Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore failed / Infected and cannot use certain programs


  • This topic is locked This topic is locked
108 replies to this topic

#31 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 12:56 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 12:55:43) Run:16
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: Reg query "HKLM\SYSTEM\CurrentControlSet\services\VSS" /s
Reg: Reg query "HKLM\SYSTEM\CurrentControlSet\services\RpcSs" /s

*****************


========= Reg query "HKLM\SYSTEM\CurrentControlSet\services\VSS" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS
    DisplayName    REG_SZ    @%systemroot%\system32\vssvc.exe,-102
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\vssvc.exe
    Description    REG_SZ    @%systemroot%\system32\vssvc.exe,-101
    ObjectName    REG_SZ    LocalSystem
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x10
    DependOnService    REG_MULTI_SZ    RPCSS
    ServiceSidType    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP
    SppGetSnapshots (Enter)    REG_BINARY    480000000000000095A5CED17D69D301DC0B0000C80B0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppGetSnapshots (Leave)    REG_BINARY    4800000000000000B6C9D5D17D69D301DC0B0000C80B0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppEnumGroups (Enter)    REG_BINARY    4800000000000000162BD8D17D69D301DC0B0000C80B0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppEnumGroups (Leave)    REG_BINARY    4800000000000000162BD8D17D69D301DC0B0000C80B0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
    SppCreate (Enter)    REG_BINARY    4800000000000000F64395E3076CD301F8120000B8150000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppGatherWriterMetadata (Enter)    REG_BINARY    480000000000000056A597E3076CD301F8120000B8150000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppGatherWriterMetadata (Leave)    REG_BINARY    48000000000000006A0A70E6076CD301F8120000B8150000D30700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppAddInterestingComponents (Enter)    REG_BINARY    48000000000000006A0A70E6076CD301F8120000B8150000D40700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppAddInterestingComponents (Leave)    REG_BINARY    4800000000000000ED9A8CE6076CD301F8120000B8150000D40700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SppCreate (Leave)    REG_BINARY    4800000000000000FF7568EA076CD301F8120000B8150000D00700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore
    SrCreateRp (Enter)    REG_BINARY    4800000000000000F64395E3076CD301F8120000B8150000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    SrCreateRp (Leave)    REG_BINARY    48000000000000005FD76AEA076CD301F8120000B8150000D50700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\BITS Writer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SqlServerWriter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}DiscoverSnapshots (Enter)    REG_BINARY    4800000000000000A046B3F15E6CD3010000000000000000200000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}Activate (Enter)    REG_BINARY    480000000000000000A8B5F15E6CD3010000000000000000080000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ActivateLoop (Enter)    REG_BINARY    480000000000000000A8B5F15E6CD30100000000000000001A0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ActivateLoop (Leave)    REG_BINARY    4800000000000000A251C6F15E6CD30100000000000000001B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ComputeIgnorableProduct (Enter)    REG_BINARY    4800000000000000C375CDF15E6CD30100000000000000000C0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ComputeIgnorableProduct (Leave)    REG_BINARY    4800000000000000651FDEF15E6CD30100000000000000000D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}DeleteProcess (Enter)    REG_BINARY    4800000000000000651FDEF15E6CD3010000000000000000120000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}Activate (Leave)    REG_BINARY    4800000000000000651FDEF15E6CD3010000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}DiscoverSnapshots (Leave)    REG_BINARY    4800000000000000651FDEF15E6CD3010000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}SetIgnorable (Enter)    REG_BINARY    4800000000000000C580E0F15E6CD30100000000000000000A0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}SetIgnorable (Leave)    REG_BINARY    4800000000000000A45E06F45E6CD30100000000000000000B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}AdjustBitmap (Enter)    REG_BINARY    4800000000000000EDC74DF45E6CD3010000000000000000040000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ValidateDiffAreaFiles (Enter)    REG_BINARY    4800000000000000EDC74DF45E6CD30100000000000000001C0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    VolumesSafeForWrite (Enter)    REG_BINARY    4800000000000000EDC74DF45E6CD30100000000000000001E0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    VolumesSafeForWrite (Leave)    REG_BINARY    48000000000000009CB5FDF65E6CD30100000000000000001F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}ValidateDiffAreaFiles (Leave)    REG_BINARY    48000000000000009CB5FDF65E6CD30100000000000000001D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}AdjustBitmap (Leave)    REG_BINARY    48000000000000009CB5FDF65E6CD3010000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Volume{cbc443be-bf77-11de-8ca5-806e6f6e6963}DeleteProcess (Leave)    REG_BINARY    48000000000000009CB5FDF65E6CD3010000000000000000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}
    (Default)    REG_SZ    Microsoft Software Shadow Copy provider 1.0
    Type    REG_DWORD    0x1
    Version    REG_SZ    1.0.0.7
    VersionId    REG_SZ    {00000001-0000-0000-0007-000000000001}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID
    (Default)    REG_SZ    {65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings
    MSDEVersionChecking    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert
    {2707761B-2324-473D-88EB-EB007A359533}    REG_SZ    DFS-R Writer
    {D76F5A28-3092-4589-BA48-2958FB88CE29}    REG_SZ    FRS Writer
    {B2014C9E-8711-4C5C-A5A9-3CF384484757}    REG_SZ    AD Writer
    {DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}    REG_SZ    ADAM Writer
    TornComponentsBlockRevert    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl
    NT Authority\NetworkService    REG_DWORD    0x1



========= End of Reg: =========


========= Reg query "HKLM\SYSTEM\CurrentControlSet\services\RpcSs" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs
    DisplayName    REG_SZ    @oleres.dll,-5010
    Group    REG_SZ    COM Infrastructure
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k rpcss
    Description    REG_SZ    @oleres.dll,-5011
    ObjectName    REG_SZ    NT AUTHORITY\NetworkService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RpcEptMapper\0DcomLaunch
    FailureActions    REG_BINARY    00000000000000000000000001000000000000000200000060EA0000
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
    ServiceSidType    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\rpcss.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Security
    Security    REG_BINARY    01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B00000000001400FF000E0001010000000000051200000000001800FD000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000



========= End of Reg: =========


==== End of Fixlog 12:55:44 ====

Attached Files



BC AdBot (Login to Remove)

 


#32 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 01:11 PM

Registry entries are OK. Lets search for files:

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

rpcss.dll;vssvc.exe

It then should look like:

Search: rpcss.dll;vssvc.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

Search Registry.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#33 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 02:00 PM

Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 13:44:53)
Running from O:\
Boot Mode: Normal

================== Search Files: "rpcss.dll;vssvc.exe" =============

C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe
[2011-02-22 13:44][2010-11-20 08:25] 001600512 _____ (Microsoft Corporation) B60BA0BC31B0CB414593E169F6F21CC2 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe
[2009-07-13 18:39][2009-07-13 20:39] 001598976 _____ (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.23889_none_c833a6706dd19821\rpcss.dll
[2017-09-13 11:12][2017-08-11 01:35] 000512000 _____ (Microsoft Corporation) 3F1A199859B4F3F8357B2A0AF5666A54 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-02-22 13:44][2010-11-20 08:27] 000512000 _____ (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00][2009-07-13 20:41] 000509440 _____ (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is digitally signed]

C:\Windows\System32\rpcss.dll
[2017-09-13 11:12][2017-08-11 01:35] 000512000 _____ (Microsoft Corporation) 3F1A199859B4F3F8357B2A0AF5666A54 [File is digitally signed]

C:\Windows\System32\VSSVC.exe
[2011-02-22 13:44][2010-11-20 08:25] 001600512 _____ (Microsoft Corporation) B60BA0BC31B0CB414593E169F6F21CC2 [File is digitally signed]

C:\Windows\ERDNT\cache64\rpcss.dll
[2011-09-25 23:47][2010-11-20 08:27] 000512000 _____ (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is digitally signed]


====== End of Search ======

 

Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 13:58:05)
Running from O:\
Boot Mode: Normal

================== Search Registry: "rpcss.dll;vssvc.exe" ===========


===================== Search result for "rpcss.dll" ==========


===================== Search result for "vssvc.exe" ==========

====== End of Search ======

Attached Files



#34 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 04:06 PM

Files are in place also. It must be due to the Rootkit.

  • Highlight the entire content of the quote box below.

Start::
C:\Users\Nick Brano\AppData\Local\serpbmc
C:\Users\Nick Brano\AppData\Local\igfxmtc
C:\Windows\System32\vdistgxsvc.exe
C:\Users\Nick Brano\AppData\Local\Temp
C:\Windows\system32\drivers\mbb*
Task: {0EF252F2-C271-4300-9490-C9DAB8647565} - System32\Tasks\Shutdown in => shutdown [Argument = –s –f –t 0]
Task: {73E03A8A-235B-43F7-827C-19BBE1579AE4} - System32\Tasks\Shutdown in 4 hours => shutdown [Argument = -s -f -t 0]
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


Upon restart, attempt System Restore (Do not attempt to go back as all our fixes will be lost). If unable to create a system restore, lets perform a Clean Boot.

  1. Log on to the computer by using an account that has administrator rights.
  2. Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
  3. Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
  4. On the General tab, click the Selective startup option, and then click to clear the Load startup items check box.
  5. On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.
  6. Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  7. Click OK, and then click Restart.

Upon restart, attempt System Restore (Do not attempt to go back as all our fixes will be lost). If unable to create a system restore, while in a clean boot state, run the fix above once again.

 

After the restart attempt once again.

 

Let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#35 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 04:33 PM

Still nothing with the msconfig selections, and the fix applied again after the clean boot method. :(

There's still no visible System Restore service in the service listings. Razer services enabled still won't make Razer Synapse work either.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 16:09:47) Run:18
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Nick Brano\AppData\Local\serpbmc
C:\Users\Nick Brano\AppData\Local\igfxmtc
C:\Windows\System32\vdistgxsvc.exe
C:\Users\Nick Brano\AppData\Local\Temp
C:\Windows\system32\drivers\mbb*
Task: {0EF252F2-C271-4300-9490-C9DAB8647565} - System32\Tasks\Shutdown in => shutdown [Argument = –s –f –t 0]
Task: {73E03A8A-235B-43F7-827C-19BBE1579AE4} - System32\Tasks\Shutdown in 4 hours => shutdown [Argument = -s -f -t 0]

*****************

"C:\Users\Nick Brano\AppData\Local\serpbmc" => not found.
"C:\Users\Nick Brano\AppData\Local\igfxmtc" => not found.
"C:\Windows\System32\vdistgxsvc.exe" => not found.

"C:\Users\Nick Brano\AppData\Local\Temp" folder move:

Could not move "C:\Users\Nick Brano\AppData\Local\Temp" => Scheduled to move on reboot.


=========== "C:\Windows\system32\drivers\mbb*" ==========

Could not move "C:\Windows\system32\drivers\mbblosvy.sys" => Scheduled to move on reboot.

========= End -> "C:\Windows\system32\drivers\mbb*" ========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EF252F2-C271-4300-9490-C9DAB8647565} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EF252F2-C271-4300-9490-C9DAB8647565} => key removed successfully
C:\Windows\System32\Tasks\Shutdown in => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown in => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73E03A8A-235B-43F7-827C-19BBE1579AE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73E03A8A-235B-43F7-827C-19BBE1579AE4} => key removed successfully
C:\Windows\System32\Tasks\Shutdown in 4 hours => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown in 4 hours => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-12-2017 16:13:59)

C:\Users\Nick Brano\AppData\Local\Temp => moved successfully
C:\Windows\system32\drivers\mbblosvy.sys => Is moved successfully

==== End of Fixlog 16:14:03 ====

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 16:25:21) Run:19
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Nick Brano\AppData\Local\serpbmc
C:\Users\Nick Brano\AppData\Local\igfxmtc
C:\Windows\System32\vdistgxsvc.exe
C:\Users\Nick Brano\AppData\Local\Temp
C:\Windows\system32\drivers\mbb*
Task: {0EF252F2-C271-4300-9490-C9DAB8647565} - System32\Tasks\Shutdown in => shutdown [Argument = –s –f –t 0]
Task: {73E03A8A-235B-43F7-827C-19BBE1579AE4} - System32\Tasks\Shutdown in 4 hours => shutdown [Argument = -s -f -t 0]

*****************

"C:\Users\Nick Brano\AppData\Local\serpbmc" => not found.
"C:\Users\Nick Brano\AppData\Local\igfxmtc" => not found.
"C:\Windows\System32\vdistgxsvc.exe" => not found.
C:\Users\Nick Brano\AppData\Local\Temp => moved successfully

=========== "C:\Windows\system32\drivers\mbb*" ==========

Could not move "C:\Windows\system32\drivers\mbbsvzcf.sys" => Scheduled to move on reboot.

========= End -> "C:\Windows\system32\drivers\mbb*" ========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EF252F2-C271-4300-9490-C9DAB8647565} => key not found
C:\Windows\System32\Tasks\Shutdown in => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown in => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73E03A8A-235B-43F7-827C-19BBE1579AE4} => key not found
C:\Windows\System32\Tasks\Shutdown in 4 hours => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shutdown in 4 hours => key not found

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-12-2017 16:29:08)

C:\Windows\system32\drivers\mbbsvzcf.sys => Is moved successfully

==== End of Fixlog 16:29:08 ====

Attached Files


Edited by anthroxdx, 03 December 2017 - 04:35 PM.


#36 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 06:01 PM

In Windows 7 there is no service listed. Volume Shadow Copy is, set to manual. Lets see the System Restore key in the registry.

 

 

  • Highlight the entire content of the quote box below.

 

 

Start::
Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /s
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

I was also interested to see if the file that is respawning stops doing that in a clean boot. Run the fix above in a clean boot, restart and scan with FRST in a clean boot environment. Post the new FRST.txt log.

 

You can go back to Normal Mode afterwards.
 


Edited by JSntgRvr, 03 December 2017 - 06:01 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#37 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 06:05 PM

I was in a clean boot environment since running the last fix. Is that okay?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 18:03:32) Run:20
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /s

*****************


========= Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /s =========



========= End of Reg: =========


==== End of Fixlog 18:03:32 ====

 

Attached Files



#38 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 06:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Nick Brano (administrator) on NICKSPC (03-12-2017 18:27:07)
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{31E461F7-2F8E-4800-B560-3667F8845207}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: GetRight IE Helper -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-28] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
DPF: HKLM-x32 {00001026-A15C-11D4-97A4-0050BF0FBE67} hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20131209.cab
DPF: HKLM-x32 {0A010259-4F31-42C7-9AE4-35A30D1A7C6D} hxxp://download.netmarble.net/web/NMGameCheck/NMGridDown.cab
DPF: HKLM-x32 {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.2.cab
DPF: HKLM-x32 {89F434A7-4A49-4394-AC02-007480331AE2} hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D3AC6FD2-CB12-496A-99C5-949CCE9E7262} hxxp://gundam.netmarble.net/Component/SdgoSupportTool/SdgoSupportTool.CAB

FireFox:
========
FF ProfilePath: C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default [2017-12-03]
FF Homepage: Mozilla\Firefox\Profiles\az5qv7v5.default -> hxxp://abgx360.xecuter.com/verified.php
FF NetworkProxy: Mozilla\Firefox\Profiles\az5qv7v5.default -> http", "210.253.106.155"
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\@adblock57.xpi [2017-11-09] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\clipconverter@clipconverter.cc.xpi [2015-08-28] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\firefox@mega.co.nz.xpi [2017-11-30] [not signed]
FF Extension: (Foxdie) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\Foxdie@tanjihay.com [2016-10-23] [Lagacy] [not signed]
FF Extension: (Foxdie (Graphite)) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\FoxdieGraphite@tanjihay.com [2016-10-23] [Lagacy] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi [2016-10-27] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\nicofox@littlebtc.xpi [2016-03-04] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\pbupload@photobucket.com.xpi [2016-04-27] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\personas@christopher.beard.xpi [2017-11-10] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\SkipScreen@SkipScreen.xpi [2016-04-27] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-03-13] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-17] [not signed]
FF Extension: (Cookies Manager+) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-23] [Lagacy]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09] [not signed]
FF Extension: (No Name) - C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\features\{2e628e09-3422-4c0a-863d-6891fd99df6b}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-02] [not signed]
FF SearchPlugin: C:\Users\Nick Brano\AppData\Roaming\Mozilla\Firefox\Profiles\az5qv7v5.default\searchplugins\swagbucks.xml [2016-02-29]
FF ProfilePath: C:\Users\Nick Brano\AppData\Roaming\Broad Intelligence\MediaCoder\Profiles\5x0uib93.default [2011-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{4E8E62B3-C793-464B-B1A5-E66CF3B3C425}] - C:\Users\Nick Brano\AppData\Local\{4E8E62B3-C793-464B-B1A5-E66CF3B3C425} => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-07] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @netmarble.net/NMStarter -> C:\Users\Nick Brano\AppData\Roaming\Netmarble\npNMStarter.dll [2013-05-08] (CJ E&M Corp.)
FF Plugin-x32: @netmarble.net/NMSystemInformer -> C:\Users\Nick Brano\AppData\Roaming\Netmarble\npNMSystemInformer.dll [2013-04-15] ( CJ Internet)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2012-09-12] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3757204901-3132025799-1142526092-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nick Brano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3757204901-3132025799-1142526092-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-01] (Pando Networks)

Chrome:
=======
CHR NewTab: Default ->  Active:"chrome-extension://biphfmnpogelhhfabgjdakddplalpnkf/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://search.trendingupnow.net/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> TrendingUpNow.net
CHR Profile: C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Google Slides) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-25]
CHR Extension: (Google Docs) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google Drive) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (TrendingUpNow.net) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\biphfmnpogelhhfabgjdakddplalpnkf [2016-08-28]
CHR Extension: (YouTube) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (EyesDecide) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekobajlmilfffkiaddchgbfaohhmopf [2016-10-09]
CHR Extension: (Google Sheets) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (SwagButton) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-28]
CHR Extension: (Gmail) - C:\Users\Nick Brano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]

==================== Services (Whitelisted) ====================


===================== Drivers (Whitelisted) ======================

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 18:21 - 2017-12-03 18:21 - 000140112 ____N C:\Windows\system32\Drivers\mbbpsvzc.sys
2017-12-03 18:03 - 2017-12-03 18:03 - 000000610 _____ C:\Users\Nick Brano\Desktop\Fixlog.txt
2017-12-03 16:25 - 2017-12-03 16:29 - 000002019 _____ C:\Users\Nick Brano\Desktop\Fixlog2.txt
2017-12-03 16:09 - 2017-12-03 16:14 - 000002515 _____ C:\Users\Nick Brano\Desktop\Fixlog1.txt
2017-12-03 02:15 - 2017-12-03 02:15 - 001426720 _____ (Microsoft Corporation) C:\Users\Nick Brano\Desktop\NDP47-KB3186500-Web.exe
2017-12-03 00:25 - 2017-12-03 00:25 - 008172032 _____ (Malwarebytes) C:\Users\Nick Brano\Desktop\AdwCleaner.exe
2017-12-02 18:01 - 2017-12-02 18:01 - 000147870 _____ C:\Users\Nick Brano\Desktop\NICKSPC.txt
2017-12-02 17:27 - 2017-12-02 17:27 - 008433100 _____ C:\Users\Nick Brano\Desktop\NICKSPC1.arn
2017-12-02 13:50 - 2017-12-02 13:50 - 008433100 _____ C:\Users\Nick Brano\Desktop\NICKSPC.arn
2017-12-02 13:49 - 2017-12-02 13:49 - 000000000 ____D C:\Users\Nick Brano\Desktop\Autoruns
2017-11-30 02:34 - 2017-11-30 02:34 - 001004776 _____ C:\Users\Nick Brano\Desktop\Monster World IV (UE).zip
2017-11-30 02:31 - 2017-11-30 02:33 - 000000000 ____D C:\Program Files (x86)\SBWin
2017-11-30 02:31 - 2017-11-30 02:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SBWin
2017-11-29 20:20 - 2017-12-03 18:31 - 000014307 _____ C:\Users\Nick Brano\Desktop\FRST.txt
2017-11-28 06:43 - 2017-11-28 06:44 - 000482288 _____ C:\Windows\Minidump\112817-53367-01.dmp
2017-11-26 18:41 - 2017-11-30 20:42 - 000000000 ____D C:\Users\Nick Brano\Desktop\FRST-OlderVersion
2017-11-26 13:38 - 2017-11-26 13:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6376F1BE.sys
2017-11-26 13:38 - 2017-11-26 13:38 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-11-25 22:26 - 2017-11-25 22:27 - 000000000 ____D C:\Users\Nick Brano\Documents\Genesis
2017-11-25 22:02 - 2017-11-25 22:02 - 000003106 _____ C:\Users\Nick Brano\Desktop\AdwCleaner[S2].txt
2017-11-25 21:29 - 2017-11-26 13:38 - 000000000 ____D C:\Users\Nick Brano\Desktop\New folder (14)
2017-11-25 21:18 - 2017-11-30 20:42 - 002391552 _____ (Farbar) C:\Users\Nick Brano\Desktop\FRST64.exe
2017-11-25 04:33 - 2017-11-25 04:33 - 000017344 _____ C:\Users\Nick Brano\Desktop\rk.txt
2017-11-25 01:45 - 2017-11-25 01:45 - 000000000 ____D C:\Users\Nick Brano\Desktop\Razer
2017-11-25 01:33 - 2017-12-03 02:24 - 026194416 _____ (Razer USA Ltd) C:\Users\Nick Brano\Desktop\j.exe
2017-11-25 01:33 - 2017-11-25 01:33 - 000000000 ____D C:\Program Files (x86)\PKGInstaller
2017-11-25 00:30 - 2017-11-25 00:30 - 000000000 ____D C:\Windows\CheckSur
2017-11-24 23:27 - 2017-11-25 00:50 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-24 23:26 - 2017-11-25 00:34 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-24 23:26 - 2017-11-24 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-24 23:26 - 2017-11-24 23:26 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-24 23:25 - 2017-11-24 23:25 - 036141704 _____ (Adlice Software ) C:\Users\Nick Brano\Desktop\setup.exe
2017-11-24 21:58 - 2017-11-24 21:58 - 000000947 _____ C:\Users\Nick Brano\Desktop\bleep.txt
2017-11-24 21:41 - 2017-12-03 18:27 - 000000000 ____D C:\FRST
2017-11-24 06:26 - 2017-11-24 06:26 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-24 02:04 - 2017-11-24 02:04 - 000000000 ____D C:\SUPERDelete
2017-11-24 01:42 - 2017-12-03 17:42 - 000000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53d24d4e-fc60-47c4-aac8-c86ca917dc82.job
2017-11-24 01:42 - 2017-11-27 02:01 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-24 01:42 - 2017-11-24 01:42 - 000003532 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 53d24d4e-fc60-47c4-aac8-c86ca917dc82
2017-11-24 01:42 - 2017-11-24 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-24 01:32 - 2017-11-24 14:54 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-24 01:31 - 2017-11-24 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-24 01:31 - 2017-11-24 01:31 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-24 01:31 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-24 01:30 - 2017-11-24 01:30 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-24 01:23 - 2017-11-24 01:23 - 000000000 ____D C:\bleepr
2017-11-24 01:22 - 2017-11-24 01:23 - 000735680 _____ C:\Users\Nick Brano\Desktop\435049_intl_x64_zip.exe
2017-11-24 01:13 - 2017-11-24 01:21 - 000235146 _____ C:\TDSSKiller.3.1.0.15_24.11.2017_01.13.32_log.txt
2017-11-24 01:05 - 2017-11-24 01:07 - 000239624 _____ C:\TDSSKiller.3.1.0.15_24.11.2017_01.05.03_log.txt
2017-11-24 00:30 - 2017-11-26 21:22 - 000000000 ____D C:\Users\Nick Brano\AppData\Local\sbsimto
2017-11-24 00:25 - 2017-11-24 00:25 - 000079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\chknrg.sys
2017-11-23 22:23 - 2017-11-23 22:23 - 005659763 _____ (Swearware) C:\Users\Nick Brano\Downloads\xbcv.exe
2017-11-23 22:02 - 2017-11-23 22:02 - 000079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\yitrfe.sys
2017-11-23 21:59 - 2017-11-23 21:59 - 009542472 _____ C:\Users\Nick Brano\Desktop\Windows6.1-KB3177467-x64.msu
2017-11-23 19:38 - 2017-11-25 21:34 - 001841550 _____ C:\Windows\ntbtlog.txt
2017-11-23 15:25 - 2017-11-23 16:50 - 553492184 _____ C:\Users\Nick Brano\Downloads\Tokyo E-sports Festival Bakarhythm VS Arino Kacho.mkv
2017-11-23 02:07 - 2017-11-23 02:07 - 1500704348 _____ C:\Users\Nick Brano\Desktop\Tokyo E-sports Festival 2017-11-18 Bakarhythm vs Arino Kacho.mp4
2017-11-23 00:52 - 2017-11-23 00:52 - 000000059 _____ C:\Users\Nick Brano\Desktop\user.conf
2017-11-22 04:24 - 2017-11-22 04:35 - 000008088 _____ C:\Users\Nick Brano\Desktop\settings.xml
2017-11-22 04:14 - 2017-11-22 04:14 - 000000236 _____ C:\Users\Nick Brano\Desktop\client api.txt
2017-11-18 00:59 - 2017-11-18 02:34 - 000000000 ____D C:\Users\Nick Brano\Documents\20XX
2017-11-18 00:59 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-11-18 00:59 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-11-18 00:59 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-11-18 00:59 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-11-18 00:59 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-11-18 00:59 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-11-18 00:59 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-11-18 00:59 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-11-18 00:59 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-11-18 00:59 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-11-18 00:59 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-11-18 00:59 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-11-18 00:59 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-11-18 00:59 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-11-18 00:59 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-11-18 00:59 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-11-18 00:59 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-11-18 00:59 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-11-18 00:59 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-11-18 00:59 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-11-18 00:59 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-11-18 00:59 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-11-18 00:59 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-11-18 00:59 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-11-18 00:59 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-11-18 00:59 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-11-18 00:59 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-11-18 00:59 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-11-18 00:59 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-11-18 00:59 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-11-18 00:59 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-11-18 00:58 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-11-18 00:58 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-11-18 00:58 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-11-18 00:58 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-11-18 00:58 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-11-18 00:58 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-11-18 00:58 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-11-18 00:58 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-11-18 00:58 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-11-18 00:58 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-11-18 00:58 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-11-18 00:58 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-11-18 00:58 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-11-18 00:58 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-11-18 00:58 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-11-18 00:58 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-11-18 00:58 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-11-18 00:58 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-11-18 00:58 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-11-18 00:58 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-11-18 00:58 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-11-18 00:58 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-11-18 00:58 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-11-18 00:58 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-11-18 00:58 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-11-18 00:58 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-11-18 00:58 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-11-18 00:58 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-11-18 00:58 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-11-18 00:58 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-11-18 00:58 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-11-18 00:58 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-11-18 00:58 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-11-18 00:58 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-11-18 00:58 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-11-18 00:58 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-11-18 00:58 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-11-18 00:58 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-11-18 00:58 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-11-18 00:58 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-11-18 00:58 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-11-18 00:58 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-11-18 00:35 - 2017-11-18 00:39 - 000000000 ____D C:\Users\Nick Brano\AppData\Local\Steam
2017-11-17 12:13 - 2017-11-17 12:15 - 041733592 _____ C:\Users\Nick Brano\Desktop\sword-art-online-code-register1.apk
2017-11-17 05:47 - 2017-11-17 07:06 - 534930870 _____ C:\Users\Nick Brano\Downloads\249 Gekisha Boy.mkv
2017-11-16 00:47 - 2017-11-16 00:48 - 073072682 _____ C:\Users\Nick Brano\Desktop\dbz.japan.v3.8.1_c2.renzyyy.hp.iw.di.apk
2017-11-15 02:49 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 02:49 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 02:49 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 02:49 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 02:49 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 02:49 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 02:49 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 02:49 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 02:49 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 02:49 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 02:49 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 02:49 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 02:49 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 02:49 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 02:49 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 02:49 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 02:49 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 02:49 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 02:49 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 02:49 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 02:49 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 02:49 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 02:49 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 02:49 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 02:49 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 02:49 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 02:49 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 02:49 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 02:49 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 02:49 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 02:49 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 02:49 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 02:49 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 02:49 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 02:49 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 02:49 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 02:49 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 02:49 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 02:49 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 02:49 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 02:49 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 02:49 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-15 02:49 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 02:49 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 02:49 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-15 02:49 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-15 02:49 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-15 02:49 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-15 02:49 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 02:49 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-15 02:49 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-15 02:49 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-15 02:49 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 02:49 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-15 02:49 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-15 02:49 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-15 02:49 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-15 02:49 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-15 02:49 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-15 02:49 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 02:49 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-15 02:49 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-15 02:49 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-15 02:49 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-15 02:49 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 02:49 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 02:49 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 02:49 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 02:49 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-15 02:49 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 02:49 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 02:49 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 02:49 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 02:49 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 02:49 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 02:49 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 02:49 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 02:49 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 02:49 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 02:49 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 02:49 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 02:49 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 02:49 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 02:49 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 02:49 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 02:49 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 02:49 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 02:49 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 02:49 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 02:49 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 02:49 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 02:49 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-11 01:24 - 2017-11-11 01:24 - 000013203 _____ C:\Users\Nick Brano\Desktop\Sonic Pixel Pals.pdf
2017-11-08 02:57 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-08 02:57 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-08 02:57 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-08 02:57 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-08 02:57 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-08 02:57 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-03 11:24 - 2017-11-03 12:41 - 535058587 _____ C:\Users\Nick Brano\Downloads\248 PC Genjin 2.mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 18:28 - 2009-07-13 21:34 - 027787264 _____ C:\Windows\system32\config\HARDWARE
2017-12-03 18:24 - 2010-09-18 22:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-03 18:21 - 2016-11-16 00:37 - 000000000 ____D C:\Users\Nick Brano\AppData\LocalLow\Mozilla
2017-12-03 16:37 - 2009-07-13 23:45 - 000013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-03 16:37 - 2009-07-13 23:45 - 000013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-03 16:18 - 2010-03-21 18:12 - 000000000 ____D C:\Windows\pss
2017-12-03 14:36 - 2017-08-20 22:27 - 000000000 ____D C:\Users\Nick Brano\.TianTianVM
2017-12-03 12:48 - 2017-02-16 03:46 - 000000000 ____D C:\Program Files (x86)\iMobie
2017-12-03 03:05 - 2015-09-17 23:17 - 000000000 ____D C:\Users\Nick Brano\AppData\LocalLow\uTorrent
2017-12-03 03:05 - 2010-03-21 20:39 - 000000000 ____D C:\Program Files (x86)\Trillian
2017-12-03 03:05 - 2009-10-22 21:00 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\uTorrent
2017-12-03 02:34 - 2010-02-14 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Name Converter
2017-12-03 02:34 - 2010-02-14 12:17 - 000000000 ____D C:\Program Files (x86)\SoundTells
2017-12-03 02:25 - 2012-08-15 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-12-03 02:23 - 2012-08-15 21:17 - 000000000 ____D C:\Users\Nick Brano\AppData\Local\Razer
2017-12-03 02:22 - 2012-08-15 21:17 - 000000000 ____D C:\ProgramData\Razer
2017-12-03 02:17 - 2010-01-21 15:22 - 000875274 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-03 02:17 - 2009-07-14 00:13 - 000875274 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-03 02:17 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-03 01:25 - 2016-08-27 21:05 - 000000000 ____D C:\Users\Nick Brano\AppData\Local\CrashDumps
2017-12-03 00:30 - 2014-01-22 18:50 - 000000000 ____D C:\AdwCleaner
2017-12-02 00:18 - 2016-02-03 14:26 - 000015812 _____ C:\Users\Nick Brano\Desktop\Timesheet.xlsx
2017-12-01 11:27 - 2017-06-19 18:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-01 11:27 - 2012-04-22 13:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-30 02:27 - 2016-07-07 00:13 - 000000000 ____D C:\Program Files (x86)\FlashFXP 5
2017-11-28 06:43 - 2010-02-02 19:33 - 000000000 ____D C:\Windows\Minidump
2017-11-27 12:35 - 2009-10-22 20:47 - 000000000 ___RD C:\Users\Nick Brano\Virtual Machines
2017-11-27 12:28 - 2009-10-25 19:56 - 000000000 ____D C:\Program Files (x86)\Mytoolsoft Watermark Software
2017-11-26 15:38 - 2009-10-21 23:57 - 000000000 ____D C:\Gens
2017-11-26 15:14 - 2015-06-03 13:26 - 000000000 ____D C:\Program Files (x86)\iExplorer
2017-11-26 15:14 - 2010-08-29 23:16 - 000000000 ____D C:\Program Files (x86)\FlashFXP 4
2017-11-26 15:14 - 2009-10-22 21:49 - 000000000 ____D C:\Program Files (x86)\Xbox Backup Creator
2017-11-26 01:32 - 2009-10-21 22:47 - 000000000 ____D C:\Users\Nick Brano\Documents\VGM
2017-11-25 21:45 - 2010-06-13 14:35 - 000000000 ____D C:\Users\Nick Brano\AppData\LocalLow\Temp
2017-11-25 21:41 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-11-24 06:18 - 2016-10-13 12:09 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\LibreELEC
2017-11-24 06:18 - 2016-06-23 23:53 - 000000000 ____D C:\Users\Nick Brano\Desktop\FOBSver1.07
2017-11-24 06:18 - 2015-04-19 03:03 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-24 06:18 - 2014-07-01 18:05 - 000000000 ____D C:\Users\Nick Brano\Desktop\Avanti-ffmpeg-GUI-080
2017-11-24 06:18 - 2014-04-28 07:14 - 000000000 ___SD C:\Windows\system32\CompatTel
2017-11-24 06:18 - 2011-08-21 23:21 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\Notepad++
2017-11-24 06:18 - 2009-10-22 21:12 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\Winamp
2017-11-24 06:18 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\TAPI
2017-11-24 06:18 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-24 06:18 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\IME
2017-11-24 05:20 - 2015-08-06 16:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-24 03:42 - 2017-04-22 12:40 - 005041120 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-24 01:31 - 2014-06-16 05:02 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-24 01:31 - 2009-10-23 01:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-24 01:08 - 2013-08-11 01:19 - 000000000 ____D C:\Program Files (x86)\VMLaunch
2017-11-19 22:36 - 2010-09-24 17:40 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-18 00:48 - 2010-09-24 17:46 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-17 00:55 - 2010-05-10 13:35 - 000000132 _____ C:\Users\Nick Brano\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-11-17 00:31 - 2009-10-22 18:21 - 000000000 ____D C:\Users\Nick Brano\AppData\Roaming\Mozilla
2017-11-16 02:02 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 23:30 - 2015-09-25 00:00 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 11:21 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-15 03:21 - 2013-07-11 05:49 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 02:52 - 2017-10-11 11:27 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-15 02:52 - 2009-10-22 22:31 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-14 11:30 - 2016-12-16 22:24 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 11:30 - 2016-12-16 22:24 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 00:29 - 2014-08-27 00:28 - 000000000 ____D C:\Users\Nick Brano\AppData\Local\Adobe
2017-11-14 00:28 - 2014-12-13 00:41 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 00:28 - 2014-12-13 00:41 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 00:28 - 2010-10-12 15:19 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-14 00:28 - 2009-10-22 18:29 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-11 01:51 - 2015-01-11 19:28 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2017-11-04 09:57 - 2009-07-14 00:08 - 000032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2010-07-12 20:20 - 2013-06-01 23:48 - 000000132 _____ () C:\Users\Nick Brano\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-05-19 00:24 - 2014-05-22 21:36 - 000000132 _____ () C:\Users\Nick Brano\AppData\Roaming\Adobe GIF Format CS5 Prefs
2010-05-10 13:35 - 2017-11-17 00:55 - 000000132 _____ () C:\Users\Nick Brano\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-03-07 23:17 - 2014-07-01 20:04 - 000000132 _____ () C:\Users\Nick Brano\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-16 05:34 - 2014-02-20 05:10 - 000000132 _____ () C:\Users\Nick Brano\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-04-02 13:21 - 2012-12-11 05:30 - 000002307 _____ () C:\Users\Nick Brano\AppData\Roaming\ASSDraw3.cfg
2013-06-20 02:51 - 2013-06-20 02:51 - 000000560 _____ () C:\Users\Nick Brano\AppData\Roaming\AutoGK.ini
2011-03-30 01:28 - 2011-03-30 01:28 - 000000996 _____ () C:\Users\Nick Brano\AppData\Roaming\DVDSubEdit.ini
2013-05-19 06:04 - 2013-05-19 06:04 - 004034040 _____ (Reincubate Ltd) C:\Users\Nick Brano\AppData\Roaming\iphonebackupextractor-latest.exe
2010-03-21 21:44 - 2010-03-21 21:45 - 000000035 _____ () C:\Users\Nick Brano\AppData\Roaming\SetValue.bat
2011-02-23 20:46 - 2011-02-23 22:35 - 000000052 _____ () C:\Users\Nick Brano\AppData\Roaming\Syscfg.ini
2009-12-10 14:39 - 2009-12-10 14:39 - 000000600 _____ () C:\Users\Nick Brano\AppData\Roaming\winscp.rnd
2010-03-21 17:44 - 2010-03-21 18:01 - 000011146 ___SH () C:\Users\Nick Brano\AppData\Local\3N4Om
2013-12-04 04:04 - 2013-12-04 04:04 - 000001456 _____ () C:\Users\Nick Brano\AppData\Local\Adobe Save for Web 12.0 Prefs
2009-12-19 13:38 - 2010-02-27 20:47 - 000009728 _____ () C:\Users\Nick Brano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-24 23:23 - 2017-06-23 23:39 - 000000600 _____ () C:\Users\Nick Brano\AppData\Local\PUTTY.RND
2015-09-14 22:34 - 2015-09-14 22:34 - 000000218 _____ () C:\Users\Nick Brano\AppData\Local\recently-used.xbel
2010-09-20 02:32 - 2016-06-17 23:48 - 000007603 _____ () C:\Users\Nick Brano\AppData\Local\Resmon.ResmonCfg
2010-09-18 12:38 - 2010-09-18 12:38 - 000000000 _____ () C:\Users\Nick Brano\AppData\Local\Tqoviwawan.bin
2010-09-18 12:38 - 2010-09-18 12:38 - 000000120 _____ () C:\Users\Nick Brano\AppData\Local\Vrizobesitefes.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\mbbpsvzc.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-11-29 04:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 18:32:27)
Running from C:\Users\Nick Brano\Desktop
Windows 7 Professional Service Pack 1 (X64) (2009-10-22 23:09:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3757204901-3132025799-1142526092-500 - Administrator - Enabled)
Guest (S-1-5-21-3757204901-3132025799-1142526092-501 - Limited - Enabled)
Nick Brano (S-1-5-21-3757204901-3132025799-1142526092-1001 - Administrator - Enabled) => C:\Users\Nick Brano

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Acrobat.com (HKLM-x32\...\{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
ActiveState Tcl Dev Kit 5.3.0 (HKLM-x32\...\TclDevKit 5.3.0) (Version: 5.3.0 - ActiveState Software Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,976,291 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.2.0 - Adobe Systems Incorporated)
Aegisub 3.0.4 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.4 - Aegisub Team)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Akamai NetSession Interface (HKLM-x32\...\Akamai) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version:  - Team AiR 2007)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.6.4.8 - SlySoft)
AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.6.1 - CrystalIdea Software, Inc.)
AOMEI Partition Assistant Standard Edition 6.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ARAX Disk Doctor Data Recovery (HKLM-x32\...\ARAX Disk Doctor Data Recovery) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
AutoKeyPresser (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\c6d7245a676d074a) (Version: 0.0.0.2 - Microsoft)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Binload v1.0.5 (HKLM-x32\...\9255-7804-2440-4211) (Version: v1.0.5 - Binload)
BitTorrent (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\BitTorrent) (Version: 7.8.2.30587 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brad Smith Easy SFV Creator (C:\Program Files (x86)\Brad Smith\Easy SFV Creator\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
Brad Smith Easy SFV Creator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
BulletProof FTP Server (remove only) (HKLM-x32\...\BulletProof FTP Server_is1) (Version: 2.3.1 (Build 26) - DigitalCandle, Inc)
BulletProof FTP Server 2010 (remove only) (HKLM-x32\...\BulletProof FTP Server 2010_is1) (Version:  - BulletProof Software LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Combined Community Codec Pack 2014-01-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.01.17.0 - CCCP Project)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{961D5D7E-3DEC-4E3B-9065-EA8074923B18}) (Version: 3.31.7643.1 - Sony Computer Entertainment Inc.)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0314.0232 - DT Soft Ltd)
Dailymotion Mass Uploader (HKLM-x32\...\{B35D74AE-A323-E232-1E11-4C8D961FDA24}) (Version: 0.1.1 - Dailymotion) Hidden
Dailymotion Mass Uploader (HKLM-x32\...\com.dailymotion.massuploader) (Version: 0.1.1 - Dailymotion)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Delete Virtual-Mate Launcher (HKLM-x32\...\{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1) (Version: 1.0.0 - Interlex Inc.)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{8B916626-D225-496A-83ED-EDBE9E907432}) (Version: 5.0.1600.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
E.M. Magic Swf2Avi V6.7 (HKLM-x32\...\E.M. Magic Swf2Avi_is1) (Version:  - EffectMatrix, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 0.99pb5 (HKLM-x32\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
EximiousSoft GIF Creator V5.76 (HKLM-x32\...\EximiousSoft GIF Creator_is1) (Version:  - EximiousSoft)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FileZilla Client 3.20.0 (HKLM-x32\...\FileZilla Client) (Version: 3.20.0 - Tim Kosse)
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
FLAC Frontend (HKLM-x32\...\{B1615F2A-105F-48FD-AA3E-0BDF8B3EE644}) (Version: 2.0.6 - Xiph.org)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.0.1990 - OpenSight Software LLC)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.2.0.3900 - OpenSight Software LLC)
Flip 3.4.1 (HKLM-x32\...\flip.exe) (Version: 3.4.1 - Atmel)
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
Game Extractor 2.0 (HKLM-x32\...\Game Extractor) (Version: 2.0 - WATTO Studios)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GetRight (HKLM-x32\...\GetRight Pro_is1) (Version:  - Headlight Software, Inc.)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
GIF Movie Gear 4.2.3 (HKLM-x32\...\GIF Movie Gear_is1) (Version:  - gamani productions)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version:  - GNU)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.47.5133 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 4 (build 997) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hex Workshop v6 (HKLM\...\{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}) (Version: 6.0.1.4603 - BreakPoint Software)
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Horizon (HKLM-x32\...\{6b384f34-10c8-4c10-ba08-345168bda7e8}) (Version: 2.9.0 - Daring Development Inc.)
Horizon (HKLM-x32\...\{6BCA2AC7-7BC2-4011-BE10-143BDFD43D6C}) (Version: 2.9.0 - Daring Development Inc.) Hidden
Horizon v2.5.11.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.5.11.1 - Daring Development Inc.)
HP Officejet 4630 series Basic Device Software (HKLM\...\{7713C051-8615-4C52-B681-B11E72265AE0}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
iBackup Viewer 3.60.01 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version:  - iMacTools)
iExplorer 3.9.10.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iFunbox (v3.0.3939.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3939.1352 - iFunbox DevTeam)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
iPhone Backup Extractor (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\iPhone Backup Extractor) (Version: 4.0.15.0 - Reincubate Ltd)
iPrep v008.8 (HKLM-x32\...\iPrep) (Version: v008.8 - X-Projects.org)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeyHoleTV (HKLM-x32\...\KeyHoleTV) (Version:  - )
K-Lite Codec Pack 9.4.8 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.8 - )
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
KShutdown (HKLM-x32\...\KShutdown) (Version: 4.0 - Konrad Twardowski)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\{AAA70FA9-D9FF-49FB-A98C-5F21ED3692E2}) (Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
MakeMKV v1.4.12_beta (HKLM-x32\...\MakeMKV) (Version: v1.4.12_beta - GuinpinSoft inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Massive File Renamer (HKLM-x32\...\Massive File Renamer 1.6.0) (Version: 1.6.0 - Ivan Ridao Freitas)
MediaCoder 0.7.5.4799 (HKLM-x32\...\MediaCoder) (Version: 0.7.5.4799 - Broad Intelligence)
MediaCoder x64 2011-RC2 RC2 (HKLM-x32\...\MediaCoder x64) (Version: 2011-RC2 - Broad Intelligence)
MediaCoder x64 2011-RC3 (HKLM\...\MediaCoder x64) (Version: 2011-RC3 - Broad Intelligence)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Help 3.0 Beta 1 (HKLM-x32\...\Microsoft Help 3.0 Beta 1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{5ED5ACBD-785B-4799-BE2E-96354E0D3262}) (Version: 10.0.1600.24 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{20753F0A-D82A-4D65-9DB6-5319570C75DB}) (Version: 3.5.5802.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2507.2 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 (HKLM-x32\...\{06078930-8072-4DAF-ADEC-3EB95C0AEEB8}) (Version: 1.0.1503.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  Beta 1 x64 Designtime - 10.0.20506 (HKLM\...\{B5C4C7B1-BAD7-31EF-80D2-EDF31E0091EE}) (Version: 10.0.20506 - Microsoft Corporation)
Microsoft Visual C++ 2010  Beta 1 x64 Runtime - 10.0.20506 (HKLM\...\{471437C1-D545-3D5B-9703-E886B0B83DE7}) (Version: 10.0.20506 - Microsoft Corporation)
Microsoft Visual C++ 2010  Beta 1 x86 Runtime - 10.0.20506 (HKLM-x32\...\{E1333354-E77C-3644-8CAB-EE6103A2BDA6}) (Version: 10.0.20506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional Beta 1 - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional Beta 1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2010 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version:  - Microsoft Corporation)
MiniCoder (HKLM-x32\...\{CA8056BC-05E8-41FB-82C2-4750568CD379}) (Version: 1.3.3 - MiniTheatre)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVtoolnix) (Version: 15.0.0 - Moritz Bunkus)
Mozilla Firefox 4.0b7 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0b7 (x86 en-US)) (Version: 4.0b7 - Mozilla)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MPC-HC 1.7.2.5 (763d9bf) Nightly (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.2.5 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MultiEx Commander 4.5.1 Release Candidate 1 (Alpha) (HKLM-x32\...\MultiEx Commander_is1) (Version:  - XeNTaX)
Namoroka (3.6) (HKLM-x32\...\Namoroka (3.6)) (Version: 3.6 (en-US) - Mozilla)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}) (Version: 8.3.465 - Nero AG)
Netmarble Game Plugin 버전 1.0.2 (HKLM-x32\...\{8102980C-B65F-474D-8192-11DEEF20C2D9}_is1) (Version: 1.0.2 - CJ E&M)
Noise Reduction Plug-in 2.0i (HKLM-x32\...\{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}) (Version: 2.0.455 - Sony)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Oblivion - Construction Set (HKLM-x32\...\{23D683DD-93C6-48E6-B84E-78B57778F126}) (Version: 1.00.0000 - Bethesda Softworks)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 3.0.0 - OGPlanet, Inc.)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Patch - Trillian Astra 6.0 Build 61 (HKLM-x32\...\Patch - Trillian Astra 6.0 Build 61) (Version: 6.0 Build 61 - Crackingpatching.com Team)
PBP Unpacker v0.94 (HKLM-x32\...\PBP Unpacker_is1) (Version:  - pdc)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PerformanceTest v7.0 (64-bit) (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 3.00.14935 - Sony Computer Entertainment Inc.)
Plex Media Server (HKLM-x32\...\{4083e0fa-f188-4146-a257-61608ff30764}) (Version: 0.9.1606 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{D25B8260-DE45-48FB-8858-29E665EFA8B4}) (Version: 0.9.1606 - Plex, Inc.) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Pokémon Mystery Gift Editor (HKLM-x32\...\Pokémon Mystery Gift Editor) (Version:  - Grovyle91)
PP助手5.0 (HKLM-x32\...\PP助手5.0) (Version: 5.0.3.1142 - 广州爱禾网络技术有限公司)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.82.0 - PS3 Media Server)
PSXMemTool 1.20b (remove only) (HKLM-x32\...\PSXMemTool) (Version:  - )
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
Quick AVI Creator (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\Quick AVI Creator) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RaySource 2.1.10.8366 (HKLM-x32\...\RaySource) (Version: 2.1.10.8366 - RaySource Group)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.7.5 - Razer Inc.)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
ReiBoot  (HKLM-x32\...\ReiBoot) (Version:  - Tenorshare, Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rise of Nations Thrones and Patriots (HKLM-x32\...\RiseofNationsExpansion 1.0) (Version:  - )
RogueKiller version 12.11.25.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.25.0 - Adlice Software)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPGƒcƒN[ƒ‹VX RTP (HKLM-x32\...\RPGƒcƒN[ƒ‹VX RTP_is1) (Version: 1.02 - Enterbrain)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
SBWin 3.2.0 (HKLM-x32\...\{0533BDC7-66B5-4FD3-B469-D8AE63629B85}_is1) (Version:  - CodeIsle.com)
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SmartboyCart 1.15 (HKLM-x32\...\SmartboyCart 1.15) (Version:  - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.12.9514 - SoftEther VPN Project)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SQL Server Compact Tools for Visual Studio 2010 Beta 1 ENU (HKLM-x32\...\{848306F5-1F48-4AD4-8ED7-EF2483430257}) (Version: 4.0.8032.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{F1849D02-0162-44E2-9784-225B9C829CC3}) (Version: 10.0.1600.24 - Microsoft Corporation)
SQLite Expert Personal 3.5.76 (HKLM-x32\...\SQLite Expert Personal 3_is1) (Version:  - Bogdan Ureche)
Startup Delayer v3.0 (build 366) (HKLM-x32\...\Startup Delayer) (Version: 3.0 (build 366) - r2 Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Subtitle Edit 3.4.13 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.13.0 - Nikse)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Restore Explorer (HKLM-x32\...\{6788AB8A-4D71-42E0-8125-B95A9C47D51D}) (Version: 0.0.05.76 - Nic Bedford)
Tag&Rename 3.6.6 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.6.6 - Softpointer Inc)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Compressonator 1.50 (HKLM-x32\...\{5C46703D-92EE-40d9-BCF8-DEADBEEFBBBB}) (Version: 1.50 - AMD)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 Prerequisites - English (HKLM\...\{29DBFBCC-221D-3BB2-B898-E6EF073A58D2}) (Version: 10.0.20506 - Microsoft Corporation)
VOB Cutter 1.0 (HKLM-x32\...\VOB Cutter_is1) (Version:  - spgsoft.com)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinHue 3 version RC 2 (HKLM-x32\...\{F16560B0-47D1-4122-A0A4-9104FDF62AC1}_is1) (Version: RC 2 - Pascal Pharand)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireshark 1.12.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, hxxp://www.wireshark.org)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XECUTER CK3 PRO - USB (HKLM-x32\...\{B5734BB9-56FC-4937-88F2-AB34ABF49821}) (Version: 1.2.25 - XECUTER)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xilisoft AVI to SWF Converter 6 (HKLM-x32\...\Xilisoft AVI to SWF Converter 6) (Version: 6.5.2.0216 - Xilisoft)
Xilisoft SWF Converter 6 (HKLM-x32\...\Xilisoft SWF Converter 6) (Version: 6.5.5.0426 - Xilisoft)
XLink Kai (HKLM-x32\...\{2773B836-AC66-4178-A414-C5A0F9F5D805}) (Version: 7.4.18.0 - Team XLink)
XMedia Recode version 3.2.0.2 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.2 - XMedia Recode)
XnView 2.04 (HKLM-x32\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)
Xpert (HKLM-x32\...\{0FA1BC74-DA5E-4A42-9F99-2D03C33BCAE0}) (Version: 2.0.0 - Xpert2)
xy-VSFilter 3.0.0.211 (HKLM-x32\...\xy-VSFilter_is1) (Version: 3.0.0.211 - xy-VSFilter Team)
Y-cam Setup (HKLM-x32\...\{365B0FA3-6638-43CF-B47E-1D4219B73D85}_is1) (Version: 1.4.000 - Y-cam)
zbattle.net 1.09 SR-1 beta (HKLM-x32\...\zbattle.net_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(657).dll [2012-05-29] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [AVS Video Converter 6] -> {6230EF55-8E71-4F40-861A-DBA282584FF5} => C:\Program Files (x86)\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll [2010-03-15] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32-x32: [Brad Smith.Easy SFV Creator.2.5.5.sfv] -> {67FDD158-4C57-4672-A93C-AEDFAACA693F} => C:\Program Files (x86)\Brad Smith\Easy SFV Creator\BSEasySFVCreatorContext.dll [2002-04-13] (Brad Smith)
ContextMenuHandlers1-x32-x32: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6\hwext64.dll [2008-12-10] (BreakPoint Software, Inc.)
ContextMenuHandlers1-x32-x32: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_04.dll [2011-07-18] ()
ContextMenuHandlers1-x32-x32-x32: [TagRename_ContextMenu] -> {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} => C:\Program Files (x86)\TagRename\TRshell.dll [2009-01-09] (Softpointer Inc)
ContextMenuHandlers1-x32-x32-x32: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2008-05-17] ()
ContextMenuHandlers1-x32-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6\hwext64.dll [2008-12-10] (BreakPoint Software, Inc.)
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll [2009-07-03] (code.kliu.org)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers4: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2008-05-17] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [TR] -> {6A982F05-85C0-48c4-B17E-407176B160AD} => C:\Program Files (x86)\TagRename\TRshell64.dll [2008-05-17] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [TagRename_ContextMenu] -> {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} => C:\Program Files (x86)\TagRename\TRshell.dll [2009-01-09] (Softpointer Inc)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3757204901-3132025799-1142526092-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3757204901-3132025799-1142526092-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3757204901-3132025799-1142526092-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nick Brano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {64D75FC9-DFD8-4D8B-94D4-CA6961A8D4FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {8DA96216-79CD-4BB0-A9D8-AAA3B1464B60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {C43BAB8D-4BB8-4539-8D87-75E321315974} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {F2F21C74-1321-4F46-B2B5-51E583F3BA9C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 53d24d4e-fc60-47c4-aac8-c86ca917dc82 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53d24d4e-fc60-47c4-aac8-c86ca917dc82.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk -> hxxp://yamb.unite-video.com
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\Remove wwPacker (Uninstall).lnk -> C:\Program Files (x86)\wwPacker\wwpacker-uninstall.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - Custom.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-Custom.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - DLCRegion.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-DLCRegion.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - FakeSign.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-FakeSign.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - FreeTheBug.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-FreeTheBug.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - IOS35-Plus.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-IOS35-Plus.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - IOS35.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-IOS35.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - JustSign.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-JustSign.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - Loader.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-Loader.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - NoMod.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-NoMod.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - RegionFree-Plus.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-RegionFree-Plus.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwPacker - RegionFree.lnk -> C:\Program Files (x86)\wwPacker\_wwpacker-RegionFree.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwUnpacker - Content.lnk -> C:\Program Files (x86)\wwPacker\__wwunpacker-Content.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wwPacker\wwUnpacker.lnk -> C:\Program Files (x86)\wwPacker\__wwunpacker.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder\MediaCoder CLI Version.lnk -> C:\Program Files (x86)\MediaCoder\opencli.bat ()
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk -> hxxp://jdownloader.org/knowledge/inde
Shortcut: C:\Users\Nick Brano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Loaded Modules (Whitelisted) ==============

2009-10-23 01:29 - 2008-05-17 00:12 - 000048896 _____ () C:\Program Files (x86)\TagRename\TRshell64.dll
2011-07-18 16:04 - 2011-07-18 16:04 - 000301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-11-25 21:41 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3757204901-3132025799-1142526092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick Brano\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: Adobe LM Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Akamai => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 2
MSCONFIG\Services: FLEXnet Licensing Service 64 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: Razer Chroma SDK Server => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SEVPNCLIENT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SonicStage Back-End Service => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: SSScsiSV => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TenorshareReibootService => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Leftsider32.lnk => C:\Windows\pss\Leftsider32.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Leftsider64.lnk => C:\Windows\pss\Leftsider64.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk => C:\Windows\pss\RocketDock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk => C:\Windows\pss\UberIcon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaWin.lnk => C:\Windows\pss\VirtuaWin.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Yzshadow.lnk => C:\Windows\pss\Yzshadow.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nick Brano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nick Brano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ungovernable.lnk => C:\Windows\pss\ungovernable.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nick Brano\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
MSCONFIG\startupreg: Grid Service => "C:\Program Files (x86)\GridService\peer.exe" -n Grid
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: IDM => wscript "C:\Users\Nick Brano\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.vbs" "C:\Users\Nick Brano\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.bat"
MSCONFIG\startupreg: iFunBox => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
MSCONFIG\startupreg: iFunBox Fast App Install Handler => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NielsenOnline => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
MSCONFIG\startupreg: nonpaying => "C:\Program Files (x86)\staffer\nonpaying.exe"
MSCONFIG\startupreg: One Insight Research => C:\Users\Nick Brano\AppData\Local\One Insight Research\One Insight Research.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Razer Imperator Driver => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartupDelayer => "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UDisk => C:\Program Files (x86)\115\UDown\UDown.exe /m
MSCONFIG\startupreg: uTorrent => "C:\Users\Nick Brano\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WDAppManager => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9CCA1D59-4D46-4E8F-A630-E05F13CB00CB}] => (Allow) C:\Users\Nick Brano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{458D73A1-50D5-4B8D-8346-2DDD3248CCBF}] => (Allow) C:\Users\Nick Brano\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9ABE2CF9-5C08-464A-8B78-DAA072548C9A}C:\koplayer\vbox\vboxheadless.exe] => (Allow) C:\koplayer\vbox\vboxheadless.exe
FirewallRules: [UDP Query User{010B9AE5-18A2-48B2-BE72-B17E4202FFD4}C:\koplayer\vbox\vboxheadless.exe] => (Allow) C:\koplayer\vbox\vboxheadless.exe
FirewallRules: [{FD68F259-F98F-408D-9320-D56DED8AA118}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF88DA9B-EE62-4566-B6DA-DC54A8CE4B69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{816E07BB-A8BB-4D46-A7B5-2D84BA6CD07B}C:\users\nick brano\documents\winny\winny.exe] => (Allow) C:\users\nick brano\documents\winny\winny.exe
FirewallRules: [UDP Query User{0300736C-C6F4-4AEE-AC13-B25BA8F7D097}C:\users\nick brano\documents\winny\winny.exe] => (Allow) C:\users\nick brano\documents\winny\winny.exe
FirewallRules: [{A68D32E3-CF47-4909-B058-D180A55A54F3}] => (Allow) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
FirewallRules: [{1C4E0EC5-393B-4698-9917-3FD5F9A02A9A}] => (Allow) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
FirewallRules: [{FB456D3D-FC15-447E-BA93-724DB26908DE}] => (Allow) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
FirewallRules: [{2CC4DEDF-51E9-4208-B941-3D19F2795E14}] => (Allow) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe] => Enabled:BulletProof FTP Server 2010 (http://www.bpftpserver.com)
StandardProfile\AuthorizedApplications: [C:\Netmarble\NetmarbleDownLoaderNet\GridDownload.exe] => Enabled:GridDownload.exe************************************************************************************************************************* (the data entry has 823 more characters).

==================== Restore Points =========================

03-12-2017 02:22:10 Removed Razer Synapse.
03-12-2017 02:25:26 Installed Razer Synapse.

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: udiskMgr
Description: udiskMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: udiskMgr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 02:50:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\iMacTools\iBackup Viewer\iBackup Viewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2017 02:50:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files\BreakPoint Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2017 01:25:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WebStatistics.exe, version: 0.0.0.0, time stamp: 0x58774728
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0xc0000417
Fault offset: 0x0008af3e
Faulting process id: 0xeb8
Faulting application start time: 0x01d36bff7198fe1d
Faulting application path: C:\KOPLAYER\UserData\KOPLAYER\WebStatistics.exe
Faulting module path: C:\KOPLAYER\UserData\KOPLAYER\MSVCR100.dll
Report Id: b2415792-d7f2-11e7-874f-00261896e240

Error: (11/29/2017 12:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: anyshellext.dll, version: 1.1.0.5, time stamp: 0x51cd842d
Exception code: 0xc0000005
Fault offset: 0x0000000000026f0e
Faulting process id: 0x65c
Faulting application start time: 0x01d3692d238ecde1
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Program Files (x86)\AnyToISO\anyshellext.dll
Report Id: 6f13a384-d52b-11e7-855b-00261896e240

Error: (11/27/2017 12:09:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WebStatistics.exe, version: 0.0.0.0, time stamp: 0x58774728
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0xc0000417
Fault offset: 0x0008af3e
Faulting process id: 0x159c
Faulting application start time: 0x01d367a2874116c7
Faulting application path: C:\KOPLAYER\UserData\KOPLAYER\WebStatistics.exe
Faulting module path: C:\KOPLAYER\UserData\KOPLAYER\MSVCR100.dll
Report Id: c8877061-d395-11e7-8890-00261896e240

Error: (11/25/2017 10:03:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73954f69
Faulting process id: 0xb98
Faulting application start time: 0x01d36662174a66b9
Faulting application path: C:\Users\Nick Brano\Desktop\adwcleaner_7.0.4.0.exe
Faulting module path: unknown
Report Id: 6194a79e-d256-11e7-9b54-00261896e240


System errors:
=============
Error: (12/03/2017 06:26:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 06:26:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 06:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EMS Inter-Link driver V3.0 service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/03/2017 04:30:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 04:29:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 04:28:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EMS Inter-Link driver V3.0 service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/03/2017 04:23:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 04:23:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 04:21:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EMS Inter-Link driver V3.0 service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/03/2017 04:15:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8190.05 MB
Available physical RAM: 6636.34 MB
Total Virtual: 16378.29 MB
Available Virtual: 14881.53 MB

==================== Drives ================================

Drive c: (Nick's Master HD) (Fixed) (Total:596.17 GB) (Free:21.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Nick's Slave HD) (Fixed) (Total:596.07 GB) (Free:8.04 GB) NTFS
Drive f: (Nick's External HD) (Fixed) (Total:3725.87 GB) (Free:2196.85 GB) NTFS
Drive h: (Nick's Camera HD) (Fixed) (Total:931.51 GB) (Free:38.14 GB) NTFS
Drive o: (NICKSPEN2) (Removable) (Total:0.96 GB) (Free:0.04 GB) FAT

==================== End of Addition.txt ============================

Attached Files



#39 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 06:47 PM

No if you change into Normal, must be do it again. both the fix, then FRST.

 

Press the Windows key+R. Run rstrui.exe. It should take a while for the System Restore Window to appear. Try to create a restore point.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#40 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 06:54 PM

No if you change into Normal, must be do it again. both the fix, then FRST.

 

Press the Windows key+R. Run rstrui.exe. It should take a while for the System Restore Window to appear. Try to create a restore point.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#41 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 06:54 PM

I've rebooted twice with that fix in clean boot mode using msconfig.

 

The above frst list should be what you see with the fix applied twice. FRST fix applied, Restart, FRST fix applied again, then a FRST scan all in clean boot mode.

 

System Restore will not work at all for me. No access signal on my case at all. I get the pinwheel for 3 seconds and then it stops. The same thing happens for Razer Synapse. :(



#42 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 06:58 PM

==================== Restore Points =========================

03-12-2017 02:22:10 Removed Razer Synapse.
03-12-2017 02:25:26 Installed Razer Synapse.

 

It must be the rootkit as System Restore is working.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#43 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 07:21 PM

I'll leave msconfig the way it is until the rootkit is completely removed.

System restore only ever opened in WinRE ever since this happened. I also won't try using System Restore on anything. The Restore I had before this happened failed on me, I believe it was a Restore point from a Windows Update for .NET Framework 4.7 that Friday ago before Thanksgiving.

#44 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,817 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:13 AM

Posted 03 December 2017 - 07:34 PM

  • Highlight the entire content of the quote box below.

Start::
Folder: C:\Users\Nick Brano\AppData\Local\sbsimto
Folder: C:\Users\Nick Brano\AppData\Local\3N4Om
File: C:\Windows\system32\Drivers\chknrg.sys
File: C:\Users\Nick Brano\Downloads\xbcv.exe
File: C:\Windows\system32\Drivers\yitrfe.sys
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#45 anthroxdx

anthroxdx
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 December 2017 - 07:54 PM

xbcv.exe was ComboFix renamed. I tried ComboFix before coming here as a last resort, which failed. The rootkit also affected this, just like System Restore and Razer Synapse.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Nick Brano (03-12-2017 19:53:34) Run:22
Running from C:\Users\Nick Brano\Desktop
Loaded Profiles: Nick Brano (Available Profiles: Nick Brano)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Users\Nick Brano\AppData\Local\sbsimto
Folder: C:\Users\Nick Brano\AppData\Local\3N4Om
File: C:\Windows\system32\Drivers\chknrg.sys
File: C:\Users\Nick Brano\Downloads\xbcv.exe
File: C:\Windows\system32\Drivers\yitrfe.sys

*****************


========================= Folder: C:\Users\Nick Brano\AppData\Local\sbsimto ========================


====== End of Folder: ======


========================= Folder: C:\Users\Nick Brano\AppData\Local\3N4Om ========================

C:\Users\Nick Brano\AppData\Local\3N4Om => File

====== End of Folder: ======


========================= File: C:\Windows\system32\Drivers\chknrg.sys ========================

C:\Windows\system32\Drivers\chknrg.sys
File is digitally signed
MD5: 8C17F3795DAE9A0ECDE4B3A3B0740E5F
Creation and modification date: 2017-11-24 00:25 - 2017-11-24 00:25
Size: 000079064
Attributes: ----A
Company Name: Malwarebytes
Internal Name: mbam.sys
Original Name: mbam.sys
Product: Malwarebytes Anti-Malware
Description: Malwarebytes Anti-Malware
File Version: 0.0.7.0
Product Version: 0.0.7.0
Copyright: © Malwarebytes. All rights reserved.
VirusTotal: https://www.virustotal.com/file/65807f2eeb7e60e1a7efb4aec9bb20c7121e8754e9001616df919e5ea8b7c541/analysis/1508228207/

====== End of File: ======


========================= File: C:\Users\Nick Brano\Downloads\xbcv.exe ========================

C:\Users\Nick Brano\Downloads\xbcv.exe
File not signed
MD5: ED2BE7577C04AA312BD1A00CD0467F41
Creation and modification date: 2017-11-23 22:23 - 2017-11-23 22:23
Size: 005659763
Attributes: ----A
Company Name: Swearware
Internal Name: ComboFix.exe
Original Name: ComboFix.exe
Product: ComboFix
Description: ComboFix NSIS Installer
File Version: 17.11.14.01
Product Version:
Copyright: sUBs
VirusTotal: https://www.virustotal.com/file/66454adbfcaa39efda09bd37326293efeee0a1c1d622c163c99e5a5e67b08047/analysis/1512201153/

====== End of File: ======


========================= File: C:\Windows\system32\Drivers\yitrfe.sys ========================

C:\Windows\system32\Drivers\yitrfe.sys
File is digitally signed
MD5: 8C17F3795DAE9A0ECDE4B3A3B0740E5F
Creation and modification date: 2017-11-23 22:02 - 2017-11-23 22:02
Size: 000079064
Attributes: ----A
Company Name: Malwarebytes
Internal Name: mbam.sys
Original Name: mbam.sys
Product: Malwarebytes Anti-Malware
Description: Malwarebytes Anti-Malware
File Version: 0.0.7.0
Product Version: 0.0.7.0
Copyright: © Malwarebytes. All rights reserved.
VirusTotal: https://www.virustotal.com/file/65807f2eeb7e60e1a7efb4aec9bb20c7121e8754e9001616df919e5ea8b7c541/analysis/1508228207/

====== End of File: ======


==== End of Fixlog 19:53:35 ====

Attached Files


Edited by anthroxdx, 04 December 2017 - 02:59 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users