Desktop\FRST.exe
2017-09-19 16:13 - 2017-09-19 16:16 - 000000000 ____D C:\AdwCleaner
2017-09-19 16:12 - 2017-09-19 16:13 - 008182736 _____ (Malwarebytes) C:\Users\canga_000\Desktop\AdwCleaner.exe
2017-09-19 15:05 - 2017-09-19 15:05 - 035884000 _____ (Adlice Software ) C:\Users\canga_000\Desktop\setup.exe
2017-09-19 15:03 - 2017-09-19 15:03 - 000000218 _____ C:\Users\canga_000\AppData\Local\recently-used.xbel
2017-09-19 12:52 - 2017-09-19 12:52 - 000016747 _____ C:\Users\canga_000\Desktop\Malwarebytes log 9-19-2017 8-52 AM.txt
2017-09-19 10:37 - 2017-09-19 10:38 - 000067093 _____ C:\Users\canga_000\Desktop\Addition.txt
2017-09-19 10:36 - 2017-09-20 09:02 - 000026440 _____ C:\Users\canga_000\Desktop\FRST.txt
2017-09-19 10:36 - 2017-09-20 09:00 - 000000000 ____D C:\FRST
2017-09-19 10:19 - 2017-09-19 10:19 - 001685521 _____ C:\Users\canga_000\Documents\SysnativeFileCollectionApp.zip
2017-09-19 10:15 - 2017-09-19 10:15 - 000000808 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-09-19 10:15 - 2017-09-19 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-09-19 10:15 - 2017-09-19 10:15 - 000000000 ____D C:\Program Files\Speccy
2017-09-19 10:14 - 2017-09-19 10:14 - 006299336 _____ (Piriform Ltd) C:\Users\canga_000\Desktop\spsetup131.exe
2017-09-19 10:13 - 2017-09-19 10:13 - 000231539 _____ C:\Users\canga_000\Desktop\Using_Speccy.pdf
2017-09-19 10:03 - 2017-09-19 10:05 - 000000000 ____D C:\Users\canga_000\Documents\SysnativeFileCollectionApp
2017-09-19 10:03 - 2017-09-19 10:03 - 000158720 _____ (Sysnative) C:\Users\canga_000\Documents\SysnativeBSODCollectionApp.exe
2017-09-19 09:59 - 2017-09-19 09:59 - 001192656 _____ (Microsoft Corporation) C:\Users\canga_000\Desktop\winsdksetup.exe
2017-09-19 09:41 - 2017-09-19 09:41 - 000000000 ____D C:\ProgramData\Realtek
2017-09-19 09:38 - 2017-09-19 09:39 - 057364720 _____ (Lenovo Group Limited ) C:\Users\canga_000\Desktop\j4bm05ww.exe
2017-09-19 09:33 - 2017-09-19 09:33 - 000115024 ____N C:\Windows\system32\Drivers\iadilosv.sys
2017-09-19 09:32 - 2017-09-19 09:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-09-19 09:28 - 2017-09-19 09:29 - 000285176 _____ C:\Windows\Minidump\091917-45078-01.dmp
2017-09-19 09:28 - 2017-09-19 09:28 - 588156685 _____ C:\Windows\MEMORY.DMP
2017-09-19 09:27 - 2017-09-19 09:27 - 000001327 _____ C:\ProgramData\agent.1505831257.4588.bin
2017-09-19 09:15 - 2017-09-19 09:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-19 09:13 - 2017-09-19 09:13 - 000030598 _____ C:\ProgramData\agent.update.1505830412.bdinstall.bin
2017-09-19 09:12 - 2017-09-19 09:14 - 162135728 _____ (Kaspersky Lab) C:\Users\canga_000\Desktop\kav18.0.0.405aben_es_fr_12609.exe
2017-09-19 09:10 - 2017-09-19 09:10 - 000048873 _____ C:\ProgramData\agent.1505830195.bdinstall.bin
2017-09-19 09:09 - 2017-09-19 09:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-19 09:09 - 2017-09-19 09:09 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-09-19 09:08 - 2017-09-19 09:08 - 009932672 _____ C:\Users\canga_000\Desktop\bitdefender_online.exe
2017-09-19 08:52 - 2017-09-20 08:39 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-19 08:52 - 2017-09-19 16:07 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-19 08:51 - 2017-09-20 08:39 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-19 08:51 - 2017-09-19 08:51 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-19 08:51 - 2017-09-19 08:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-19 08:51 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-19 08:46 - 2017-09-19 08:48 - 068408664 _____ (Malwarebytes ) C:\Users\canga_000\Desktop\mb3-setup-consumer-3.2.2.2029.exe
2017-09-19 08:33 - 2017-09-19 08:33 - 000285176 _____ C:\Windows\Minidump\091917-81312-01.dmp
2017-09-19 07:04 - 2017-09-19 07:04 - 000285344 _____ C:\Windows\Minidump\091917-52531-01.dmp
2017-09-18 20:42 - 2017-09-18 20:42 - 000285400 _____ C:\Windows\Minidump\091817-75546-01.dmp
2017-09-18 20:40 - 2017-09-18 20:44 - 000000000 ____D C:\Windows\pss
2017-09-18 20:37 - 2017-09-18 20:37 - 000285400 _____ C:\Windows\Minidump\091817-58125-01.dmp
2017-09-18 20:32 - 2017-09-18 20:33 - 000285400 _____ C:\Windows\Minidump\091817-84250-01.dmp
2017-09-18 20:25 - 2017-09-18 20:25 - 000285400 _____ C:\Windows\Minidump\091817-60656-01.dmp
2017-09-18 20:18 - 2017-09-18 20:18 - 000285400 _____ C:\Windows\Minidump\091817-67140-01.dmp
2017-09-18 19:30 - 2017-09-18 19:30 - 000000000 ____D C:\Users\canga_000\AppData\Local\AVAST Software
2017-09-18 19:18 - 2017-09-18 19:18 - 000001084 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2017-09-18 19:18 - 2017-09-18 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2017-09-18 18:15 - 2017-09-18 19:52 - 000000000 ____D C:\Users\canga_000\AppData\Local\dtrocbv
2017-09-18 18:14 - 2017-09-18 18:15 - 000000000 ____D C:\Users\canga_000\AppData\Local\nvrimgp
2017-09-18 17:42 - 2017-09-18 17:49 - 044592848 _____ (Microsoft Corporation) C:\Users\canga_000\Desktop\Windows-KB890830-x64-V5.52.exe
2017-09-18 17:12 - 2017-09-18 20:56 - 000000000 ____D C:\Program Files (x86)\s5
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Windows\SysWOW64\semcurl
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Windows\system32\semcurl
2017-09-18 17:12 - 2017-09-18 17:12 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\et
2017-09-18 17:11 - 2017-09-18 17:11 - 000021538 _____ C:\Windows\System32\Tasks\hzZHrYjsXbJ2
2017-09-18 17:11 - 2017-09-18 17:11 - 000000020 _____ C:\Windows\b50808833
2017-09-18 16:26 - 2017-09-18 16:26 - 000885528 _____ (zebNet Ltd ) C:\Users\canga_000\Desktop\windows_keyfinder.exe
2017-09-18 12:59 - 2017-09-18 13:00 - 000000000 ___RD C:\Users\canga_000\OneDrive - Jacksonville State University 1
2017-09-18 12:31 - 2017-09-18 12:31 - 000000000 ___HD C:\$AV_ASW
2017-09-18 12:29 - 2017-09-18 12:29 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-18 12:25 - 2017-09-19 09:02 - 000000000 ____D C:\Users\canga_000\DSdeGlr6TY
2017-09-18 12:25 - 2017-09-18 20:25 - 000000000 __SHD C:\DSdeGlr6TYDSdeGlr6TY
2017-09-18 12:23 - 2017-09-18 17:02 - 000000000 ____D C:\Users\canga_000\Desktop\KMSpico Install
2017-09-18 12:23 - 2017-09-18 12:23 - 004874302 _____ C:\Users\canga_000\Desktop\KMSpico Install.rar
2017-09-18 09:23 - 2017-09-18 09:23 - 000001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-18 09:23 - 2017-09-18 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-18 09:23 - 2017-09-18 09:23 - 000000000 ____D C:\Program Files\iPod
2017-09-18 09:21 - 2017-09-18 09:23 - 000000000 ____D C:\Program Files\iTunes
2017-09-18 09:18 - 2017-09-18 09:18 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-09-18 09:17 - 2017-09-18 09:17 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-18 09:16 - 2017-09-18 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-09-18 00:32 - 2017-09-18 00:32 - 000012288 _____ (Doodad) C:\Windows\attainability.exe
2017-09-17 18:21 - 2017-09-17 18:21 - 000022482 _____ C:\Users\canga_000\Desktop\Citador.plugin.js
2017-09-17 18:20 - 2017-09-17 18:20 - 000230847 _____ C:\Users\canga_000\Desktop\latency.plugin.js
2017-09-16 19:29 - 2017-09-16 19:29 - 000288421 _____ C:\Users\canga_000\Desktop\Shinzou wo Sasageyo.pdf
2017-09-13 18:45 - 2017-09-13 18:46 - 000285344 _____ C:\Windows\Minidump\091317-250312-01.dmp
2017-09-13 09:13 - 2017-08-19 12:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 09:13 - 2017-08-19 11:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 09:13 - 2017-08-17 17:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-13 09:13 - 2017-08-17 17:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-13 09:13 - 2017-08-17 17:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-13 09:13 - 2017-08-17 17:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-13 09:13 - 2017-08-15 09:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-13 09:13 - 2017-08-15 09:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 09:13 - 2017-08-15 08:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 09:13 - 2017-08-13 13:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 09:13 - 2017-08-13 12:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 09:13 - 2017-08-13 12:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 09:13 - 2017-08-13 12:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 09:13 - 2017-08-13 11:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 09:13 - 2017-08-13 11:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 09:13 - 2017-08-13 11:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 09:13 - 2017-08-13 11:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 09:13 - 2017-08-13 11:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 09:13 - 2017-08-13 11:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 09:13 - 2017-08-13 11:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 09:13 - 2017-08-13 11:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-13 09:13 - 2017-08-13 11:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 09:13 - 2017-08-13 11:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 09:13 - 2017-08-13 11:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-13 09:13 - 2017-08-13 11:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-13 09:13 - 2017-08-13 11:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 09:13 - 2017-08-13 11:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 09:13 - 2017-08-13 11:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 09:13 - 2017-08-13 11:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 09:13 - 2017-08-13 11:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 09:13 - 2017-08-13 10:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-13 09:13 - 2017-08-13 10:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-13 09:13 - 2017-08-13 10:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-13 09:13 - 2017-08-13 10:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 09:13 - 2017-08-13 10:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 09:13 - 2017-08-13 10:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 09:13 - 2017-08-13 10:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 09:13 - 2017-08-13 10:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 09:13 - 2017-08-13 10:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 09:13 - 2017-08-13 10:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 09:13 - 2017-08-13 10:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-13 09:13 - 2017-08-13 10:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 09:13 - 2017-08-13 10:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 09:13 - 2017-08-13 10:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 09:13 - 2017-08-13 10:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 09:13 - 2017-08-13 10:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 09:13 - 2017-08-12 04:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 09:13 - 2017-08-12 04:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 09:13 - 2017-08-11 19:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-13 09:13 - 2017-08-11 18:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 09:13 - 2017-08-11 18:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 09:13 - 2017-08-11 18:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 09:13 - 2017-08-11 15:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-13 09:13 - 2017-08-11 15:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-13 09:13 - 2017-08-11 15:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-13 09:13 - 2017-08-10 22:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 09:13 - 2017-08-10 22:27 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-09-13 09:13 - 2017-08-10 21:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-13 09:13 - 2017-08-10 21:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-13 09:13 - 2017-08-10 21:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-13 09:13 - 2017-08-10 21:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-13 09:13 - 2017-08-10 20:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-13 09:13 - 2017-08-10 20:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 09:13 - 2017-08-10 20:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 09:13 - 2017-08-10 20:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 09:13 - 2017-08-10 20:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 09:13 - 2017-08-06 16:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-13 09:13 - 2017-08-06 02:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-13 09:13 - 2017-07-22 13:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-09-13 09:13 - 2017-07-22 12:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-09-13 09:13 - 2017-07-17 14:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-13 09:13 - 2017-07-16 18:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-13 09:13 - 2017-07-13 18:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-09-13 09:13 - 2017-07-12 15:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2017-09-13 09:13 - 2017-07-12 15:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 09:13 - 2017-07-12 15:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2017-09-13 09:13 - 2017-07-12 15:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 09:13 - 2017-07-08 14:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 09:13 - 2017-07-08 13:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 09:13 - 2017-07-08 13:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 09:13 - 2017-07-08 13:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 09:13 - 2017-07-08 12:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 09:13 - 2017-07-08 12:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 09:13 - 2017-07-07 22:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-09-12 14:37 - 2017-09-12 14:37 - 000000000 ____D C:\Users\canga_000\Documents\Electronic Arts
2017-09-12 13:18 - 2017-09-12 13:18 - 000001611 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2017-09-12 13:18 - 2017-09-12 13:18 - 000001591 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-09-12 13:06 - 2017-09-17 18:28 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\BetterDiscord
2017-09-12 12:54 - 2017-09-12 12:55 - 000000000 ____D C:\Users\canga_000\Desktop\Better Discord
2017-09-11 18:02 - 2017-09-11 18:02 - 002502342 _____ C:\Users\canga_000\Desktop\Recording Background.psd
2017-09-11 16:04 - 2017-09-12 12:53 - 000000000 ____D C:\Users\canga_000\Desktop\Badges
2017-09-11 15:30 - 2017-09-11 15:30 - 000000000 ____D C:\Users\canga_000\AppData\Local\Lorenz_Cuno_Klopfenstein
2017-09-11 15:24 - 2017-09-11 15:24 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\OnTopReplica
2017-09-11 15:17 - 2017-09-11 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindowWatcher
2017-09-11 15:17 - 2017-09-11 15:17 - 000000000 ____D C:\Program Files (x86)\Airesoft
2017-09-11 14:52 - 2017-09-11 14:52 - 000000885 _____ C:\Users\canga_000\Desktop\DeSmuME_0.9.11.lnk
2017-09-11 14:51 - 2017-09-11 14:54 - 000000000 ____D C:\Users\canga_000\Documents\DeSmuME
2017-09-11 14:41 - 2017-09-11 14:43 - 000000000 ____D C:\Users\canga_000\Desktop\Emerald Base
2017-09-11 14:40 - 2017-09-11 19:35 - 000000000 ____D C:\Users\canga_000\Desktop\randomizer
2017-09-11 14:22 - 2017-09-11 14:23 - 006182980 _____ C:\Users\canga_000\Desktop\Emerald Base.rar
2017-09-05 13:48 - 2017-09-05 13:49 - 000000000 ____D C:\Program Files (x86)\Pokemon Showdown
2017-09-05 13:48 - 2017-09-05 13:48 - 000002076 _____ C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
2017-09-05 13:47 - 2017-09-05 13:47 - 035241294 _____ C:\Users\canga_000\Desktop\PokemonShowdownSetup.exe
2017-09-04 19:36 - 2017-09-04 19:36 - 017000694 _____ C:\Users\canga_000\Desktop\DarkRP Addons.zip
2017-09-04 19:32 - 2017-09-04 19:36 - 000000000 ____D C:\Users\canga_000\Desktop\DarkRP Addons
2017-09-04 19:30 - 2017-09-04 19:31 - 000299207 _____ C:\Users\canga_000\Desktop\the_taxi_teleporter_-_get_around_the_map-1.01.zip
2017-09-04 19:30 - 2017-09-04 19:31 - 000038948 _____ C:\Users\canga_000\Desktop\blackline_-_hud_+_f4_combo_for_darkrp-1.03.zip
2017-09-04 19:30 - 2017-09-04 19:31 - 000016473 _____ C:\Users\canga_000\Desktop\blobsparty-1.0.4.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000468469 _____ C:\Users\canga_000\Desktop\[lapis]_[darkrp_hud]_-_gemerosity_collection-1.1.0.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000362150 _____ C:\Users\canga_000\Desktop\[simphys_update]_william's_car_dealer_[7.2.0]-7.2.0.zip
2017-09-04 19:30 - 2017-09-04 19:30 - 000048416 _____ C:\Users\canga_000\Desktop\fresh_car_dealer_v3_-_prometheus-gextension_support!-3.1.3.zip
2017-09-04 19:29 - 2017-09-04 19:31 - 016190256 _____ C:\Users\canga_000\Desktop\vcmod_main_(lights,_seats,_damage,_exhaust,_..)-autoupdater_v8.zip
2017-09-04 19:09 - 2017-09-04 19:09 - 000000000 ____D C:\Windows\SysWOW64\Hotspot Shield
2017-09-01 12:42 - 2017-09-01 12:42 - 000000000 ____D C:\Users\canga_000\AppData\LocalLow\CulterStudio
2017-08-31 09:13 - 2017-08-31 09:19 - 750598670 _____ C:\Users\canga_000\Desktop\Fire Emblem Fates - All Cutscenes Blu-Ray Quality@60FPS [English Japanese].mp4
2017-08-28 12:53 - 2017-08-28 12:56 - 000000213 _____ C:\Users\canga_000\Desktop\Titles of Mushroomz.txt
2017-08-27 19:07 - 2017-08-27 19:07 - 002252474 _____ C:\Users\canga_000\Desktop\Dexter's Character.pdf
2017-08-27 18:47 - 2017-08-27 18:48 - 002252545 _____ C:\Users\canga_000\Desktop\character.pdf
2017-08-25 12:36 - 2017-08-25 12:36 - 029224118 _____ C:\Users\canga_000\Desktop\addons.zip
2017-08-25 12:26 - 2017-08-25 12:31 - 000000000 ____D C:\Users\canga_000\Desktop\addons
2017-08-23 08:48 - 2017-08-23 08:48 - 000061131 _____ C:\Users\canga_000\Desktop\syllabus-ms112-2017-fall.pdf
2017-08-23 08:48 - 2017-08-23 08:48 - 000054104 _____ C:\Users\canga_000\Downloads\Student_Getting_Started_Web.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-20 08:43 - 2016-10-14 16:33 - 000872716 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-20 08:43 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2017-09-19 16:19 - 2013-08-22 08:25 - 014680064 _____ C:\Windows\system32\config\HARDWARE
2017-09-19 13:30 - 2016-10-17 15:15 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\deluge
2017-09-19 10:01 - 2016-10-14 22:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-19 09:32 - 2017-07-24 23:15 - 000000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-09-19 09:32 - 2016-10-14 16:09 - 000000000 ____D C:\Users\canga_000
2017-09-19 09:32 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-19 09:28 - 2016-10-16 17:39 - 000000000 ____D C:\Windows\Minidump
2017-09-19 09:26 - 2016-10-14 16:14 - 000000000 __RDO C:\Users\canga_000\SkyDrive
2017-09-19 09:23 - 2016-10-17 15:28 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-19 09:02 - 2016-10-19 16:29 - 000000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=-
2017-09-19 08:44 - 2016-10-17 11:25 - 000000000 ____D C:\Users\canga_000\AppData\Local\ElevatedDiagnostics
2017-09-18 21:46 - 2016-10-17 14:03 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-18 19:35 - 2017-06-25 03:17 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-18 19:23 - 2016-10-14 16:33 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4034607680-3824418392-2138971786-1001
2017-09-18 19:18 - 2017-02-09 21:17 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2017-09-18 19:16 - 2017-02-09 21:17 - 000000000 ____D C:\ProgramData\Hotspot Shield
2017-09-18 19:12 - 2017-08-17 18:37 - 000001283 _____ C:\Users\canga_000\Desktop\nativelog.txt
2017-09-18 19:12 - 2016-11-04 16:52 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\.minecraft
2017-09-18 19:12 - 2016-10-18 00:35 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\obs-studio
2017-09-18 18:45 - 2016-10-14 22:38 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-18 17:01 - 2016-10-14 16:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-18 16:18 - 2016-10-14 16:31 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F12B3F88-A4CC-4CD4-9E42-5BB8C21C80E1}
2017-09-18 16:16 - 2016-12-08 22:05 - 000000000 ___RD C:\Users\canga_000\iCloudDrive
2017-09-18 13:15 - 2016-10-14 17:04 - 000000000 ____D C:\Users\canga_000\AppData\Local\Pokemon Showdown
2017-09-18 12:55 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-18 12:17 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\NDF
2017-09-18 11:55 - 2016-11-17 15:21 - 000000000 ____D C:\Users\canga_000\AppData\Local\CrashDumps
2017-09-18 09:17 - 2016-11-02 10:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-18 09:16 - 2017-07-18 17:47 - 000887114 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-18 08:58 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-18 08:40 - 2016-10-17 21:57 - 000000000 ____D C:\Users\canga_000\AppData\Local\Adobe
2017-09-17 20:41 - 2016-11-18 15:09 - 000000000 ____D C:\Users\canga_000\AppData\Local\Battle.net
2017-09-17 12:51 - 2016-11-18 15:08 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-16 12:13 - 2017-07-21 18:37 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4034607680-3824418392-2138971786-1001
2017-09-16 12:13 - 2016-10-14 17:09 - 000002314 _____ C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-09-15 18:07 - 2016-11-18 15:11 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-15 16:33 - 2017-04-03 21:05 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\vlc
2017-09-14 17:19 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
2017-09-13 18:44 - 2013-08-22 09:44 - 005238160 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-13 18:39 - 2016-10-17 14:03 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 18:39 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-13 18:35 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-12 14:24 - 2017-04-19 13:27 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-09-12 14:24 - 2017-04-19 13:27 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-09-12 13:18 - 2016-10-24 11:16 - 000000000 ____D C:\Games
2017-09-12 13:14 - 2016-10-19 16:24 - 000000000 ____D C:\Users\canga_000\Downloads\Torrents
2017-09-12 09:31 - 2017-03-09 14:22 - 000001916 _____ C:\Windows\Sandboxie.ini
2017-09-11 19:07 - 2016-10-24 15:44 - 000000000 ____D C:\Program Files (x86)\DS4
2017-09-11 18:48 - 2016-10-17 15:33 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-11 15:42 - 2016-11-02 18:46 - 000000000 ____D C:\Users\canga_000\Downloads\images
2017-09-09 21:36 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-05 10:04 - 2017-03-17 21:10 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-05 10:04 - 2016-10-30 16:14 - 000000000 ____D C:\ProgramData\Skype
2017-09-04 19:21 - 2017-04-07 13:27 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\audacity
2017-09-03 13:35 - 2017-01-12 18:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-01 18:54 - 2017-06-15 19:08 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-01 18:54 - 2017-06-15 19:08 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 09:44 - 2017-03-14 16:25 - 000000000 ____D C:\Users\canga_000\AppData\LocalLow\DefaultCompany
2017-09-01 08:45 - 2016-10-20 16:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-31 20:36 - 2016-10-24 10:13 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-28 16:34 - 2016-10-14 16:34 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 15:40 - 2017-08-11 21:03 - 000000000 ____D C:\Users\canga_000\AppData\Local\Warframe
2017-08-26 23:23 - 2017-06-25 14:40 - 000000936 _____ C:\Users\canga_000\.lmmsrc.xml
2017-08-25 13:27 - 2016-12-25 22:58 - 000000000 ____D C:\Users\canga_000\AppData\Roaming\FileZilla
2017-08-25 12:57 - 2017-08-09 18:41 - 000000000 ____D C:\Users\canga_000\Desktop\gmod
 
==================== Files in the root of some directories =======
 
2017-05-23 18:51 - 2017-05-23 18:51 - 000004549 _____ () C:\Users\canga_000\AppData\Roaming\VoiceMeeterDefault.xml
2016-12-25 22:47 - 2016-12-25 22:47 - 000000600 _____ () C:\Users\canga_000\AppData\Roaming\winscp.rnd
2016-12-11 14:48 - 2016-12-11 14:48 - 000001456 _____ () C:\Users\canga_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-25 23:18 - 2017-07-03 16:24 - 000000600 _____ () C:\Users\canga_000\AppData\Local\PUTTY.RND
2017-09-19 15:03 - 2017-09-19 15:03 - 000000218 _____ () C:\Users\canga_000\AppData\Local\recently-used.xbel
2017-01-21 19:57 - 2017-01-21 19:58 - 000007600 _____ () C:\Users\canga_000\AppData\Local\Resmon.ResmonCfg
2017-09-19 09:10 - 2017-09-19 09:10 - 000048873 _____ () C:\ProgramData\agent.1505830195.bdinstall.bin
2017-09-19 09:27 - 2017-09-19 09:27 - 000001327 _____ () C:\ProgramData\agent.1505831257.4588.bin
2017-09-19 09:13 - 2017-09-19 09:13 - 000030598 _____ () C:\ProgramData\agent.update.1505830412.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-16 12:32
 
==================== End of FRST.txt ============================
 
Addition.txt Results:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by canga_000 (20-09-2017 09:03:42)
Running from C:\Users\canga_000\Desktop
Windows 8.1 Pro (Update) (X64) (2016-10-14 21:12:33)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4034607680-3824418392-2138971786-500 - Administrator - Disabled)
canga_000 (S-1-5-21-4034607680-3824418392-2138971786-1001 - Administrator - Enabled) => C:\Users\canga_000
Guest (S-1-5-21-4034607680-3824418392-2138971786-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.45 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.45 - Datel Design & Development)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Blood and Bacon (HKLM\...\Steam App 434570) (Version:  - Big Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CastleMiner Z (HKLM\...\Steam App 253430) (Version:  - DigitalDNA Games LLC)
Citra Edge (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\citra) (Version: 0.1.44 - Citra Development Team)
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{E3B264CE-D9CF-448B-960F-4F832FB1F990}) (Version: 15.2.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.4 - Corel Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
DaVinci Resolve (HKLM\...\{0AD19E45-B885-4EB1-AC13-A481724BB52D}) (Version: 12.5.6017 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{6A8DCCDF-BC76-4964-B429-D74E5FC11E98}) (Version: 1.1.1.0 - Blackmagic Design)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
DocLock (HKLM-x32\...\DocLock) (Version: 2.1.1.1 - Large Software)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
EasyTether (HKLM\...\{1B7DB4DD-B70D-4FE4-B909-E3D2AC7A17DD}) (Version: 1.3.3 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{6f3b40d5-c81b-469b-a7a2-b560f8561a8c}) (Version: 1.3.3 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{767071E2-19B8-45D0-B283-776A6403C9BC}) (Version: 1.0.6 - Mobile Stream)
FileZilla Client 3.27.0.1 (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGA WRECKER (HKLM\...\Steam App 454410) (Version:  - GAME FREAK inc.)
GitHub (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.3.0 - GitHub, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HackingToolkit3DS version 9 (HKLM-x32\...\{DFCCDD37-4B7E-4E7D-ABAC-06AA7C1DEFB5}_is1) (Version: 9 - Asia81)
HandBrake 1.0.2 (HKLM-x32\...\HandBrake) (Version: 1.0.2 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotspot Shield 7.1.2 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C137CD26}) (Version: 7.1.2.10755 - AnchorFree Inc.) Hidden
Hotspot Shield 7.1.2 (HKLM-x32\...\{ddcf3c73-2b97-4dc5-bdf5-ab48869082b3}) (Version: 7.1.2.10755 - AnchorFree Inc.)
Hotspot Shield 7.1.2 (HKLM-x32\...\HotspotShield) (Version: 7.1.2 - AnchorFree Inc.) Hidden
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Kinoni Streamer 1.51 (HKLM-x32\...\Kinoni Remote Desktop) (Version: 1.51 - Kinoni)
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.1.1 - LG Electronics)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
midi2style 6.8 (HKLM-x32\...\midi2style_is1) (Version: 6.8 - www.jososoft.dk)
MidiEditor (HKLM-x32\...\D4338446-FFE6-1A12-ACFF-CB6F6A6A70A1) (Version: 3.0.0 - Markus Schwenk)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Move or Die (HKLM\...\Steam App 323850) (Version:  - Those Awesome Guys)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.6 - Black Tree Gaming)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.1.16 (HKLM\...\{8834A1E1-4C15-431B-9268-3463F726AB13}) (Version: 5.1.16 - Oracle Corporation)
osu! (HKLM-x32\...\{8d3b6c53-5c40-4066-be08-21d251fa8c25}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Pokémon Uranium (HKLM-x32\...\{C50F06DC-BC8C-44C3-B510-EA0735E5B7E9}) (Version: 1.1 - TTGJailbreak)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.712 - Razer Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.28.2013.0912 - REALTEK Semiconductor Corp) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.28.2013.0912 - REALTEK Semiconductor Corp)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REDRAGON GAMING MOUSE (HKLM-x32\...\{B813639F-D6DF-40CB-A92A-C602548440E1}_is1) (Version: 1.1 - redragonzone)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) (Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
RWBY: Grimm Eclipse (HKLM\...\Steam App 418340) (Version:  - Rooster Teeth Games)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.1.0.2 - Splashtop Inc.)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Customizer (HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Steam Customizer) (Version: 1.00.00.00 - Blumont)
Sublime Text Build 3126 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Subnautica (HKLM\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Super Star (HKLM\...\Steam App 503300) (Version:  - SakuraGame)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=- v1.9.32.0 (HKLM-x32\...\The Elder Scrolls V Skyrim Full Game+DLC-=AviaRa=- v1.9.32.0) (Version:  - )
The Escapists (HKLM\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WindowWatcher (HKLM-x32\...\WindowWatcher) (Version: 1.0 - Airesoft)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinImage (HKLM\...\WinImage) (Version:  - )
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\Musicsoft Downloader 5) (Version: 5.7.3 - Yamaha Corporation)
Yamaha USB-MIDI Driver (HKLM\...\{2D488455-3E89-49EF-BA6E-92C2503DC89D}) (Version: 3.1.4.1 - Yamaha Corporation) Hidden
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{2D488455-3E89-49EF-BA6E-92C2503DC89D}) (Version: 3.1.4.1 - Yamaha Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4034607680-3824418392-2138971786-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\canga_000\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-01-16] ()
ContextMenuHandlers1: [DocLock Context Menu] -> {FDAA5C88-14D2-11DF-8D8B-239B55D89593} => C:\Program Files (x86)\DocLock\DocLock_ext64.dll [2010-07-01] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DocLock Context Menu] -> {FDAA5C88-14D2-11DF-8D8B-239B55D89593} => C:\Program Files (x86)\DocLock\DocLock_ext64.dll [2010-07-01] ()
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1545A509-F271-475D-A387-557D5FFB927C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-18] (Microsoft Corporation)
Task: {1CEA0CCB-7302-4CEE-843E-9D239AA8AFC2} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper)
Task: {20273CC9-3EBF-4CEB-8CF5-5FBED7788AC5} - System32\Tasks\hzZHrYjsXbJ2 => hzzhryjsxbj2.exe
Task: {28D439DB-CACE-454A-9E26-649CA59D2E76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {2A17C178-D4C4-4232-9AAF-7A53BAC72721} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {2C98B8DA-73E4-41E4-BF04-A789939955FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-14] (Google Inc.)
Task: {31B38123-3B5E-4DAC-B5CC-6390104D0D75} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {37D3C3D5-A5CA-4B24-887E-878865B59373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-18] (Microsoft Corporation)
Task: {39048138-04E5-49FB-A2DA-40576DD83305} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {61C816C4-2DAE-46F1-99EA-08C769CB3BC9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6535F731-424A-4701-AC0D-2439FB2E2844} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2017-09-18] (Microsoft Corporation)
Task: {7C360AD4-877C-4AEA-A7FD-14FFE3B558CF} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {86B0CB29-BFB4-4FB8-B220-EB5E83EF3134} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {92CA81F4-B39D-4C21-990E-594BB03EF379} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-18] (Microsoft Corporation)
Task: {AF3D7E37-56F2-4974-B283-A88C83D67F7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C8EBAC9F-C9F1-4592-A2E4-A22263D74D28} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {D69B0098-0B7F-454D-AAD6-82D7E834EAB9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-18] ()
Task: {DB7989F3-D863-4DD7-8B7C-ACAB5B0B9AB3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-18] ()
Task: {E28090B0-D71F-44DD-BDCA-D9D350D91B31} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-canga60@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {F68D9559-4374-4EB4-90B5-DD37D2C86C2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\canga_000\AppData\Local\Microsoft\Windows\RoamingTiles\12438324870.lnk -> hxxp://192.168.0.1
 
ShortcutWithArgument: C:\Users\canga_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\12438324870.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xbba6301a -pinnedTimeHigh 0x01ce21df -securityFlags 0x00000000 -url 0x00000013 hxxp://192.168.0.1/
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nimbus Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aecjogkncpbkjfobfnoaiepipllcadhe
ShortcutWithArgument: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-18 05:45 - 2017-09-18 16:51 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-07-01 06:16 - 2010-07-01 06:16 - 000103936 _____ () C:\Program Files (x86)\DocLock\DocLock_ext64.dll
2017-01-16 20:30 - 2017-01-16 20:30 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-08-28 16:34 - 2017-08-23 03:48 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libglesv2.dll
2017-08-28 16:34 - 2017-08-23 03:48 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\msln.exe:0facd4cdccd2b2b7607e486703f149d3 [214]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\sharepoint.com -> hxxps://jsu-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-09-19 09:02 - 000001053 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\canga_000\Downloads\images\Fuukawallpaper.jpg
DNS Servers: 10.80.5.132
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Manager.lnk"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\StartupFolder: => "prowled.lnk"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "EasyTether"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "download.ninja"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "obsess"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "DSdeGlr6TY"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "Haste"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "untainted"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0328A21F-151B-4E84-9225-0A96A35BBC2B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{82AB8A7E-9F35-4D40-AF01-4702C5D26FFC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1A33BB99-4A23-45BF-832C-5EF0EED9C8DC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FCE50B9D-5098-4EE7-B97C-CE8E6D112F5F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{AC4B168E-0DE0-4166-9662-2F150E226103}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{2873D739-1FFA-4110-B52D-451D609775B9}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{15B77695-B002-4C9F-B9CF-6D7BCE8B4633}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF463A5C-D06B-4833-9F00-D0424A679799}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5C3F20D4-77CE-473E-BE9E-5EC09B8CB58C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4188098A-BF05-4224-A5B5-2FB4940F4E3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A28FAAC-55A4-4B2A-B683-414466295673}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{715B4EED-1AD6-44FF-92CE-5A59323D4A1B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{3F480966-7E22-47E8-9F77-CB8B3E848E33}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{618129B1-0EAA-4B3E-876F-BF300F26EA88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{24F3C761-D24E-4203-BDF0-C99CD9A34A06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7DC59F85-54F8-4CD9-B9D5-B438B595186A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{AC9FEB82-1982-4DD9-9E73-B4B04D73103E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{4C989EE1-53E5-4F7B-BAF0-08212AFA8397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0E71B598-0C34-4C0C-9823-7E3FEA68A299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2DCEC9BD-9E31-4585-A0AA-D67E85562109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B1CC4282-E83B-4136-A69B-F914090DFE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F574B8F4-8DFB-4062-BE57-56B42D9E4E96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D2270D07-80A0-435A-8BFE-0772E4812B0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{893C35AD-5D9C-4308-8CE8-9BEF816EEFD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{09B0AABD-AAF1-462B-A298-066AD08D46C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [TCP Query User{5C6B3CCA-CEC2-47A3-961D-D7E222E81CF9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{421B6634-D9ED-440F-853B-24F390E4B359}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{97775839-BF97-47FB-BBA8-A93CE8CD8709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{AECC2838-E904-4761-9738-57669E191946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{1C9CB214-3EC1-48C1-AB6A-6E6BEAC3FB0D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{52F96AE3-5B99-4EED-B192-697BDBBB5519}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D8A7B9BE-7880-4EEA-A4DB-393ED01A88FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{201A1910-7953-4C62-B3DE-EAF0D49091F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8B96EA6-5D09-417E-8225-6EC589DCB1CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{149DDC6A-30F1-444E-867D-AFA12341F6A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5B8D300C-3A33-4594-8732-61AEE46FBC7A}C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe] => (Allow) C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe
FirewallRules: [UDP Query User{0D036A35-3590-4782-8362-5782A6067772}C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe] => (Allow) C:\users\canga_000\downloads\torrents\igg-drawful.2\drawful 2.exe
FirewallRules: [TCP Query User{EC35A3A2-650C-40A5-8DCF-D316966DF24C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0D739C40-10FF-4806-A4D0-952F84B70B18}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{9FFCF07D-3675-4E72-8A31-626EC7E99AA7}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
FirewallRules: [{849C97F1-62BF-4446-AB89-9AF876B99864}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F9B394B6-918D-44CF-951F-9E3C4261FA1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{992C3DC7-FFDA-40EB-AC3F-6C48CB5DF9D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{64EF0E27-EFBB-4C84-92F7-F71FC11A601D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F1BAD3BE-1992-4C43-A02E-BD58804734A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{D6F746DB-D204-40B7-B23D-440FCBCC0E66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{CC9359E5-750E-45B7-A994-BE531C115503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{70C1D6D3-4451-468E-BBF4-93216030340F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{20B36736-2543-40DE-8682-B9D766381FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{CE53B5B1-0299-4874-AD53-26C1124D4C2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B4547F53-6645-4658-B3A4-68D945B03264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8768B950-6705-4A4A-AD27-EECC6BCEEA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{AAC1C0DB-EE2C-4423-B24B-CC9B5A1953E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{3C915267-E8B6-4351-83B9-C70867C84E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{FE32DE5B-C253-4A41-B577-0F1A15F3D270}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3215F80F-4FF5-4241-8DB5-118677641316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C1D4A4A-A86E-43CD-96D6-C0EAC5260EA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60037226-3D1E-4CAA-9A02-5AB3E9986A6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FA2A37DF-95BA-4636-A8EB-D5B26D9CF7D4}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{9B29E96E-7965-4432-A5AF-242E2678F1B3}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{933A899C-267D-41A2-8BEA-136502DCF43B}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{D8D27D58-4443-4936-8FC1-6718FCAFE84E}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{EFBDD3F0-2F27-4F73-8B46-517DB26F3598}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{EAF7E56E-CCB3-497B-8476-D763BADB863C}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{C951FE32-C5EF-450C-9905-8434430F1D11}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{1F4A7E4D-43C2-4F28-8836-843EC9DA261E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{C898D6E5-B48C-479B-9DAA-FB54564B39C0}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{6F0B6799-18D6-4799-B94F-7996CEBE6A12}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{4F0F0F40-DA97-49F0-961E-8A9F961F5C7B}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe
FirewallRules: [{BE47A36B-DA7D-4C59-A1ED-7C6E2E49244A}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{CA213419-8C72-42F7-BE26-2A7BE3DF6E14}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{25B69F94-F30B-4BBA-AC7A-A97BCA9962E7}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{84831CCF-C30E-4A46-8D2C-36079590AE10}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{AA9AC0AA-A457-46B1-80BD-F3907B3ADB6E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{A930B03D-27E0-4936-9629-4DAE5A21F9D7}] => (Allow) C:\KOPLAYER\KOPLAYER.exe
FirewallRules: [{9F1E0A11-7B82-4B75-BC0C-D8F4ACBB6191}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe
FirewallRules: [{62E84148-9092-4F0D-A79B-D41ED961E6A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{46FC5794-8E08-463B-852B-FB4FA00EEBC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{182F2122-2AF7-4D81-8D95-0AAE113B0F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Star\game.exe
FirewallRules: [{642A8578-BC5B-4B11-841A-4E5871B42A73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Star\game.exe
FirewallRules: [{64A207E3-E5EF-4AED-8926-E6123ECE749E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{BE04E576-5922-4CF0-BECA-B8B46A470050}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E74F1792-8C2E-4FD0-BD09-55EF4197E013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{E1747981-DB6F-4856-AF41-6A96340DB983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6E71697C-1541-4DE0-8EB3-8ABD56EBAE54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{5F52EA35-DA14-48EF-997C-59AF1D190B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{877900FC-E541-46C5-AC2C-55E7291AAC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{8F37DBBC-FEB6-47C8-BF4A-A5B3D3189880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{AB25038D-B32A-485F-9FBB-23C8C01AE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{ED83DC07-D75B-4354-87DD-BF2A9F465B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9AC27168-F017-41B8-B1C6-9ED766E782DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{9C789A5F-7450-40AB-8962-983E61C0CB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{0DDA5481-7A86-4FF5-AC8D-720A96F85860}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{03B2A190-1B96-45A5-B77B-C4A09B78EA9B}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{5A013035-C1C0-4B24-8C96-708B6C03FAD6}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{352188BB-977C-4764-9100-EB35EAA58656}] => (Allow) C:\Program Files (x86)\Kinoni\Remote Desktop\windowsserver.exe
FirewallRules: [{D76DD7C7-5AE7-4DE3-B3BC-54EE9650C22C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{BDF6973A-F50F-48AB-9091-5BE99B0078C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [TCP Query User{1CBA010C-D49C-4B56-A363-66717772D429}C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{9C399E52-26F5-4316-88BF-2EFC195FA760}C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{BD3B4D2A-EF44-4DD0-A005-127EF38F22B4}C:\koplayer\download\minithunderplatform.exe] => (Allow) C:\koplayer\download\minithunderplatform.exe
FirewallRules: [UDP Query User{46B0AE2C-93B3-4F25-8A95-AB138C6076C4}C:\koplayer\download\minithunderplatform.exe] => (Allow) C:\koplayer\download\minithunderplatform.exe
FirewallRules: [{2F265679-EF25-42EE-9465-C30591C9A9F1}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [{47237BE0-E5F8-46E2-8D26-FB3B0DC6A3A2}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe
FirewallRules: [TCP Query User{DFE51F1B-F067-4F46-A4C4-0803780FEF90}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{CAC81EAC-DF9D-462F-8ADE-172E749BF325}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1BA5C1B4-7885-4698-8E3E-6783BC0A7868}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{94200C16-F3E3-47E4-BEE3-C1FD1E1C2383}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2EFF3230-C06E-4F86-A8E6-0C5C00D1CD48}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C8E19FBE-039B-4722-82B6-28D5356A8AC8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{1440B137-985A-4AC4-A4F2-1C11BD8D16FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{32C28C39-F392-4BE1-840F-3B08C23B3316}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{66BB91E9-3967-4A9C-8B60-4FF5055C52BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{60ADE245-8A9D-4E7A-803D-883D615C3395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
FirewallRules: [TCP Query User{711B430D-DAB5-43E3-877B-EC7277F90A73}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [UDP Query User{F094EA04-855C-41F6-B186-27B5E498E07A}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [{736D1816-D478-4149-8395-7CAFE36AA176}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{04C81790-2227-460B-8D42-E73B0D060D23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{5E9FFA24-1ED7-4680-AD83-C73815D2A440}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GigaWrecker\GigaWrecker.exe
FirewallRules: [{CAE7FDDC-9590-4897-B19D-5BFF90C1E514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GigaWrecker\GigaWrecker.exe
FirewallRules: [{4C611157-6D46-4000-A917-60836152ADAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RWBY_GE\rwby-ge.exe
FirewallRules: [{0B2A2B65-D361-4A0A-8784-5A253B0A9D08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RWBY_GE\rwby-ge.exe
FirewallRules: [{FEC85D39-2A4A-4318-9B05-822A268E21F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [{6FCF20A2-E276-4CCF-BDF3-3E6C2651CC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe
FirewallRules: [{24775D84-C49D-4907-A5B9-7B8E81D283AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{0C274325-CED0-4D90-BF55-9935DAD79CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D3E390B0-24B3-43F8-8ECB-1319ECD7C544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{46763F97-DE73-440D-AE3F-1B50AB68C2B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{9C58238E-7854-4202-A39D-AA3436233124}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{29F23941-CEA3-4959-BB89-3B2BBA1F8580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{908BFE10-0C01-47A2-B79C-32C4E121C8C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6827CB9E-4844-45E7-BAA2-81D3D851659B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3DF418CE-5E35-409E-BA6E-AD002910E997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{FAF12A4B-32A0-464E-870E-97DB5328E718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E6295415-CBF7-4D43-88CD-057BE31E95EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{EC9C977D-7622-4FE5-A487-52C089C8654E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{16C52252-84F7-4816-BFFB-D25B7AA12193}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{2D5F0138-2B21-4FB7-8EF1-C5B393056485}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{5F19A76E-8241-4278-80C5-C783559EBBEB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{69F41B7B-9CB0-4A2C-B88F-074B69018ED4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{E31B532A-92B4-48E4-94E1-2434E3053E57}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{8CC956FC-A49B-4B41-9B53-D3ECA5059F30}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{77C1B824-278F-4327-AAF9-429088B81CC1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{D9968B02-F506-476E-9838-A665B86D1185}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{E3CEB318-6377-41D7-966C-4D16359266B4}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{92774665-20EE-4721-8027-462B977C5C08}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{B0E7F4F0-1C82-41C3-934A-A2EA1645D1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{E2CCC7CE-C222-4CFA-9E8C-438B6ADB413D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B74EC84F-7ACF-4185-A191-C57D221C1A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{00AC4935-DDE6-4F76-B19B-008652FCE8D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{077D0DDE-7DA1-4738-9D55-57B2BA317121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C7A9808C-D03D-401B-BF37-298D49041180}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5A749118-BD30-4477-A6CD-9D99E71BA0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FF7F115F-5BFC-44CE-A0AB-1BB5F81AB47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1900849A-D0FF-45E8-AC41-7A0559DB99CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6FCC39FD-CDE9-4B0E-8C89-297A0764B76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{77AF0351-19C1-4ED1-B54E-D0590870ED6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{5DD5164B-C8C4-421D-96B9-9F1EE2DE1EE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6C320E19-15A3-409D-9192-F94448FC524C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DD7020E8-2E42-4202-BB5A-795984530B7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{34A2EB70-B417-4109-8330-2E78B745C108}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7ABE51B0-5401-4C39-960D-3B3AC7757CBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA1F086E-BA97-4480-8BD1-BD260DFB16B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{60A6FFA2-0BE0-4423-9205-0441AC2CDF50}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{D68CB62D-B66D-4FFB-8F58-880CF1749426}] => (Allow) C:\Program Files (x86)\Electronics\doodad.exe
FirewallRules: [{2855596F-22DF-48FE-A9DA-59705968ECDF}] => (Allow) C:\Program Files (x86)\Bogeys\doodad.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth USB Controller-15 from TOSHIBA
Description: Bluetooth USB Controller-15 from TOSHIBA
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: Toshiba
Service: tosrfusb
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2017 01:01:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (09/19/2017 01:01:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
Error: (09/19/2017 10:40:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:34:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:34:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:32:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:24:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:18:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:18:29 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/19/2017 10:16:22 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (09/20/2017 09:05:45 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/20/2017 09:03:43 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:03:43 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:03:41 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:03:41 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:03:41 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:03:41 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:02:48 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:02:48 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/20/2017 09:02:48 AM) (Source: DCOM) (EventID: 10005) (User: DEXTERS-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-09-02 23:11:35.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:35.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-09-02 23:11:34.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8076.22 MB
Available physical RAM: 5422.95 MB
Total Virtual: 16268.22 MB
Available Virtual: 13294.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.12 GB) (Free:17.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#12 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 20 September 2017 - 09:09 AM

Edit: Sorry, it double posted.


Edited by ZeroX96, 20 September 2017 - 09:13 AM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 20 September 2017 - 09:20 AM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 ZeroX96

ZeroX96
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 20 September 2017 - 09:53 AM

Alright, here is the fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by canga_000 (20-09-2017 09:45:30) Run:1
Running from C:\Users\canga_000\Desktop
Loaded Profiles: canga_000 (Available Profiles: canga_000)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [DSdeGlr6TY] => C:\DSdeGlr6TYDSdeGlr6TY\DSdeGlr6TY.vbs
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [untainted] => "C:\Program Files (x86)\trolled\untainted.exe"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\Run: [obsess] => "C:\Program Files (x86)\Electronics\doodad.exe"
Startup: C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prowled.lnk [2017-09-18]
ShortcutTarget: prowled.lnk -> C:\Program Files (x86)\Electronics\doodad.exe (No File)
 
S2 apexpsvc; "C:\Users\CANGA_~1\AppData\Local\Temp\xis\apexpsvc.exe" /svc [X] <==== ATTENTION
S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X]
S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NIS.exe" /h ccCommon [X]
S1 MpKsldbe7a3cd; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00648F89-50D9-4FA4-B531-CD261B0E10F0}\MpKsldbe7a3cd.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.7.1.32\Definitions\SDSDefs\20161109.008\EX64.SYS [X]
S3 RTSUER; \SystemRoot\system32\Drivers\RtsUer.sys [X]
 
Task: {20273CC9-3EBF-4CEB-8CF5-5FBED7788AC5} - System32\Tasks\hzZHrYjsXbJ2 => hzzhryjsxbj2.exe
Task: {C8EBAC9F-C9F1-4592-A2E4-A22263D74D28} - \AutoPico Daily Restart -> No File <==== ATTENTION
 
ShortcutWithArgument: C:\Users\canga_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\12438324870.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xbba6301a -pinnedTimeHigh 0x01ce21df -securityFlags 0x00000000 -url 0x00000013 hxxp://192.168.0.1/
 
AlternateDataStreams: C:\Windows\system32\msln.exe:0facd4cdccd2b2b7607e486703f149d3 [214]
 
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\StartupFolder: => "prowled.lnk"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "download.ninja"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "DSdeGlr6TY"
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\...\StartupApproved\Run: => "untainted"
 
FirewallRules: [{0328A21F-151B-4E84-9225-0A96A35BBC2B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{82AB8A7E-9F35-4D40-AF01-4702C5D26FFC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1A33BB99-4A23-45BF-832C-5EF0EED9C8DC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FCE50B9D-5098-4EE7-B97C-CE8E6D112F5F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{AC4B168E-0DE0-4166-9662-2F150E226103}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{2873D739-1FFA-4110-B52D-451D609775B9}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7A28FAAC-55A4-4B2A-B683-414466295673}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{715B4EED-1AD6-44FF-92CE-5A59323D4A1B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D68CB62D-B66D-4FFB-8F58-880CF1749426}] => (Allow) C:\Program Files (x86)\Electronics\doodad.exe
FirewallRules: [{2855596F-22DF-48FE-A9DA-59705968ECDF}] => (Allow) C:\Program Files (x86)\Bogeys\doodad.exe
 
C:\DSdeGlr6TYDSdeGlr6TY
C:\Program Files\CyberGhost 6
C:\Program Files\KMSpico
C:\Program Files (x86)\Bogeys
C:\Program Files (x86)\Electronics
C:\Program Files (x86)\trolled
C:\Program Files (x86)\s5
C:\Program Files (x86)\Norton Internet Security
C:\Users\canga_000\DSdeGlr6TY
C:\Users\canga_000\Desktop\KMSpico Install
C:\Users\canga_000\Desktop\KMSpico Install.rar
C:\Users\canga_000\AppData\Local\dtrocbv
C:\Users\canga_000\AppData\Local\nvrimgp
C:\Users\canga_000\AppData\Local\Microsoft\Windows\RoamingTiles\12438324870.lnk
C:\Users\canga_000\AppData\Roaming\et
C:\Windows\b50808833
C:\Windows\attainability.exe
C:\Windows\system32\semcurl
C:\Windows\system32\Drivers\iadilosv.sys
C:\Windows\SysWOW64\semcurl
 
EmptyTemp:
*****************
 
Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DSdeGlr6TY => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\untainted => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\Software\Microsoft\Windows\CurrentVersion\Run\\obsess => value removed successfully
C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prowled.lnk => moved successfully
C:\Program Files (x86)\Electronics\doodad.exe => not found.
HKLM\System\CurrentControlSet\Services\apexpsvc => key removed successfully
apexpsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\CG6Service => key removed successfully
CG6Service => service removed successfully
HKLM\System\CurrentControlSet\Services\EraserSvc11621 => key removed successfully
EraserSvc11621 => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsldbe7a3cd => key removed successfully
MpKsldbe7a3cd => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
NAVEX15 => service removed successfully
HKLM\System\CurrentControlSet\Services\RTSUER => key removed successfully
RTSUER => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20273CC9-3EBF-4CEB-8CF5-5FBED7788AC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20273CC9-3EBF-4CEB-8CF5-5FBED7788AC5} => key removed successfully
C:\Windows\System32\Tasks\hzZHrYjsXbJ2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hzZHrYjsXbJ2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8EBAC9F-C9F1-4592-A2E4-A22263D74D28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8EBAC9F-C9F1-4592-A2E4-A22263D74D28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
C:\Users\canga_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\12438324870.lnk => Shortcut argument removed successfully.
C:\Windows\system32\msln.exe => ":0facd4cdccd2b2b7607e486703f149d3" ADS removed successfully.
C:\Users\canga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\prowled.lnk => not found.
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\prowled.lnk => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\download.ninja => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\download.ninja => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DSdeGlr6TY => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DSdeGlr6TY => value not found.
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\untainted => value removed successfully
HKU\S-1-5-21-4034607680-3824418392-2138971786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\untainted => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0328A21F-151B-4E84-9225-0A96A35BBC2B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82AB8A7E-9F35-4D40-AF01-4702C5D26FFC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A33BB99-4A23-45BF-832C-5EF0EED9C8DC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCE50B9D-5098-4EE7-B97C-CE8E6D112F5F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC4B168E-0DE0-4166-9662-2F150E226103} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2873D739-1FFA-4110-B52D-451D609775B9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A28FAAC-55A4-4B2A-B683-414466295673} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{715B4EED-1AD6-44FF-92CE-5A59323D4A1B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D68CB62D-B66D-4FFB-8F58-880CF1749426} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2855596F-22DF-48FE-A9DA-59705968ECDF} => value removed successfully
C:\DSdeGlr6TYDSdeGlr6TY => moved successfully
C:\Program Files\CyberGhost 6 => moved successfully
"C:\Program Files\KMSpico" => not found.
"C:\Program Files (x86)\Bogeys" => not found.
"C:\Program Files (x86)\Electronics" => not found.
"C:\Program Files (x86)\trolled" => not found.
C:\Program Files (x86)\s5 => moved successfully
"C:\Program Files (x86)\Norton Internet Security" => not found.
C:\Users\canga_000\DSdeGlr6TY => moved successfully
C:\Users\canga_000\Desktop\KMSpico Install => moved successfully
C:\Users\canga_000\Desktop\KMSpico Install.rar => moved successfully
 
"C:\Users\canga_000\AppData\Local\dtrocbv" folder move:
 
Could not move "C:\Users\canga_000\AppData\Local\dtrocbv" => Scheduled to move on reboot.
 
 
"C:\Users\canga_000\AppData\Local\nvrimgp" folder move:
 
Could not move "C:\Users\canga_000\AppData\Local\nvrimgp" => Scheduled to move on reboot.
 
C:\Users\canga_000\AppData\Local\Microsoft\Windows\RoamingTiles\12438324870.lnk => moved successfully
C:\Users\canga_000\AppData\Roaming\et => moved successfully
C:\Windows\b50808833 => moved successfully
C:\Windows\attainability.exe => moved successfully
 
"C:\Windows\system32\semcurl" folder move:
 
Could not move "C:\Windows\system32\semcurl" => Scheduled to move on reboot.
 
C:\Windows\system32\Drivers\iadilosv.sys => moved successfully
C:\Windows\SysWOW64\semcurl => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 77894898 B
Java, Flash, Steam htmlcache => 249908593 B
Windows/system/drivers => 406546977 B
Edge => 0 B
Chrome => 402948083 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 147492 B
systemprofile32 => 128 B
LocalService => 222913 B
NetworkService => 183304 B
canga_000 => 83506888 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 20-09-2017 09:49:31)
 
"C:\Users\canga_000\AppData\Local\dtrocbv" => Could not move
"C:\Users\canga_000\AppData\Local\nvrimgp" => Could not move
"C:\Windows\system32\semcurl" => Could not move
 
==== End of Fixlog 09:49:39 ====


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 20 September 2017 - 10:04 AM

Alright, now run this FRST fix, and attach the fixlog.txt here after.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users