Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Filthy unknown virus, access denied trying to remove, bandwidth held hostage


  • This topic is locked This topic is locked
44 replies to this topic

#1 HiImArgo

HiImArgo

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 December 2017 - 11:44 AM

dteslgz.exe and msdeoba.exe uses up my entire bandwidth , zero google search results. My browser searches get redirected to bing(only a minor nuisance). My PC's resources get eaten to full capacity. I cannot open programs like resource monitor, several antiviruses/malware removals are sabotaged by this thing(Malwarebytes hangs during rootkit scan every time, Bitdefender displays an error during shutdown screen(Plain light blue windows logo): "A problem has occurred in bit defender's threat scanner, a report has been sent blah blah blah". Everything else shows up clean - zero threats. I've figured out the possible locations of this thing, AppData\Local\msdeoba and AppData\Local\upeznsm , both cannot be opened - access is denied despite my being Admin. Any help with this filth would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Argo (administrator) on PC (01-12-2017 11:31:30)
Running from C:\Users\Argo\Downloads
Loaded Profiles: Argo (Available Profiles: Argo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\pcboawgsvc.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(f.lux Software LLC) C:\Users\Argo\AppData\Local\FluxSoftware\Flux\flux.exe
(Discord Inc.) C:\Users\Argo\AppData\Local\Discord\app-0.0.298\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Discord Inc.) C:\Users\Argo\AppData\Local\Discord\app-0.0.298\Discord.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
() C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
() C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
() C:\Users\Argo\AppData\Local\igfxmtc\igfxmtc.exe
(apexpsvc Inc.) C:\Users\Argo\AppData\Local\ltkbc\apexpsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Argo\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-02] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-23] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [f.lux] => C:\Users\Argo\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [Discord] => C:\Users\Argo\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {32f31304-64ad-11e7-ba32-d8cb8a16172c} - F:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {420a2e76-d38a-11e7-ba79-d8cb8a16172c} - H:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {53d9cf35-bde6-11e7-a86d-d8cb8a16172c} - H:\Setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {70fbf906-d63d-11e7-a81e-d8cb8a16172c} - I:\stpdh2.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {cdeab5f6-d623-11e7-91e5-d8cb8a16172c} - H:\Autorun.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {cdeab603-d623-11e7-91e5-d8cb8a16172c} - I:\Autorun.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc12-7c90-11e7-8d3d-d8cb8a16172c} - F:\stp-tww.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc18-7c90-11e7-8d3d-d8cb8a16172c} - G:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc1f-7c90-11e7-8d3d-d8cb8a16172c} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
Startup: C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2017-12-01]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
Startup: C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-11-30]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11C2C305-64D7-4CC8-BB78-EE6E8E38DAFD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{11C2C305-64D7-4CC8-BB78-EE6E8E38DAFD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF DefaultProfile: jbfzyvpa.default
FF ProfilePath: C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default [2017-12-01]
FF Extension: (uBlock Origin) - C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-30]
FF Extension: (NoScript) - C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-19] [Lagacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default [2017-12-01]
CHR Extension: (Slides) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (BetterTTV) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-22]
CHR Extension: (Docs) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Slinky Elegant) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2017-05-04]
CHR Extension: (uBlock Origin) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-16]
CHR Extension: (Sheets) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Gmail) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-07-20] (Advanced Micro Devices) [File not signed]
R2 apexpsvc; C:\Users\Argo\AppData\Local\ltkbc\apexpsvc.exe [245760 2017-09-03] (apexpsvc Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-02] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-05-19] (Futuremark)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [135840 2017-11-03] (eVenture Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [132048 2017-02-21] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286032 2017-03-06] (Micro-Star INT'L CO., LTD.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-11-26] (Overwolf LTD)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-05-22] (Power Admin LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2017-05-06] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-07-20] (Advanced Micro Devices)
S3 atillk64; C:\Users\Argo\Downloads\atiflash_274\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133856 2017-11-02] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-09] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-05-13] (REALiX™)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
R1 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-12-01] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-30] (Zemana Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
R3 udiskMgr; system32\drivers\cfimps.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-01 11:31 - 2017-12-01 11:31 - 000016880 _____ C:\Users\Argo\Downloads\FRST.txt
2017-12-01 11:31 - 2017-12-01 11:31 - 000000000 ____D C:\FRST
2017-12-01 11:30 - 2017-12-01 11:30 - 002391552 _____ (Farbar) C:\Users\Argo\Downloads\FRST64.exe
2017-12-01 11:30 - 2017-12-01 11:30 - 001752064 _____ (Farbar) C:\Users\Argo\Downloads\FRST.exe
2017-12-01 11:24 - 2017-12-01 11:24 - 000142136 ____N C:\Windows\system32\Drivers\wmbhloru.sys
2017-12-01 00:29 - 2017-12-01 00:29 - 000129156 _____ C:\Windows\ntbtlog.txt
2017-11-30 22:17 - 2017-11-30 22:17 - 000000000 ____D C:\Users\Argo\Documents\ProcAlyzer Dumps
2017-11-30 22:15 - 2017-11-30 22:15 - 000001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-30 22:15 - 2017-11-30 22:15 - 000001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-30 22:15 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-11-30 22:08 - 2017-11-30 22:11 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Argo\Downloads\spybotsd-2.6.46.exe
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\ProgramData\ESET
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\Program Files\ESET
2017-11-30 20:27 - 2017-12-01 11:31 - 000046300 _____ C:\Windows\ZAM.krnl.trace
2017-11-30 20:27 - 2017-12-01 11:31 - 000019299 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-11-30 20:27 - 2017-11-30 20:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-11-30 20:27 - 2017-11-30 20:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-11-30 20:27 - 2017-11-30 20:27 - 000001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-30 20:27 - 2017-11-30 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-30 20:27 - 2017-11-30 20:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-30 20:26 - 2017-11-30 20:26 - 000000000 ____D C:\Users\Argo\AppData\Local\Zemana
2017-11-30 20:18 - 2017-11-30 20:18 - 000000000 ____D C:\Users\Argo\AppData\LocalLow\Soda Pop Minatures and Underbite Games
2017-11-30 20:17 - 2017-11-30 20:17 - 006625600 _____ (Zemana Ltd. ) C:\Users\Argo\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-30 19:18 - 2017-12-01 00:39 - 000000000 ____D C:\AdwCleaner
2017-11-30 19:17 - 2017-12-01 00:36 - 000003148 _____ C:\Users\Argo\Desktop\Rkill.txt
2017-11-30 19:17 - 2017-11-30 19:18 - 008172032 _____ (Malwarebytes) C:\Users\Argo\Downloads\AdwCleaner.exe
2017-11-30 19:17 - 2017-11-30 19:17 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Argo\Downloads\rkill.exe
2017-11-30 19:14 - 2017-11-30 19:14 - 000003064 _____ C:\Windows\System32\Tasks\{7BF0517A-DAD7-49FF-B96A-9D64CED18D87}
2017-11-30 19:11 - 2017-11-30 19:11 - 004254840 _____ (ESET) C:\Users\Argo\Downloads\eset_nod32_antivirus_live_installer.exe
2017-11-30 19:04 - 2017-11-30 19:04 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-11-30 19:00 - 2017-11-30 19:00 - 000000000 ____D C:\Users\Argo\BfMEWK
2017-11-30 18:58 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-11-30 18:19 - 2017-12-01 00:54 - 000000000 ____D C:\Users\Argo\AppData\Local\upeznsm
2017-11-30 18:12 - 2017-12-01 11:26 - 000000000 ____D C:\Users\Argo\AppData\Local\msdeoba
2017-11-30 18:12 - 2017-11-30 18:15 - 000000000 ____D C:\Users\Argo\AppData\Local\igfxmtc
2017-11-30 18:11 - 2017-12-01 11:24 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\pcboawgsvc.exe
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Windows\SysWOW64\cgahzib
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Windows\system32\cgahzib
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Users\Argo\AppData\Roaming\et
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Users\Argo\AppData\Local\ltkbc
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\ProgramData\1512083431
2017-11-30 18:06 - 2017-11-30 18:06 - 000973824 _____ C:\Windows\55e9f48da81e3213be18f8b95114cc63.dll
2017-11-29 15:09 - 2017-11-29 15:09 - 000324096 _____ C:\Windows\25458ae175c0491ea575a06220c18827.exe
2017-11-29 15:09 - 2017-11-29 15:09 - 000102440 _____ (NKXR1C) C:\Windows\system32\Drivers\51af80bca8f911053b245465f67c1f9f.sys
2017-11-29 15:09 - 2017-11-29 15:09 - 000051622 _____ C:\Windows\uninstaller.dat
2017-11-28 01:07 - 2017-11-28 01:07 - 000032434 _____ C:\Users\Argo\Downloads\Kubo and the Two Strings (2016) [1080p] [YTS.AG] (1).torrent
2017-11-28 01:02 - 2017-11-28 01:02 - 000032434 _____ C:\Users\Argo\Downloads\Kubo and the Two Strings (2016) [1080p] [YTS.AG].torrent
2017-11-22 21:06 - 2017-11-22 21:32 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Hide.me
2017-11-22 21:06 - 2017-11-22 21:06 - 007037272 _____ (eVenture Limited ) C:\Users\Argo\Downloads\Hide.me-Setup-1.3.2.exe
2017-11-22 21:06 - 2017-11-22 21:06 - 000001025 _____ C:\Users\Public\Desktop\hide.me VPN.lnk
2017-11-22 21:06 - 2017-11-22 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2017-11-22 21:06 - 2017-11-22 21:06 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2017-11-22 21:01 - 2017-11-22 21:02 - 010849904 _____ (Piriform Ltd) C:\Users\Argo\Downloads\ccsetup537.exe
2017-11-16 14:52 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-16 14:52 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-16 14:52 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-16 14:52 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-16 14:52 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-16 14:52 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-16 14:52 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-16 14:52 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-16 14:52 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-16 14:52 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-16 14:52 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-16 14:52 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-16 14:52 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-16 14:52 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-16 14:52 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-16 14:52 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-16 14:52 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-16 14:52 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-16 14:52 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-16 14:52 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-16 14:52 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-16 14:52 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-16 14:52 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-16 14:52 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-16 14:52 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-16 14:52 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-16 14:52 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-16 14:52 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-16 14:52 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-16 14:52 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-16 14:52 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-16 14:52 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-16 14:52 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-16 14:52 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-16 14:52 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-16 14:52 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-16 14:52 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-16 14:52 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-16 14:52 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-16 14:52 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-16 14:52 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-16 14:52 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-16 14:52 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-16 14:52 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-16 14:52 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-16 14:52 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-16 14:52 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-16 14:52 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-16 14:52 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-16 14:52 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-16 14:52 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-16 14:52 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-16 14:52 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-16 14:52 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-16 14:52 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-16 14:52 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-16 14:52 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-16 14:52 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-16 14:52 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-16 14:52 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-16 14:52 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-16 14:52 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-16 14:52 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-16 14:52 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-16 14:52 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-16 14:52 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-16 14:52 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-16 14:52 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-16 14:52 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-16 14:52 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-16 14:52 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-16 14:52 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-16 14:52 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-16 14:52 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-16 14:52 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-16 14:52 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-16 14:52 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-16 14:52 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-16 14:52 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-16 14:52 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-16 14:52 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-16 14:52 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-16 14:52 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-16 14:52 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-16 14:49 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-16 14:49 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-16 14:49 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-16 14:49 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-08 19:52 - 2017-11-08 19:52 - 000046541 _____ C:\Users\Argo\Downloads\vip.swf
2017-11-07 21:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro
2017-11-07 21:03 - 2017-11-07 21:03 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro_backup
2017-11-06 19:03 - 2017-11-06 22:14 - 000002652 _____ C:\Users\Argo\Desktop\chatrestriction.txt
2017-11-04 09:50 - 2017-12-01 11:05 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-04 09:49 - 2017-11-04 09:50 - 010427120 _____ (Piriform Ltd) C:\Users\Argo\Downloads\ccsetup536.exe
2017-11-03 20:15 - 2017-11-03 20:15 - 000000000 ____D C:\Users\Argo\Documents\BioWare
2017-11-03 19:57 - 2017-11-03 19:57 - 000000890 _____ C:\Users\Public\Desktop\Mass Effect.lnk
2017-11-03 19:57 - 2017-11-03 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2017-11-02 09:02 - 2017-11-02 09:02 - 000133856 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-01 11:31 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 11:31 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-01 11:28 - 2017-05-07 07:13 - 000000000 ____D C:\Users\Argo\AppData\Roaming\BetterDiscord
2017-12-01 11:28 - 2009-07-13 21:34 - 017825792 _____ C:\Windows\system32\config\HARDWARE
2017-12-01 11:25 - 2017-05-04 19:36 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Skype
2017-12-01 11:25 - 2017-05-04 14:35 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-01 11:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 11:24 - 2017-05-04 16:44 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-01 11:04 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-01 11:04 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-01 00:09 - 2017-05-09 09:45 - 000000000 ____D C:\Users\Argo\Documents\ShareX
2017-11-30 22:13 - 2017-05-04 12:57 - 000000000 ____D C:\Users\Argo\AppData\LocalLow\Mozilla
2017-11-30 21:37 - 2017-05-04 12:06 - 000000000 ____D C:\Users\Argo
2017-11-30 21:34 - 2017-06-06 00:34 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-30 21:33 - 2017-06-07 00:57 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-30 21:15 - 2017-05-04 16:50 - 000002036 _____ C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-11-30 19:42 - 2017-05-09 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-11-30 19:42 - 2017-05-09 09:45 - 000000000 ____D C:\Program Files\ShareX
2017-11-30 18:33 - 2017-06-15 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-11-30 18:33 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-30 14:06 - 2017-05-04 12:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-28 13:24 - 2017-05-09 13:24 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-11-28 13:15 - 2017-05-15 16:45 - 000000000 ____D C:\Users\Argo\AppData\Roaming\qBittorrent
2017-11-27 10:47 - 2017-05-04 22:26 - 000000000 ____D C:\Users\Argo\AppData\Roaming\discord
2017-11-27 10:47 - 2017-05-04 14:49 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-11-25 12:24 - 2017-05-04 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-11-25 12:24 - 2017-05-04 12:27 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-22 21:02 - 2017-05-04 13:09 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-21 11:00 - 2017-05-04 14:29 - 000000000 ____D C:\Windows\system32\MRT
2017-11-21 10:56 - 2017-10-11 12:28 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-21 10:56 - 2017-05-04 14:28 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-16 16:15 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-16 15:32 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-16 15:32 - 2009-07-13 23:45 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 15:31 - 2017-05-06 18:48 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 14:53 - 2017-05-04 12:27 - 000774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-16 14:37 - 2017-05-04 22:32 - 000000000 ____D C:\Users\Argo\AppData\Roaming\vlc
2017-11-14 07:39 - 2017-05-04 12:33 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 07:39 - 2017-05-04 12:33 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 16:41 - 2017-05-04 12:35 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 16:41 - 2017-05-04 12:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-10 18:53 - 2017-08-26 16:39 - 000000000 ____D C:\Users\Argo\Documents\PoE-TradeMacro
2017-11-09 16:02 - 2017-10-17 21:04 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro-master
2017-11-05 12:28 - 2017-06-19 23:15 - 000007629 _____ C:\Users\Argo\AppData\Local\Resmon.ResmonCfg
2017-11-04 09:50 - 2017-10-22 14:52 - 000002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-04 09:50 - 2017-05-04 13:09 - 000000000 ____D C:\Program Files\CCleaner
2017-11-03 20:15 - 2017-05-23 08:16 - 000000000 ____D C:\Windows\SysWOW64\directx
 
==================== Files in the root of some directories =======
 
2017-06-19 23:15 - 2017-11-05 12:28 - 000007629 _____ () C:\Users\Argo\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\wmbhloru.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-29 15:41
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 December 2017 - 11:46 AM

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Argo (01-12-2017 11:31:48)
Running from C:\Users\Argo\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-04 17:06:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-903287931-1211975979-1162618406-500 - Administrator - Disabled)
Argo (S-1-5-21-903287931-1211975979-1162618406-1000 - Administrator - Enabled) => C:\Users\Argo
Guest (S-1-5-21-903287931-1211975979-1162618406-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM\...\{55B50DFB-C31F-4D90-9B7F-75233BE6DCC6}) (Version: 2.3.3693.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{39f8dcb1-5f2e-4057-980e-f463756a0465}) (Version: 2.3.3693.0 - Futuremark)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
ACP Application (HKLM\...\{99F38284-EF3C-DBBE-5433-D237B215DF63}) (Version: 2017.0720.1850.36 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Assassin's Creed IV Black Flag version 1.0.7.0 (HKLM-x32\...\Assassin's Creed IV Black Flag_is1) (Version: 1.0.7.0 - Mr DJ)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bayonetta.Digital.Deluxe.Edition.ENG.Repack version 1.0 (HKLM-x32\...\{71D0382A-9472-4257-9929-9D9F04D6802C}}_is1) (Version: 1.0 - Ali213.net)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CPUID HWMonitor Pro 1.28 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Discord (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dungeon Souls (HKLM-x32\...\1982030524_is1) (Version: 2.0.0.2 - GOG.com)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
ESET Security (HKLM\...\{8B35CE46-1F7C-4B22-815E-AB6DC63EE3AB}) (Version: 11.0.149.0 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Flux) (Version:  - f.lux Software LLC)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Futuremark SystemInfo (HKLM-x32\...\{85F94959-7098-4B55-9F39-27D880FE5BA1}) (Version: 5.1.620.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\HearthstoneDeckTracker) (Version: 1.5.1 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
hide.me VPN 1.3.2 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.3.2 - eVenture Limited)
HWiNFO64 Version 5.52 (HKLM\...\HWiNFO64_is1) (Version: 5.52 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect (HKLM-x32\...\{D5FED686-AF59-454C-91A9-DC357E4AED11}_is1) (Version:  - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0 (x64 en-US)) (Version: 53.0 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.07 - MSI)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.108.34.0 - Overwolf Ltd.)
Pantum P2500W Series (HKLM\...\Pantum P2500W Series) (Version: 5.1.1.23 - Zhuhai Pantum Electronics Co.,Ltd.)
Path of Exile (HKLM-x32\...\{151ca218-b00a-4333-b88c-0ee6979759a3}) (Version: 3.0.1.17913 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.0.1.17913 - Grinding Gear Games) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
qBittorrent 3.3.14 (HKLM-x32\...\qBittorrent) (Version: 3.3.14 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
Resource Hacker Version 4.5.30 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
SearchAwesome (HKLM\...\d2b4d8e8a4a749094c5acc0046ae0e59) (Version: 13.14.1.88 (i1.0) - SearchAwesome) <==== ATTENTION
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.0.0 - ShareX Team)
Simplenote (HKLM-x32\...\Simplenote) (Version:  - Automattic, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Ys VI - The Ark of Napishtim (HKLM-x32\...\1429178878_is1) (Version: 2.0.0.1 - GOG.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-30] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-30] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14D753A3-2F08-43E8-950E-B1DC0787548F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-11-26] (Overwolf LTD)
Task: {178B2C66-AE9E-4139-A3FE-B495BAA7FBCA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
Task: {235F9770-4DED-4A7A-8235-42A196F7E47E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {4B1D45F4-E4B6-4685-8A13-0C6123473561} - System32\Tasks\{1496F417-3F8A-4E76-8B57-40B5647702A4} => D:\Users\Argo\Games\Bayonetta-CODEX\Setup.exe
Task: {639C3CF7-8191-4532-B3A0-B2D8C85BCAA3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {6770B9EA-CCF3-4E4C-9105-858FFDCBFA47} - System32\Tasks\{AFD66958-BFFC-4B67-8E5C-09335F18A42B} => C:\Users\Argo\Downloads\whql-win7-64bit-radeon-software-crimson-relive-17.4.3-apr17.exe
Task: {8F3A36B3-1621-480B-86B8-62C0914B35CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {B6E660BD-CDAB-43D0-9401-9C01160D9527} - System32\Tasks\{0005D47C-8BDE-4253-ADA9-73C4A887F956} => C:\Users\Argo\Downloads\whql-win7-64bit-radeon-software-crimson-relive-17.4.3-apr17.exe
Task: {DA187602-A5CC-47F4-80C6-65B1CD95DE54} - System32\Tasks\{7BF0517A-DAD7-49FF-B96A-9D64CED18D87} => C:\Windows\system32\pcalua.exe -a D:\Users\Argo\Games\BfMEWK\EAUninstall.exe
Task: {DA82A094-F4FD-4CAB-B818-9EC1B20E34C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {E0692FCA-AB04-4301-A7C1-4D000BF97CD3} - System32\Tasks\{C1D59FD6-6257-4A25-97B8-88D6EF3C212F} => C:\Windows\system32\pcalua.exe -a "D:\Users\Argo\Games\Assassins Creed IV Black Flag\Redist\vcredist_x64.exe" -d "D:\Users\Argo\Games\Assassins Creed IV Black Flag\Redist"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-14 21:22 - 2017-05-14 21:20 - 000321536 _____ () C:\Windows\System32\pt2500lm.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 22:29 - 2017-10-19 22:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 22:29 - 2017-10-19 22:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-05-04 14:35 - 2017-03-22 09:24 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 22:42 - 2016-09-12 22:42 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 22:42 - 2016-09-12 22:42 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-11-13 16:41 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 16:41 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-05-04 12:47 - 2005-07-18 12:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-11-30 22:15 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-11-30 22:15 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-11-30 22:15 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-11-30 22:15 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-08-08 18:20 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\Argo\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-08 18:20 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\Argo\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 18:20 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\Argo\AppData\Local\Discord\app-0.0.298\libegl.dll
2014-11-10 11:12 - 2014-11-10 11:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-08-08 18:26 - 2017-10-08 19:06 - 009722360 _____ () \\?\C:\Users\Argo\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-08 18:26 - 2017-11-27 10:47 - 001494520 _____ () \\?\C:\Users\Argo\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-08-08 18:32 - 2017-08-08 18:32 - 000148992 _____ () \\?\C:\Users\Argo\AppData\Local\Discord\app-0.0.298\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-08-08 18:26 - 2017-08-08 18:26 - 002658296 _____ () \\?\C:\Users\Argo\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-11-27 10:47 - 2017-11-27 10:47 - 001505272 _____ () \\?\C:\Users\Argo\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Schedule => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Schedule => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-12-01 11:26 - 000000822 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MSIRegister => "C:\MSI\MSIRegister\MSIRegister.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7A2C95BE-F39B-4F88-9448-C1448E7A499C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC6A028B-8E97-4C45-9379-C6C412D87BB9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B7267E06-A744-4A80-A20D-F0BC89B9A3E5}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{BDACC1FE-1B52-447D-9AEF-70CB5371522E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2417CF77-6CFF-4A7F-8BDC-EF37E9758BFB}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{732E2880-48ED-4B1C-A474-A093EFF67B8A}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{FFD26A22-5144-448B-9D96-6B078F3743F9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4E187211-DA94-4186-B68C-A36CA0068811}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{0346AE70-3074-4A43-9B27-662055EE5A41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{68574B11-0E28-4432-9808-F7641EBE3ADB}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53275\HeroesOfTheStorm_x64.exe
FirewallRules: [{7401A566-537E-4580-9493-F06ECBE39C52}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53275\HeroesOfTheStorm_x64.exe
FirewallRules: [TCP Query User{7EF97637-48C7-42AE-B922-497B02B6B3AC}C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe
FirewallRules: [UDP Query User{0E0C2402-050D-4335-A01D-D9B06B9B39CA}C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe
FirewallRules: [TCP Query User{3CC7FCC7-EB26-4884-A75C-F6BC0DCC3389}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{DC47E4F4-9FBF-4456-A87F-9FF6F19F3DBE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{64C97383-AD94-4B35-91CE-F628714AEDD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80E4825A-32A1-4764-9808-0AD6AB3F0987}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89F2EC80-AA72-42EC-8182-5BA69825E712}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A8BB8B43-A2B9-44C2-A6A5-160839C230F1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BFD29CB4-4874-4D76-8B85-6AF308B5AA26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A271B068-7D94-4753-9BBB-E8ED8F6BCC06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{2E1BD3D7-865D-4222-AF09-E3AD4CD6A087}] => (Allow) D:\Mr DJ\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{AD802577-69D9-40D5-95D1-914A733C2923}] => (Allow) D:\Mr DJ\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [TCP Query User{CBE94CAF-887E-4379-A4CF-09F2D7DBFEDB}D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe] => (Allow) D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe
FirewallRules: [UDP Query User{70706893-D470-4E08-B544-304D1D970235}D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe] => (Allow) D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe
FirewallRules: [{696A30DD-96F8-4EAB-BC53-8CDFD62D5F7B}] => (Allow) D:\Mr DJ\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{A4CBF791-8FE3-4D9B-A8FC-15DD48F5CD42}] => (Allow) D:\Mr DJ\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{8CD7D6D5-0617-403C-AAD4-223332DCFF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in the North\witn.exe
FirewallRules: [{A8F05D34-412F-47C1-8608-35CEEE4B3D87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in the North\witn.exe
FirewallRules: [{9C5F964B-7373-4C3A-84CD-86755F9D3D89}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{C3E943B5-14D5-4B99-8FA2-1C7D70C0ACB5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{43468F7B-FCEB-48D1-955A-C8D0B67832C4}D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Allow) D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe
FirewallRules: [UDP Query User{5184E75A-1365-4907-957F-3BE33CF7323F}D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Allow) D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe
FirewallRules: [{7A0AB60D-E45E-402A-B867-97EF372E5673}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22646B46-B5E5-4BFD-AC5D-35878E28CEBE}] => (Block) D:\Users\Argo\Games\NARUTO SHIPPUDEN Ultimate Ninja STORM 2\NSUNS2.exe
FirewallRules: [{8E452134-3C99-4C93-98D9-FFF99A749EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{23DB3755-DFA8-4028-9125-73C33523E3E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{8E818679-B66B-4B55-88FE-D2D942DE2FF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{C659D7AF-2306-455E-938A-53E8BBBA2298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3FF3B0B2-4D32-4E8E-AEFD-80D7272B9AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{1E0D4A14-86C0-4424-90CA-D7685ED3CFCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{4433CEBD-AF2F-4460-A739-68A1ECBD0D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{40359979-D76D-4E78-891A-DE54E93CAB7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{69586B07-B2E4-42BD-9950-09DA19F65C4F}] => (Allow) D:\Users\Argo\Games\BfME\game.dat
FirewallRules: [{DE06EB43-3CB7-4D22-9C89-F5585F9F291D}] => (Allow) D:\Users\Argo\Games\BfME\game.dat
FirewallRules: [{28548C71-32B9-4AD6-BE6A-7E4E4CB4C4D6}] => (Allow) D:\Users\Argo\Games\BfMEWK\game.dat
FirewallRules: [{CB8278F0-1F8B-4229-B5D8-F9A22AA0A910}] => (Allow) D:\Users\Argo\Games\BfMEWK\game.dat
FirewallRules: [{B7BF711F-6E09-415D-AFCA-90F25B28BE1F}] => (Block) C:\Users\Argo\AppData\Local\upeznsm
FirewallRules: [{C835973D-E6DD-49B3-A665-8FE68DA3ACB6}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
FirewallRules: [{54C22E71-9632-48BE-9F64-35E3501490F9}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
FirewallRules: [{85C43908-A1E9-456F-93AF-1B47ED2D38D4}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
FirewallRules: [{8667F882-F3B9-411A-B7D2-FC25E1BF028D}] => (Block) C:\Users\Argo\AppData\Local\upeznsm\dteslgz.exe
FirewallRules: [{59B7AA14-2B83-449B-97A6-E73FA82AE47C}] => (Block) C:\Users\Argo\AppData\Local\upeznsm\dteslgz.exe
FirewallRules: [{99AA4DAB-245D-4F0E-964E-768114A05292}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2017 11:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2017 10:56:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:28:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/01/2017 11:25:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-04 17:44:42.215
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 17:44:42.184
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:18:15.941
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:18:15.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:17:32.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:17:32.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 15:50:05.822
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 15:50:05.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 42%
Total physical RAM: 8134.53 MB
Available physical RAM: 4645.04 MB
Total Virtual: 16267.24 MB
Available Virtual: 12112.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.79 GB) (Free:39.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:85.94 GB) NTFS
Drive e: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:4.38 GB) (Free:0.47 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C720C1B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F43C2CF9)
Partition 1: (Active) - (Size=223.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=84)
 
==================== End of Addition.txt ============================


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 01 December 2017 - 12:38 PM

Hi HiImArgo :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 December 2017 - 08:46 PM

Hey, thanks for the quick reply, it means a lot. I followed the instructions with the MBAR scan, I've attached the system log from the instructions on the thread you linked at the bottom of your reply. Not sure if i should have attached both or pasted both or whatnot since the instructions on the thread say attach in bold, but you told me to paste just the mbar log. Anywho, I pasted the mbar and attached the system log, hope that's fine.

 

Edit: One last thing. I tried running another MBAM scan since it previously hung during rootkit scan but I tried it since the MBAR instructions said MBAM should now have functionality restored. Whelp, it still doesn't. Still hangs on rootkit scan, and the .exe's hogging resources are still on my active processes after restarting since clearing the threats detected by MBAR. Browser searches are still being redirected to Bing as well. Here are the logs:

 

Mbar-Log.txt:

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.02.01
  rootkit: v2017.10.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
Argo :: PC [administrator]
 
12/1/2017 8:29:37 PM
mbar-log-2017-12-01 (20-29-37).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 194601
Time elapsed: 4 minute(s), 42 second(s)
 
Memory Processes Detected: 1
C:\Users\Argo\AppData\Local\ltkbc\apexpsvc.exe (Trojan.Yelloader) -> 2216 -> Delete on reboot. [21a845df2189290dab45f4cfbb4754ac]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\apexpsvc (Trojan.Yelloader) -> Delete on reboot. [21a845df2189290dab45f4cfbb4754ac]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d2b4d8e8a4a749094c5acc0046ae0e59 (Adware.Wajam) -> Delete on reboot. [66631311ddcdc3732f7cca43ed149a66]
 
Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d2b4d8e8a4a749094c5acc0046ae0e59|DisplayName (Adware.SearchAwesome) -> Data: SearchAwesome -> Delete on reboot. [5772dc4806a47bbbbd74318eae5240c0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d2b4d8e8a4a749094c5acc0046ae0e59|Publisher (Adware.SearchAwesome.Generic) -> Data: SearchAwesome -> Delete on reboot. [4f7a81a307a34aec091cd3cfe31ece32]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\ProgramData\1512083431 (Trojan.Yelloader.Gen) -> Delete on reboot. [8544b66edbcf8fa74a862a98fc0612ee]
 
Files Detected: 4
C:\Users\Argo\AppData\Local\ltkbc\apexpsvc.exe (Trojan.Yelloader) -> Delete on reboot. [21a845df2189290dab45f4cfbb4754ac]
C:\Windows\25458ae175c0491ea575a06220c18827.exe (Adware.Wajam) -> Delete on reboot. [66631311ddcdc3732f7cca43ed149a66]
C:\Windows\55e9f48da81e3213be18f8b95114cc63.dll (Adware.SearchAwesome.TskLnk) -> Delete on reboot. [2f9afa2ac1e931058aa74a87a959da26]
C:\ProgramData\1512083431\s9.zip.download (Trojan.Yelloader.Gen) -> Delete on reboot. [8544b66edbcf8fa74a862a98fc0612ee]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

Attached Files


Edited by HiImArgo, 01 December 2017 - 08:52 PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 02 December 2017 - 12:07 AM

Part of SmartServices were deleted, but it looks like the drivers (main culprits) weren't. Can you run a new scan with FRST and provide me a fresh set of logs?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 02 December 2017 - 12:28 AM

Part of SmartServices were deleted, but it looks like the drivers (main culprits) weren't. Can you run a new scan with FRST and provide me a fresh set of logs?

Yup, here they are:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Argo (administrator) on PC (02-12-2017 00:27:14)
Running from C:\Users\Argo\Downloads
Loaded Profiles: Argo (Available Profiles: Argo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\pcboawgsvc.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(f.lux Software LLC) C:\Users\Argo\AppData\Local\FluxSoftware\Flux\flux.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
() C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
() C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
() C:\Users\Argo\AppData\Local\igfxmtc\igfxmtc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-02] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-23] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [f.lux] => C:\Users\Argo\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [Discord] => C:\Users\Argo\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {32f31304-64ad-11e7-ba32-d8cb8a16172c} - F:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {420a2e76-d38a-11e7-ba79-d8cb8a16172c} - H:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {53d9cf35-bde6-11e7-a86d-d8cb8a16172c} - H:\Setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {70fbf906-d63d-11e7-a81e-d8cb8a16172c} - I:\stpdh2.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {cdeab5f6-d623-11e7-91e5-d8cb8a16172c} - H:\Autorun.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {cdeab603-d623-11e7-91e5-d8cb8a16172c} - I:\Autorun.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc12-7c90-11e7-8d3d-d8cb8a16172c} - F:\stp-tww.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc18-7c90-11e7-8d3d-d8cb8a16172c} - G:\setup.exe
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\MountPoints2: {ec9dfc1f-7c90-11e7-8d3d-d8cb8a16172c} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
Startup: C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2017-12-01]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
Startup: C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-11-30]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11C2C305-64D7-4CC8-BB78-EE6E8E38DAFD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{11C2C305-64D7-4CC8-BB78-EE6E8E38DAFD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF DefaultProfile: jbfzyvpa.default
FF ProfilePath: C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default [2017-12-01]
FF Extension: (uBlock Origin) - C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-30]
FF Extension: (NoScript) - C:\Users\Argo\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzyvpa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-19] [Lagacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default [2017-12-02]
CHR Extension: (Slides) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (BetterTTV) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-22]
CHR Extension: (Docs) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Slinky Elegant) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2017-05-04]
CHR Extension: (uBlock Origin) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-16]
CHR Extension: (Sheets) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Gmail) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Argo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-07-20] (Advanced Micro Devices) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-02] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-05-19] (Futuremark)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [135840 2017-11-03] (eVenture Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [132048 2017-02-21] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2286032 2017-03-06] (Micro-Star INT'L CO., LTD.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-11-26] (Overwolf LTD)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-05-22] (Power Admin LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2017-05-06] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-07-20] (Advanced Micro Devices)
S3 atillk64; C:\Users\Argo\Downloads\atiflash_274\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133856 2017-11-02] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-10-09] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-05-13] (REALiX™)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [192952 2017-12-01] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-30] (Zemana Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
R3 udiskMgr; system32\drivers\svzcfi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-01 22:18 - 2017-12-01 22:18 - 000000000 ____D C:\Users\Argo\Documents\Neverwinter Nights 2
2017-12-01 22:16 - 2017-12-01 22:16 - 000001048 _____ C:\Users\Public\Desktop\Neverwinter Nights 2 Complete.lnk
2017-12-01 21:55 - 2017-12-01 21:55 - 000000000 ____D C:\ProgramData\Dishonored 2
2017-12-01 20:41 - 2017-12-01 20:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\82230350.sys
2017-12-01 20:37 - 2017-12-01 20:37 - 000142136 ____N C:\Windows\system32\Drivers\wmbybfil.sys
2017-12-01 20:29 - 2017-12-01 20:29 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7336C625.sys
2017-12-01 20:28 - 2017-12-01 20:49 - 000000000 ____D C:\Users\Argo\Desktop\mbar
2017-12-01 20:28 - 2017-12-01 20:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-01 20:27 - 2017-12-01 20:28 - 014161479 _____ C:\Users\Argo\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-01 11:31 - 2017-12-02 00:27 - 000016639 _____ C:\Users\Argo\Downloads\FRST.txt
2017-12-01 11:31 - 2017-12-02 00:27 - 000000000 ____D C:\FRST
2017-12-01 11:31 - 2017-12-01 11:31 - 000044890 _____ C:\Users\Argo\Downloads\Addition.txt
2017-12-01 11:30 - 2017-12-01 11:30 - 002391552 _____ (Farbar) C:\Users\Argo\Downloads\FRST64.exe
2017-12-01 11:30 - 2017-12-01 11:30 - 001752064 _____ (Farbar) C:\Users\Argo\Downloads\FRST.exe
2017-12-01 00:29 - 2017-12-01 00:29 - 000129156 _____ C:\Windows\ntbtlog.txt
2017-11-30 22:17 - 2017-11-30 22:17 - 000000000 ____D C:\Users\Argo\Documents\ProcAlyzer Dumps
2017-11-30 22:15 - 2017-11-30 22:15 - 000001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-30 22:15 - 2017-11-30 22:15 - 000001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-30 22:15 - 2017-11-30 22:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-30 22:15 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-11-30 22:08 - 2017-11-30 22:11 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Argo\Downloads\spybotsd-2.6.46.exe
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\ProgramData\ESET
2017-11-30 20:43 - 2017-11-30 20:43 - 000000000 ____D C:\Program Files\ESET
2017-11-30 20:27 - 2017-12-01 21:24 - 000062711 _____ C:\Windows\ZAM.krnl.trace
2017-11-30 20:27 - 2017-12-01 21:24 - 000030954 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-11-30 20:27 - 2017-11-30 20:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-11-30 20:27 - 2017-11-30 20:27 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-11-30 20:27 - 2017-11-30 20:27 - 000001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-30 20:27 - 2017-11-30 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-30 20:27 - 2017-11-30 20:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-30 20:26 - 2017-11-30 20:26 - 000000000 ____D C:\Users\Argo\AppData\Local\Zemana
2017-11-30 20:18 - 2017-11-30 20:18 - 000000000 ____D C:\Users\Argo\AppData\LocalLow\Soda Pop Minatures and Underbite Games
2017-11-30 20:17 - 2017-11-30 20:17 - 006625600 _____ (Zemana Ltd. ) C:\Users\Argo\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-30 19:18 - 2017-12-01 00:39 - 000000000 ____D C:\AdwCleaner
2017-11-30 19:17 - 2017-12-01 00:36 - 000003148 _____ C:\Users\Argo\Desktop\Rkill.txt
2017-11-30 19:17 - 2017-11-30 19:18 - 008172032 _____ (Malwarebytes) C:\Users\Argo\Downloads\AdwCleaner.exe
2017-11-30 19:17 - 2017-11-30 19:17 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Argo\Downloads\rkill.exe
2017-11-30 19:14 - 2017-11-30 19:14 - 000003064 _____ C:\Windows\System32\Tasks\{7BF0517A-DAD7-49FF-B96A-9D64CED18D87}
2017-11-30 19:11 - 2017-11-30 19:11 - 004254840 _____ (ESET) C:\Users\Argo\Downloads\eset_nod32_antivirus_live_installer.exe
2017-11-30 19:04 - 2017-11-30 19:04 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-11-30 19:00 - 2017-11-30 19:00 - 000000000 ____D C:\Users\Argo\BfMEWK
2017-11-30 18:58 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-11-30 18:19 - 2017-12-01 00:54 - 000000000 ____D C:\Users\Argo\AppData\Local\upeznsm
2017-11-30 18:12 - 2017-12-01 20:39 - 000000000 ____D C:\Users\Argo\AppData\Local\msdeoba
2017-11-30 18:12 - 2017-11-30 18:15 - 000000000 ____D C:\Users\Argo\AppData\Local\igfxmtc
2017-11-30 18:11 - 2017-12-01 20:37 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\pcboawgsvc.exe
2017-11-30 18:10 - 2017-12-01 20:37 - 000000000 ____D C:\Users\Argo\AppData\Local\ltkbc
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Windows\SysWOW64\cgahzib
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Windows\system32\cgahzib
2017-11-30 18:10 - 2017-11-30 18:10 - 000000000 ____D C:\Users\Argo\AppData\Roaming\et
2017-11-29 15:09 - 2017-11-29 15:09 - 000102440 _____ (NKXR1C) C:\Windows\system32\Drivers\51af80bca8f911053b245465f67c1f9f.sys
2017-11-29 15:09 - 2017-11-29 15:09 - 000051622 _____ C:\Windows\uninstaller.dat
2017-11-28 01:07 - 2017-11-28 01:07 - 000032434 _____ C:\Users\Argo\Downloads\Kubo and the Two Strings (2016) [1080p] [YTS.AG] (1).torrent
2017-11-28 01:02 - 2017-11-28 01:02 - 000032434 _____ C:\Users\Argo\Downloads\Kubo and the Two Strings (2016) [1080p] [YTS.AG].torrent
2017-11-22 21:06 - 2017-11-22 21:32 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Hide.me
2017-11-22 21:06 - 2017-11-22 21:06 - 007037272 _____ (eVenture Limited ) C:\Users\Argo\Downloads\Hide.me-Setup-1.3.2.exe
2017-11-22 21:06 - 2017-11-22 21:06 - 000001025 _____ C:\Users\Public\Desktop\hide.me VPN.lnk
2017-11-22 21:06 - 2017-11-22 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2017-11-22 21:06 - 2017-11-22 21:06 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2017-11-22 21:01 - 2017-11-22 21:02 - 010849904 _____ (Piriform Ltd) C:\Users\Argo\Downloads\ccsetup537.exe
2017-11-16 14:52 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-16 14:52 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-16 14:52 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-16 14:52 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-16 14:52 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-16 14:52 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-16 14:52 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-16 14:52 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-16 14:52 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-16 14:52 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-16 14:52 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-16 14:52 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-16 14:52 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-16 14:52 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-16 14:52 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-16 14:52 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-16 14:52 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-16 14:52 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-16 14:52 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-16 14:52 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-16 14:52 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-16 14:52 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-16 14:52 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-16 14:52 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-16 14:52 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-16 14:52 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-16 14:52 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-16 14:52 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-16 14:52 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-16 14:52 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-16 14:52 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-16 14:52 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-16 14:52 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-16 14:52 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-16 14:52 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-16 14:52 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-16 14:52 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-16 14:52 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-16 14:52 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-16 14:52 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-16 14:52 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-16 14:52 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-16 14:52 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-16 14:52 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-16 14:52 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-16 14:52 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-16 14:52 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-16 14:52 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-16 14:52 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-16 14:52 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-16 14:52 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-16 14:52 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-16 14:52 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-16 14:52 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-16 14:52 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-16 14:52 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-16 14:52 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-16 14:52 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-16 14:52 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-16 14:52 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-16 14:52 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-16 14:52 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-16 14:52 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-16 14:52 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-16 14:52 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-16 14:52 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-16 14:52 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-16 14:52 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-16 14:52 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-16 14:52 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-16 14:52 - 2017-10-11 19:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-16 14:52 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-16 14:52 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-16 14:52 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-16 14:52 - 2017-10-11 19:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-16 14:52 - 2017-10-11 19:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-16 14:52 - 2017-10-11 19:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-16 14:52 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-16 14:52 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-16 14:52 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-16 14:52 - 2017-10-11 19:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-16 14:52 - 2017-10-11 19:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-16 14:52 - 2017-10-11 19:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-16 14:52 - 2017-10-11 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-16 14:52 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-16 14:52 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-16 14:52 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-16 14:52 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-16 14:52 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-16 14:52 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-16 14:49 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-16 14:49 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-16 14:49 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-16 14:49 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-16 14:49 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-08 19:52 - 2017-11-08 19:52 - 000046541 _____ C:\Users\Argo\Downloads\vip.swf
2017-11-07 21:04 - 2017-11-07 21:04 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro
2017-11-07 21:03 - 2017-11-07 21:03 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro_backup
2017-11-06 19:03 - 2017-11-06 22:14 - 000002652 _____ C:\Users\Argo\Desktop\chatrestriction.txt
2017-11-04 09:50 - 2017-12-02 00:06 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-04 09:49 - 2017-11-04 09:50 - 010427120 _____ (Piriform Ltd) C:\Users\Argo\Downloads\ccsetup536.exe
2017-11-03 20:15 - 2017-11-03 20:15 - 000000000 ____D C:\Users\Argo\Documents\BioWare
2017-11-03 19:57 - 2017-11-03 19:57 - 000000890 _____ C:\Users\Public\Desktop\Mass Effect.lnk
2017-11-03 19:57 - 2017-11-03 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2017-11-02 09:02 - 2017-11-02 09:02 - 000133856 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-02 00:27 - 2009-07-13 21:34 - 017825792 _____ C:\Windows\system32\config\HARDWARE
2017-12-01 22:17 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-01 22:16 - 2017-06-15 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-12-01 21:59 - 2017-07-09 19:00 - 000000000 ____D C:\Users\Argo\AppData\Local\Black_Tree_Gaming
2017-12-01 21:59 - 2017-07-09 19:00 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2017-12-01 20:52 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-01 20:52 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-01 20:44 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 20:44 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-01 20:41 - 2017-05-04 14:36 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-12-01 20:38 - 2017-05-07 07:13 - 000000000 ____D C:\Users\Argo\AppData\Roaming\BetterDiscord
2017-12-01 20:38 - 2017-05-04 19:36 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Skype
2017-12-01 20:37 - 2017-05-04 16:44 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-01 20:37 - 2017-05-04 14:35 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-01 20:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 20:29 - 2017-05-04 14:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-01 00:09 - 2017-05-09 09:45 - 000000000 ____D C:\Users\Argo\Documents\ShareX
2017-11-30 22:13 - 2017-05-04 12:57 - 000000000 ____D C:\Users\Argo\AppData\LocalLow\Mozilla
2017-11-30 21:37 - 2017-05-04 12:06 - 000000000 ____D C:\Users\Argo
2017-11-30 21:34 - 2017-06-06 00:34 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-30 21:33 - 2017-06-07 00:57 - 000000000 ____D C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-30 21:15 - 2017-05-04 16:50 - 000002036 _____ C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-11-30 19:42 - 2017-05-09 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-11-30 19:42 - 2017-05-09 09:45 - 000000000 ____D C:\Program Files\ShareX
2017-11-30 14:06 - 2017-05-04 12:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-28 13:24 - 2017-05-09 13:24 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-11-28 13:15 - 2017-05-15 16:45 - 000000000 ____D C:\Users\Argo\AppData\Roaming\qBittorrent
2017-11-27 10:47 - 2017-05-04 22:26 - 000000000 ____D C:\Users\Argo\AppData\Roaming\discord
2017-11-27 10:47 - 2017-05-04 14:49 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-11-25 12:24 - 2017-05-04 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-11-25 12:24 - 2017-05-04 12:27 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-22 21:02 - 2017-05-04 13:09 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-21 11:00 - 2017-05-04 14:29 - 000000000 ____D C:\Windows\system32\MRT
2017-11-21 10:56 - 2017-10-11 12:28 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-21 10:56 - 2017-05-04 14:28 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-16 16:15 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-11-16 15:32 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-16 15:32 - 2009-07-13 23:45 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 15:31 - 2017-05-06 18:48 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 14:53 - 2017-05-04 12:27 - 000774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-16 14:37 - 2017-05-04 22:32 - 000000000 ____D C:\Users\Argo\AppData\Roaming\vlc
2017-11-14 07:39 - 2017-05-04 12:33 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 07:39 - 2017-05-04 12:33 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 16:41 - 2017-05-04 12:35 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 16:41 - 2017-05-04 12:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-10 18:53 - 2017-08-26 16:39 - 000000000 ____D C:\Users\Argo\Documents\PoE-TradeMacro
2017-11-09 16:02 - 2017-10-17 21:04 - 000000000 ____D C:\Users\Argo\Downloads\POE-TradeMacro-master
2017-11-05 12:28 - 2017-06-19 23:15 - 000007629 _____ C:\Users\Argo\AppData\Local\Resmon.ResmonCfg
2017-11-04 09:50 - 2017-10-22 14:52 - 000002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-04 09:50 - 2017-05-04 13:09 - 000000000 ____D C:\Program Files\CCleaner
2017-11-03 20:15 - 2017-05-23 08:16 - 000000000 ____D C:\Windows\SysWOW64\directx
 
==================== Files in the root of some directories =======
 
2017-06-19 23:15 - 2017-11-05 12:28 - 000007629 _____ () C:\Users\Argo\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\wmbybfil.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-29 15:41
 
==================== End of FRST.txt ============================
 
and Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Argo (02-12-2017 00:27:31)
Running from C:\Users\Argo\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-04 17:06:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-903287931-1211975979-1162618406-500 - Administrator - Disabled)
Argo (S-1-5-21-903287931-1211975979-1162618406-1000 - Administrator - Enabled) => C:\Users\Argo
Guest (S-1-5-21-903287931-1211975979-1162618406-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM\...\{55B50DFB-C31F-4D90-9B7F-75233BE6DCC6}) (Version: 2.3.3693.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{39f8dcb1-5f2e-4057-980e-f463756a0465}) (Version: 2.3.3693.0 - Futuremark)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
ACP Application (HKLM\...\{99F38284-EF3C-DBBE-5433-D237B215DF63}) (Version: 2017.0720.1850.36 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Assassin's Creed IV Black Flag version 1.0.7.0 (HKLM-x32\...\Assassin's Creed IV Black Flag_is1) (Version: 1.0.7.0 - Mr DJ)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Bayonetta.Digital.Deluxe.Edition.ENG.Repack version 1.0 (HKLM-x32\...\{71D0382A-9472-4257-9929-9D9F04D6802C}}_is1) (Version: 1.0 - Ali213.net)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CPUID HWMonitor Pro 1.28 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Discord (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dungeon Souls (HKLM-x32\...\1982030524_is1) (Version: 2.0.0.2 - GOG.com)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.7.0.9 - GOG.com)
ESET Security (HKLM\...\{8B35CE46-1F7C-4B22-815E-AB6DC63EE3AB}) (Version: 11.0.149.0 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\Flux) (Version:  - f.lux Software LLC)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Futuremark SystemInfo (HKLM-x32\...\{85F94959-7098-4B55-9F39-27D880FE5BA1}) (Version: 5.1.620.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-903287931-1211975979-1162618406-1000\...\HearthstoneDeckTracker) (Version: 1.5.1 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
hide.me VPN 1.3.2 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.3.2 - eVenture Limited)
HWiNFO64 Version 5.52 (HKLM\...\HWiNFO64_is1) (Version: 5.52 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect (HKLM-x32\...\{D5FED686-AF59-454C-91A9-DC357E4AED11}_is1) (Version:  - )
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0 (x64 en-US)) (Version: 53.0 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.07 - MSI)
Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.108.34.0 - Overwolf Ltd.)
Pantum P2500W Series (HKLM\...\Pantum P2500W Series) (Version: 5.1.1.23 - Zhuhai Pantum Electronics Co.,Ltd.)
Path of Exile (HKLM-x32\...\{151ca218-b00a-4333-b88c-0ee6979759a3}) (Version: 3.0.1.17913 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.0.1.17913 - Grinding Gear Games) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
qBittorrent 3.3.14 (HKLM-x32\...\qBittorrent) (Version: 3.3.14 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.0.0 - ShareX Team)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Ys VI - The Ark of Napishtim (HKLM-x32\...\1429178878_is1) (Version: 2.0.0.1 - GOG.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-30] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-30] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14D753A3-2F08-43E8-950E-B1DC0787548F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-11-26] (Overwolf LTD)
Task: {178B2C66-AE9E-4139-A3FE-B495BAA7FBCA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
Task: {235F9770-4DED-4A7A-8235-42A196F7E47E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {4B1D45F4-E4B6-4685-8A13-0C6123473561} - System32\Tasks\{1496F417-3F8A-4E76-8B57-40B5647702A4} => D:\Users\Argo\Games\Bayonetta-CODEX\Setup.exe
Task: {639C3CF7-8191-4532-B3A0-B2D8C85BCAA3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {6770B9EA-CCF3-4E4C-9105-858FFDCBFA47} - System32\Tasks\{AFD66958-BFFC-4B67-8E5C-09335F18A42B} => C:\Users\Argo\Downloads\whql-win7-64bit-radeon-software-crimson-relive-17.4.3-apr17.exe
Task: {8F3A36B3-1621-480B-86B8-62C0914B35CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-04] (Google Inc.)
Task: {B6E660BD-CDAB-43D0-9401-9C01160D9527} - System32\Tasks\{0005D47C-8BDE-4253-ADA9-73C4A887F956} => C:\Users\Argo\Downloads\whql-win7-64bit-radeon-software-crimson-relive-17.4.3-apr17.exe
Task: {DA187602-A5CC-47F4-80C6-65B1CD95DE54} - System32\Tasks\{7BF0517A-DAD7-49FF-B96A-9D64CED18D87} => C:\Windows\system32\pcalua.exe -a D:\Users\Argo\Games\BfMEWK\EAUninstall.exe
Task: {DA82A094-F4FD-4CAB-B818-9EC1B20E34C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {E0692FCA-AB04-4301-A7C1-4D000BF97CD3} - System32\Tasks\{C1D59FD6-6257-4A25-97B8-88D6EF3C212F} => C:\Windows\system32\pcalua.exe -a "D:\Users\Argo\Games\Assassins Creed IV Black Flag\Redist\vcredist_x64.exe" -d "D:\Users\Argo\Games\Assassins Creed IV Black Flag\Redist"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-14 21:22 - 2017-05-14 21:20 - 000321536 _____ () C:\Windows\System32\pt2500lm.dll
2017-11-30 20:27 - 2017-11-30 20:27 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 22:42 - 2016-09-12 22:42 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 22:42 - 2016-09-12 22:42 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 22:43 - 2016-09-12 22:43 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 22:29 - 2017-10-19 22:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 22:29 - 2017-10-19 22:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-11-13 16:41 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 16:41 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-05-04 12:47 - 2005-07-18 12:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-11-30 22:15 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-11-30 22:15 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-11-30 22:15 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-11-30 22:15 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-10 11:12 - 2014-11-10 11:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Schedule => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Schedule => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-12-01 20:38 - 000000822 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-903287931-1211975979-1162618406-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Argo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MSIRegister => "C:\MSI\MSIRegister\MSIRegister.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7A2C95BE-F39B-4F88-9448-C1448E7A499C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BC6A028B-8E97-4C45-9379-C6C412D87BB9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B7267E06-A744-4A80-A20D-F0BC89B9A3E5}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{BDACC1FE-1B52-447D-9AEF-70CB5371522E}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2417CF77-6CFF-4A7F-8BDC-EF37E9758BFB}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{732E2880-48ED-4B1C-A474-A093EFF67B8A}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{FFD26A22-5144-448B-9D96-6B078F3743F9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4E187211-DA94-4186-B68C-A36CA0068811}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{0346AE70-3074-4A43-9B27-662055EE5A41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{68574B11-0E28-4432-9808-F7641EBE3ADB}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53275\HeroesOfTheStorm_x64.exe
FirewallRules: [{7401A566-537E-4580-9493-F06ECBE39C52}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base53275\HeroesOfTheStorm_x64.exe
FirewallRules: [TCP Query User{7EF97637-48C7-42AE-B922-497B02B6B3AC}C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe
FirewallRules: [UDP Query User{0E0C2402-050D-4335-A01D-D9B06B9B39CA}C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.8800\battle.net.exe
FirewallRules: [TCP Query User{3CC7FCC7-EB26-4884-A75C-F6BC0DCC3389}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{DC47E4F4-9FBF-4456-A87F-9FF6F19F3DBE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{64C97383-AD94-4B35-91CE-F628714AEDD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80E4825A-32A1-4764-9808-0AD6AB3F0987}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89F2EC80-AA72-42EC-8182-5BA69825E712}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A8BB8B43-A2B9-44C2-A6A5-160839C230F1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BFD29CB4-4874-4D76-8B85-6AF308B5AA26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A271B068-7D94-4753-9BBB-E8ED8F6BCC06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{2E1BD3D7-865D-4222-AF09-E3AD4CD6A087}] => (Allow) D:\Mr DJ\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{AD802577-69D9-40D5-95D1-914A733C2923}] => (Allow) D:\Mr DJ\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [TCP Query User{CBE94CAF-887E-4379-A4CF-09F2D7DBFEDB}D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe] => (Allow) D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe
FirewallRules: [UDP Query User{70706893-D470-4E08-B544-304D1D970235}D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe] => (Allow) D:\users\argo\games\oxygen.not.included.v211417\oxygennotincluded.exe
FirewallRules: [{696A30DD-96F8-4EAB-BC53-8CDFD62D5F7B}] => (Allow) D:\Mr DJ\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{A4CBF791-8FE3-4D9B-A8FC-15DD48F5CD42}] => (Allow) D:\Mr DJ\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{8CD7D6D5-0617-403C-AAD4-223332DCFF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in the North\witn.exe
FirewallRules: [{A8F05D34-412F-47C1-8608-35CEEE4B3D87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in the North\witn.exe
FirewallRules: [{9C5F964B-7373-4C3A-84CD-86755F9D3D89}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{C3E943B5-14D5-4B99-8FA2-1C7D70C0ACB5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{43468F7B-FCEB-48D1-955A-C8D0B67832C4}D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Allow) D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe
FirewallRules: [UDP Query User{5184E75A-1365-4907-957F-3BE33CF7323F}D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Allow) D:\users\argo\games\dawn.of.war.iii.v4.0.0.16278\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe
FirewallRules: [{7A0AB60D-E45E-402A-B867-97EF372E5673}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22646B46-B5E5-4BFD-AC5D-35878E28CEBE}] => (Block) D:\Users\Argo\Games\NARUTO SHIPPUDEN Ultimate Ninja STORM 2\NSUNS2.exe
FirewallRules: [{8E452134-3C99-4C93-98D9-FFF99A749EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{23DB3755-DFA8-4028-9125-73C33523E3E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{8E818679-B66B-4B55-88FE-D2D942DE2FF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{C659D7AF-2306-455E-938A-53E8BBBA2298}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3FF3B0B2-4D32-4E8E-AEFD-80D7272B9AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{1E0D4A14-86C0-4424-90CA-D7685ED3CFCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{4433CEBD-AF2F-4460-A739-68A1ECBD0D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{40359979-D76D-4E78-891A-DE54E93CAB7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{69586B07-B2E4-42BD-9950-09DA19F65C4F}] => (Allow) D:\Users\Argo\Games\BfME\game.dat
FirewallRules: [{DE06EB43-3CB7-4D22-9C89-F5585F9F291D}] => (Allow) D:\Users\Argo\Games\BfME\game.dat
FirewallRules: [{28548C71-32B9-4AD6-BE6A-7E4E4CB4C4D6}] => (Allow) D:\Users\Argo\Games\BfMEWK\game.dat
FirewallRules: [{CB8278F0-1F8B-4229-B5D8-F9A22AA0A910}] => (Allow) D:\Users\Argo\Games\BfMEWK\game.dat
FirewallRules: [{B7BF711F-6E09-415D-AFCA-90F25B28BE1F}] => (Block) C:\Users\Argo\AppData\Local\upeznsm
FirewallRules: [{C835973D-E6DD-49B3-A665-8FE68DA3ACB6}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
FirewallRules: [{54C22E71-9632-48BE-9F64-35E3501490F9}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\msdeoba.exe
FirewallRules: [{85C43908-A1E9-456F-93AF-1B47ED2D38D4}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
FirewallRules: [{8667F882-F3B9-411A-B7D2-FC25E1BF028D}] => (Block) C:\Users\Argo\AppData\Local\upeznsm\dteslgz.exe
FirewallRules: [{59B7AA14-2B83-449B-97A6-E73FA82AE47C}] => (Block) C:\Users\Argo\AppData\Local\upeznsm\dteslgz.exe
FirewallRules: [{99AA4DAB-245D-4F0E-964E-768114A05292}] => (Block) C:\Users\Argo\AppData\Local\msdeoba\dteslgz.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2017 10:17:09 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000000000000198,0x0053c198,000000000038D470,0,000000000038C460,4096,[0]).
 
 
Operation:
   Processing PostFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (12/01/2017 10:16:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.
 
Error: (12/01/2017 10:16:04 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.
 
Error: (12/01/2017 08:37:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2017 11:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2017 10:56:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/01/2017 12:43:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/01/2017 11:37:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-04 17:44:42.215
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 17:44:42.184
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:18:15.941
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:18:15.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:17:32.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 16:17:32.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 15:50:05.822
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-05-04 15:50:05.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 47%
Total physical RAM: 8134.53 MB
Available physical RAM: 4304.23 MB
Total Virtual: 16267.24 MB
Available Virtual: 12100.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.79 GB) (Free:39.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:144.91 GB) NTFS
Drive e: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:4.38 GB) (Free:0.47 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F43C2CF9)
Partition 1: (Active) - (Size=223.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=84)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C720C1B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 02 December 2017 - 09:37 AM

Alright. Open FRST, copy/paste the following in the text box, and click on the fix button. Afterwards, a file called fixlog.txt should be on your desktop. Attach it here.
Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir C:\Windows\system32\drivers
End::

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 02 December 2017 - 10:42 AM

Done.

Attached Files



#9 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 02 December 2017 - 08:24 PM

I forgot to mention one thing I did a day ago, which may or may not be interfering in the whole removal process but It's probably worth mentioning: I blocked the .exe's in question using windows firewall, both outbound and inbound traffic. Not sure if that was a smart move or but the alternative for me was keeping my internet unplugged so.. I just felt kind of desperate to not be held hostage by this thing asap. In fact, i'm not even sure if it worked because my resource monitor wont even open but my internet seems stable, *shrug*. The moment i try to open resource monitor it hangs all of a sudden. But yeah, hope I didn't mess anything up by doing that.


Edited by HiImArgo, 03 December 2017 - 12:04 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 04 December 2017 - 08:14 AM

Sorry for the delay. I'm currently reviewing your logs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 04 December 2017 - 08:40 AM

You'll need to download the fixlist.txt from another computer and move it on your USB.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 04 December 2017 - 01:13 PM

How necessary is it to do it from another computer? I currently don't own a usb drive :/ Is it a matter of it having a small chance of not working if I just download it or... is it just one of those things that you absolutely have to do using a USB drive? Guess I should buy a flash drive just in case, which may take me a few days.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 04 December 2017 - 07:40 PM

Sadly, a USB Flash Drive is necessary to remove that infection. You CAN create the fixlist.txt yourself, however, you need to name it something else while you're under a normal boot (like, dummy.txt). And once in the RE, you'll need to rename it to fixlist.txt. Otherwise, the infection will just mess with the fixlist.txt file, making it unusuable by FRST.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 HiImArgo

HiImArgo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 05 December 2017 - 08:29 PM

Sadly, a USB Flash Drive is necessary to remove that infection. You CAN create the fixlist.txt yourself, however, you need to name it something else while you're under a normal boot (like, dummy.txt). And once in the RE, you'll need to rename it to fixlist.txt. Otherwise, the infection will just mess with the fixlist.txt file, making it unusuable by FRST.

Alright then, I ordered my flash drive and it'll come this thursday. Should I PM you when it arrives since I'll have to pause til I get the drive, or should I just reply with the fixlog.txt?



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 05 December 2017 - 09:18 PM

You can simply reply to this thread once you get it, I'll be notified via email :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users